Splunk Guide

Advanced Configuration

Alternatively of using data collected by Splunk, you can bring 3rd party data (Microsoft SCCM, AWS SSM, ServiceNow, etc) already load in sRTMS - using Connect - into Splunk.

  1. Log in to Splunk Web and navigate to Settings >Data inputs.
  2. Click on fatstacks
  3. On splunkapp line item, click clone
  4. Update the settings and click save
Splunk Data Inputs Advanced

Settings

Name

Name of the sRTMS index that will be loaded into Splunk

<Please enter a value>


Software Asset Management

Enable/Disable Software Asset Management "SVM" module

Values: True/False


Software Vulnerability Management

Enable/Disable Software Vulnerability Management "SVM" module

Values: True/False


sRTMS API Url

The sRTMS API Url.

Default: https://srtms.fatstacks.tech:11000


sRTMS License

Your sRTMS License Key.

Please contact info@fatstacks.tech if you need a Trial key

<Please enter a value>


sRTMS Login

Your sRTMS Login.

<Please enter a value>


sRTMS Password

Your sRTMS Password.

<Please enter a value>

Splunk API Url

The Splunk API Url.

Format:

https://<hostname>:<port>

Please make sure the port is open. This is required for sRTMS to be able to run search query from the Cloud.

KEEP IT EMPTY


Splunk Login

The Splunk Login.

NOT USED


Splunk Password

The Splunk Password.

NOT USED


Device Search

The Splunk Device Search query.

NOT USED


Package Search

The Splunk Package Search query.

NOT USED


sRTMS API size page

Number of entries return by sRTMS per API call.

Default: 500

More Settings

Interval

Number of seconds to wait before running the command again, or a valid cron schedule. (leave empty to run this script once)

Default: 86,400 s (1day)


Index

Set the destination index for this source.

Default: srtms

Support

if you have questions or issues with the documentation, please contact us as support@fatstacks.tech