Splunk Guide

Advanced Configuration

Alternatively of using data collected by Splunk, you can bring 3rd party data (Microsoft SCCM, AWS SSM, ServiceNow, etc) already load in sRTMS - using Connect - into Splunk.

Log in to Splunk Web and navigate to Settings >Data inputs.
Click on fatstacks
On splunkapp line item, click clone
Update the settings and click save

Settings

Name

Name of the sRTMS index that will be loaded into Splunk

Software Asset Management

Enable/Disable Software Asset Management "SVM" module

Values: True/False

Software Vulnerability Management

Enable/Disable Software Vulnerability Management "SVM" module

Values: True/False

sRTMS API Url

The sRTMS API Url.

Default: https://srtms.fatstacks.tech:11000

sRTMS License

Your sRTMS License Key.

Please contact info@fatstacks.tech if you need a Trial key

sRTMS Login

Your sRTMS Login.

sRTMS Password

Your sRTMS Password.

Splunk API Url

The Splunk API Url.

Format:

https://<hostname>:<port>

Please make sure the port is open. This is required for sRTMS to be able to run search query from the Cloud.

KEEP IT EMPTY

Splunk Login

The Splunk Login.

NOT USED

Splunk Password

The Splunk Password.

NOT USED

Device Search

The Splunk Device Search query.

NOT USED

Package Search

The Splunk Package Search query.

NOT USED

sRTMS API size page

Number of entries return by sRTMS per API call.

Default: 500

More Settings

Interval

Number of seconds to wait before running the command again, or a valid cron schedule. (leave empty to run this script once)

Default: 86,400 s (1day)

Index

Set the destination index for this source.

Default: srtms

Support

if you have questions or issues with the documentation, please contact us as support@fatstacks.tech

Report abuse