Installing & Configuring the Asset Manager's App on Splunk

The Asset Manager integration with Splunk is now certified and available in the Splunk marketplace. The application supports Splunk dashboards and visualizations by providing discovered network data via syslog and REST APIs.

  1. Download the Asset Manager application file (attached to this page) and plug-in from Splunk (https://splunkbase.splunk.com/apps/#/search/Asset Manager/) to your local system:
  2. You can also contact your TAM or email support@firemon.com to obtain the Splunk App plug-ins.
  3. Unzip them.
    Now you are ready to perform the installation in Splunk.

Installing the Asset Manager Application in Splunk

To install the Asset Manager plugin to Spunk: 

  1. Log in to your Splunk server.
  2. Select the Manage Apps (gear) icon.
  3. In the upper right corner, click Install App from File.
  4. Browse to TA-Asset Manager.zip and upload it.
  5. When prompted, click Restart Now.
  6. Repeat steps 3 - 6, this time with Asset Manager-app. You will not need to restart the system with Asset Manager-app upload.



Configuring the Asset Manager Application in Splunk

  1. On the Apps menu, select Asset Manager to manage its data inputs.
  2. Click Create New Input.
  3. Complete the form
    1. Name the input. It's a good idea to include the Command Center IP and Port number (9997) in the input name.
    2. The polling Interval is in seconds.  Modify the polling interval to a smaller number to be able to use smaller Real-Time intervals on the dashboards.
    3. The Index is Asset Manager.
    4. Add the Asset Manager Command Center URL: https://<Asset Manger IP or hostname)/api/rest/report/savedQuery

      The connection is made and the new input is added to the list:

  4. Select Action > Enable to power on the connection. 

View Select syslog Data

To search syslog data in Splunk:

  1. On the Splunk Apps page, select Asset Manager App for Splunk.
  2. Select the Search tab (if you are not there already).
  3. Enter your search criteria. Examples follow:
    1. source=”tcp:9997”
    2. index=Asset Manager
    3. sourcetype=”Asset Manager_log_parser”
    4. now combine all 3 into one search
    5. index=Asset Manager sourcetype=”Asset Manager_log_parser” source=”tcp:9997”