Install & Configure Asset Manager for Splunk

The Asset Manager integration with Splunk is now certified and available in the Splunk marketplace. The application supports Splunk dashboards and visualizations by providing discovered network data via syslog and REST APIs.

Download the Asset Manager application file (attached to this page) and plug-in from Splunk (https://splunkbase.splunk.com/apps/#/search/Asset Manager/) to your local system:
You can also contact your TAM or email support@firemon.com to obtain the Splunk App plug-ins.
Unzip them.
Now you are ready to perform the installation in Splunk.

Install Asset Manager in Splunk

To install the Asset Manager plugin to Spunk:

Log in to your Splunk server.
Select the Manage Apps (gear) icon.
Click Install App from File.
Go to TA-Asset Manager.zip and upload the file.
When prompted, click Restart Now.
Repeat steps 3 - 6, this time with Asset Manager-app. You will not need to restart the system with Asset Manager-app upload.

Configuring the Asset Manager Application in Splunk

On the Apps menu, select Asset Manager to manage its data inputs.
Click Create New Input.
Complete the form
1. Name the input. It's a good idea to include the Command Center IP and Port number (9997) in the input name.
2. The polling Interval is in seconds. Modify the polling interval to a smaller number to be able to use smaller Real-Time intervals on the dashboards.
3. The Index is Asset Manager.
4. Add the Asset Manager Command Center URL: https://<Asset Manger IP or hostname)/api/rest/report/savedQuery
  The connection is made and the new input is added to the list:
Select Action > Enable to power on the connection.

View Select Syslog Data

To search syslog data in Splunk:

On the Splunk Apps page, select Asset Manager App for Splunk.
Select the Search tab.
Enter your search criteria. Examples:
- source = tcp:9997
- index = Asset Manager
- sourcetype = Asset Manager_log_parser
  - Combine all three into one search: