Rapid Infrastructure Automation

Rapid Infrastructure Automation

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to Library

Export Logs from NS1 and Import data into Splunk Enterprise 

Wed August 07, 2024 12:27 PM

Purpose of Workflow: Export Logs from NS1 and Import data into Splunk Enterprise
 
Description:  This workflow gets activity logs NS1 for a 12 hr window and imports the data into Splunk enterprise.  The workflow is initiated with user input.
 
List of requirements:
  • RNA Install
  • NS1 Account
  • Splunk Enterprise Server
 
Environment Required:
• RNA Install:  
o RNA Username / Password
o Mgmt IP of SevOne collector
• NS1 Account:  
o NS1 API key
o NS1 API URL
• Splunk Server Account:  
o Splunk API Token for Import
o Splunk API URL for data import
 
 
Inputs:
  • Splunk Import Token
  • Splunk Authorization key
  • NS1 Authorization key 
  • Window for logs export in Minutes
 
Setup:
  • Workflow:  Get current timestamp at start of workflow
  • Workflow:  Export logs from NS1 for the window specified for user from current time.
  • Workflow:  Iterate over the results and import each NS1 activity log into Splunk.

Instructions:

  • To Run the Workflow:  
  • Execute the workflow with the required inputs.
 
Expected results:
NS1 Activity logs for specified window(mins) are exported and imported into Splunk server. 


#Documentation

Statistics
0 Favorited
12 Views
1 Files
0 Shares
2 Downloads
Attachment(s)
zip file
NS1_DataExport_splunkImport_2024-08-07_15_57_26.zip   1 KB   1 version
Uploaded - Wed August 07, 2024
 
Download