IBM Concert

Back to Library

Export Logs from NS1 and Import data into Splunk Enterprise 

Wed August 07, 2024 12:27 PM

Purpose of Workflow: Export Logs from NS1 and Import data into Splunk Enterprise
 
Description:  This workflow gets activity logs NS1 for a 12 hr window and imports the data into Splunk enterprise.  The workflow is initiated with user input.
 
List of requirements:
  • RNA Install
  • NS1 Account
  • Splunk Enterprise Server
 
Environment Required:
• RNA Install:  
o RNA Username / Password
o Mgmt IP of SevOne collector
• NS1 Account:  
o NS1 API key
o NS1 API URL
• Splunk Server Account:  
o Splunk API Token for Import
o Splunk API URL for data import
 
 
Inputs:
  • Splunk Import Token
  • Splunk Authorization key
  • NS1 Authorization key 
  • Window for logs export in Minutes
 
Setup:
  • Workflow:  Get current timestamp at start of workflow
  • Workflow:  Export logs from NS1 for the window specified for user from current time.
  • Workflow:  Iterate over the results and import each NS1 activity log into Splunk.

Instructions:

  • To Run the Workflow:  
  • Execute the workflow with the required inputs.
 
Expected results:
NS1 Activity logs for specified window(mins) are exported and imported into Splunk server. 


#Documentation

Statistics
0 Favorited
12 Views
1 Files
0 Shares
2 Downloads
Attachment(s)
zip file
NS1_DataExport_splunkImport_2024-08-07_15_57_26.zip   1 KB   1 version
Uploaded - Wed August 07, 2024
 
Download