NET+ Splunk Community Call

Date: 6/18/2021


The rough agenda is:

  1. Intro – call is recorded
    1. Please rename yourself in Zoom to include your campus name.
    2. Introduction to the call, announcements, reminder the call is being recorded, etc
    3. Registration, awareness, emails, etc – how did that work?
  2. Agenda bash / round table of issues of submitted questions
    1. Anything else on COVID-19 and Splunk one year in?
    2. Monitoring Oracle Databases discussion
    3. Campus plans for 2021 for your Splunk deployments
    4. Your item here
  3. Open discussion
  4. Any feedback on the NET+ Splunk program
  5. Next call is July 21th, 2021 at 3pm ET


Numbers: 7 campuses

Recording: GMT20210616-190455_Recording_2560x1440.mp4

Auto-generate transcript from Zoom: GMT20210616-190455_Recording.transcript.vtt.txt

Chat transcript: GMT20210616-190455_Recording.txt


Summary of call by Assia Khadri:

For this community call, we had several universities and partners joining us for the Splunk discussion. 

On the call last month after we talked about oracle database logging, the action item was to talk about how to include oracle database logging into Splunk. 

Oracle database logging

Collin, a sales engineer at Splunk, opens up the discussion by informing participants that with database connect, you can pull data into Splunk which makes this Splunk implementation very useful along with the additions of what you can do with the rest of your IT department with Database connect specifically. He also mentioned how he has retrieved XML’s and used a universal forwarder to send his data out to a cloud instance. 

Brad, a member of the advisory board for NET+, mentioned that he believes there might be certain issues that can make database connect fragile. Brad's workaround was writing audit logs to the file system from oracle to avoid the conflict around deploying Splunk credentials reliably. 

A lot of universities are also using Cribl with their Splunk implementation, they are able to send full fidelity firewall logs with ability to index, and then pull only security relevant session end events. It can do Splunk endpoints, with input and output. Cribl has ex-Splunk employees, deciding what is missing from Splunk and how they can use that to add value to Cribl. Pulling in representatives from Cribl for a future call might be a good idea for the community. 

If you have any additional questions about the NET+ Splunk or would like to sign-up to support the program, please reach out to us at netplus@internet2.edu.



  • No labels