Splunk Forwarder on the NSS appliance


(Cameron Smith) #1

Hi,
Is it possible to install third party forwarders like the Splunk Universal Forwarder on the NSS appliance? We are trying to find a workaround for the limitation of only being able to forward logs to a IP address.
Regards,
Cameron


(Scott Bullock) #2

Hi Cameron,
Today NSS does not support 3rd party binaries, as such the idea coined won’t be doable.

Where is the challenge in forwarding to an IP address? I have my Splunk Enterprise dev-lab using NSS as it is today, and it works a treat.

Cheers,
@skottieb


(Cameron Smith) #3

Hi Scott,
We are attempting to forward logs from the NSS to a containerized Splunk Heavy Forwarder in AWS. The forwarder is assigned a new IP every time it is rebuilt, so the client has previously relied on forwarding logs to it’s hostname.
Cheers,
Cameron


(Scott Bullock) #4

Hi Cameron,
I see the idea here. Is there any reason the SHF is not assigned an Elastic IP in AWS? This would allow bind/rebind of single IP.

Cheers,
@skottieb


(Cameron Smith) #5

Hi Scott,
The client wanted to avoid using public IPs as this will be an AWS to AWS connection. We’ve managed to find a work around using the vpc endpoint in the mean time.
Cheers,
Cameron


(Thomas Quinlan) #6

Also look into the new AWS Transit Gateway, which might be of help.