Community discussions

Search found 16 matches

by Hunty
Mon Jan 21, 2019 9:50 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.5 (Graphing everything)

After three hours of trying a lot of different things I finaly discoverd that I missed the last "}" in the Router script.
Check this!
by Hunty
Thu Jan 03, 2019 11:21 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.5 (Graphing everything)

I've modified the script in order to read the cpu load at the beginning, now the readings are correct # This script is used to send data to Splunk using syslog. #=================================== # Collect system resource # ---------------------------------- :local cpuload ([/system resource get c...
by Hunty
Thu Jan 03, 2019 11:06 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.5 (Graphing everything)

I'm seeing two problems:
The script reports a cpu higher than usual, it detects the cpu loads when the scripts is running, so instead of reading a normal 10% load, it reads a load near to 100%

The second is the Disk graph.
I've attached two screenshot
by Hunty
Thu Jan 03, 2019 10:37 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.5 (Graphing everything)

Thank You for this post and all the work to get all the information in Graphs. Only I had a hard time to get all the information in Splunk. After three hours of trying a lot of different things I finaly discoverd that I missed the last "}" in the Router script. Perhaps you can change the post where...
by Hunty
Thu Nov 15, 2018 9:08 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.3 (Graphing everything)

thanks for your help, but I'll try tomorrow with the linux VM but I've to solve first why the 514 port is not available even if I followed your guide to install the app with a non root user
by Hunty
Thu Nov 15, 2018 8:23 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.3 (Graphing everything)

are you sure?
I've attached a screenshot of the content of the folder
by Hunty
Thu Nov 15, 2018 8:14 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.3 (Graphing everything)

All apps needs to be in
$SPLUNK_HOME/etc/apps
So on windows you should have:
C:\Program Files\Splunk\etc\apps\MikroTik
Yes
by Hunty
Thu Nov 15, 2018 8:03 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.3 (Graphing everything)

please note that I've inserted "Mikrotik" under System/Logging
by Hunty
Thu Nov 15, 2018 7:17 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.3 (Graphing everything)

Anyway I've also tried to install Splunk in a UbuntuVM using Virtualbox, I've followed your guide to add the splunk user, I'm trying to configure the UDP 514 input port but I'm having this error: Parameter name: UDP port 514 is not available. I prefere to solve the issue under Windows server that is...
by Hunty
Thu Nov 15, 2018 7:15 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.3 (Graphing everything)

Try this. On terminal of the Router OS type: :log info message="mandarin" In Splunk, set it to last 15 min and do a search like this: mandarin You should get at least one line like this (in raw mode) script,info MikroTik: mandarin If you get output you have communication. If it does not show script...
by Hunty
Thu Nov 15, 2018 2:47 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.3 (Graphing everything)

I've tried to disable the entire firewall for 10 minutes and I've executed manually the script at least three times, but no info was present in the dashboards :(
by Hunty
Thu Nov 15, 2018 11:12 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.3 (Graphing everything)

Can you ping the Splunk server from MT? yes [admin@MikroTik CRS125] > ping 192.168.88.210 SEQ HOST SIZE TTL TIME STATUS 0 192.168.88.210 56 128 0ms 1 192.168.88.210 56 128 0ms 2 192.168.88.210 56 128 0ms sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms Are you running Widows/Lin...
by Hunty
Wed Nov 14, 2018 3:41 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.3 (Graphing everything)

Hi Jotne, thanks for your reply In Splunk under: Settings -> Data Inputs -> UDP Do you se port 514 like this? UDP port Source type Status Actions 514 syslog Enabled | Disable Clone | Delete Yes If you do run Splunk on a windows, have you opened Windows firewall for Splunk or UDP:514? Yes You can try...
by Hunty
Mon Nov 12, 2018 4:28 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything)
Replies: 147
Views: 19718

Re: Using Splunk to analyse MikroTik logs 2.3 (Graphing everything)

I'm not able to see any result into splunk server. I've followed the guide step by step, I'm seeing that the Mikrotik's script has Run Count = 40 so it is sending to Splunk server, I've added the windows firewall inbound rules, but I'm not able to see any data in splunk server. Can you please help m...