Use the Data View Template

On-Demand Splunk Log Search

1. From the NetBrain Desktop Management UI, open the desired map.
2. In the Data View tab, Select Built-in Data View Templates > Splunk > double-click [Splunk] Device Syslog Search.
3. Fill out the inputs with proper search criteria For example,
   • Search the last 15 minutes OSPF network Syslog
     • Search Keywords: OSPF
     • Source: <Network Syslog Source>
     • Time Range: Last 15 minutes
4. Confirm that the Data Source is set to Live.
5. Confirm that the objects (devices) are properly instrumented with the expected Splunk data.
   

   Note: Overlay of the Splunk log search result may take seconds-to-minutes to complete refresh depending on the number of devices on the map.

6. Click Splunk Logs to review the log search result from Data View Result Console.

Link to Splunk Search Result Page for Further Analysis

1. Click the drill down action of Logs > click Splunk Device Log.
2. The Splunk search result page of this device will be opened.
   

   Note: Splunk authentication is required. Login Splunk using your credentials if access is granted.

Troubleshooting

If there are any problems encountered during the deployment or integration of NetBrain with Splunk Enterprise, contact NetBrain Support at [email protected].