Skip to content

Configure inputs for the Splunk Add-on for Juniper

Note

Although Juniper supports both syslog and key-value output, the Splunk Add-on for Juniper only supports syslog. See Configure your Juniper device to send data to the Splunk Add-on for Juniper.

Configure inputs using Splunk Connect for Syslog

Use Splunk Connect for Syslog (SC4S) to collect data. To collect data using SC4S, refer to the steps described in Splunk Connect for Syslog - Juniper Junos.

Configure inputs using User Data Protocol (UDP)

The Splunk Add-on for Juniper handles inputs through UDP.

Prerequisite:

If you haven’t done this yet, see Configure your Juniper device to send data to the Splunk Add-on for Juniper.

  1. Match the input configuration in your Splunk platform data collection node to the port that you configured in your Juniper configuration file.

    In the Splunk platform node handling data collection, set these configurations:

    1. Configure the UDP input to match your configurations in Juniper.
    2. Set your source type to juniper. The CIM mapping and dashboard panels depend on the juniper source type.

  2. To check that you are ingesting the data that you expect, run the following search: 

    sourcetype = juniper*
    If you are bringing in data from Juniper NetScreen Firewall, run the following search:

    sourcetype = netscreen:firewall

See also

For more information on how to configure a Splunk forwarder or single-instance to receive syslog input, see Get data from TCP and UDP ports in the Getting Data In manual.