Additionally, I cleaned up many of the dashboards and made them a little more interactive. They now have time pickers and even an interactive form to track down IP Addresses that are trying to gain unauthorized access to your FiOS router.
|New Interactive 'Bad Guys' Dashboard|
|New Traffic Trends Dashboard|
|Enhanced Maps Dashboard|
|New Traffic Flows Dashboard|
Lastly, I made some changes on the back end on how the data comes in and gets indexed. Here are the technical details on what I did, if you're not interested you can stop reading now.
My dilemma was that I'm collecting data from both my pfsense firewall and my parent's FiOS router using a Raspberry Pi syslog server which forwards the data to my Splunk instance at home. (That can be another post if you're interested on how I pulled that off.) Since all my data was coming into Splunk as syslog, I needed a way to 'split' the data into two different source types, fios and pfsense.
Here is how I accomplished this task.
First, here is the inputs.conf (copy the sample file in the default directory and move it to the local directory)
connection_host = dns
index = homemonitor
disabled = 0
(I'm not ready to push this out to production just yet, so I made the fix in 3.0.4 that fixes the dashboards for all the FiOS users.)
With all that done, now I can switch between both source types and view the charts and graphs for my home network as well as my parent's without having to make any major changes to my configuration files. It's a simple drop down that I have on my dashboards (which I have not included in the v.3.0.4 release but might in a later release depending on demand.)
Thanks and enjoy!