• Category : Splunk


How to source Splunk Forwarder traffic from a Loopback Interface

The diagram below describes the use case: SWITCH1 has a Splunk Forwarder that needs to send traffic to SPLUNK at  SWITCH2 is originating a default route via BGP. SWITCH1 is only advertising its Loopback0 interface into BGP.  The Splunk Forwarder CLI configuration does not currently support specifying a source interface, and in this scenario this is a problem because SWITCH3 has no route to reach, which would be the source IP for any traffic that SWITCH1 sends to SPLUNK.  SWITCH3 does however have a route to SWITCH1’s Loopback0 interface. We verify this by pinging SPLUNK from SWITCH1 and...
Continue reading →


Get every new post on this blog delivered to your Inbox.

Join other followers: