Introducing the Fusion Connector for Splunk; Ideal for NetOps and SecOps Teams

Network operations (NetOps) and security operations (SecOps) teams can now take advantage of our Endace Fusion Connector for Splunk, which will dramatically lower time-to-resolution (TTR) for network issues that typically take days to resolve in the absence of readily available packet data.  This Connector (available here on splunkbase) easily installs into any 5.x Splunk deployment and provides a seamless bridge between logs and packets.

Splunk is a great tool for collecting logs from the multitude of devices and applications in the network, and its ability to quickly search and allow users to correlate disparate threads of information is unparalleled.  In the NetOp and SecOp world though, Splunk gives summary information about events where the ground truth data is actually the packets that crossed the wire.  For the most part, this summary information is just what is needed and can be used to resolve service and security issues.  However, for the 20 odd percent of issues that don’t fit neatly into this bucket, a seamless deep dive to the underlying packets is a massive boon.

With the Endace Fusion Connector for Splunk, our users can quickly pivot from a log event to the underlying packets.  Our Flow Search page within the Fusion Connector allows you to understand how much packet data relates to the log event, and allows rapid iteration and exploration by adjusting the parameters before you commit to extracting the packets to your tool of choice.

EndaceProbe™ Network Recorders and Splunk form a perfect complement for NetOps and SecOps teams.  By fusing the underlying ground truth data from anywhere in the network with the high level summary information in Splunk, we are providing our users the tools to rapidly investigate the hardest, most persistent issues and threats that afflict enterprise networks.

Initial customer feedback has been very positive and I’m excited to see what problems the Fusion Connector helps you solve.  Our mission here at Endace is to speed up the resolution cycle, so you can close more tickets and resolve more issues, faster, with confidence that the issue has been correctly diagnosed and resolved.  Take a look at our Fusion Connector and let us know what you think!

Leave a Reply