How to integrate IP Fabric with Splunk

4 minute read

Integrations between platforms and systems are essential to successful toolset management. It brings more value for both platforms that share data if done correctly. For my next integration journey for the IP Fabric, I chose one of the best tools on the market for log management - Splunk. I used Splunk extensively during my years in network operations. Its versatility for data visualization is fantastic. For example, I was detecting DDoS attacks and suspicious routing protocol flaps within areas, all while easily correlating with network changes. Let's break down how to successfully integrate IP Fabric with Splunk.

Prerequisite for successful IP Fabric and Splunk integration

In general, there are two main types of integrations. The first is a one-way integration, where one system sends data to another. Here we use the power of the first platform (collect and manipulate data) to elevate the power of the second platform (ultimate data visualization). This is precisely what we will do to integrate IP Fabric with Splunk.

The second type is a two-way integration, where both systems use data from another and react. The second type requires either an intermediary system (or script) to create the integration logic, or both systems to be compatible.

A prerequisite for the data source (in our case, IP Fabric) is to have standard methods to read the data from the source. IP Fabric's API is brilliant for coders. It offers a full range of operations, and it's very well documented.

A prerequisite for the destination system (Splunk in our case) is understanding standard data formats - which Splunk is great for. With both conditions in place, let's start with the integration example.

Integration summary

Integrate IP Fabric with Splunk
High-Level IP Fabric to Splunk one-way integration

In short, IP Fabric is an Intent-Based Networking technology that serves as the foundation for network programmability, automation, and analytics by delivering critical information required to manage your network operations.

Splunk is the data platform that helps turn data into action for Observability, IT, Security, and more. And that's what we need.

I selected some of the essential metrics that IP Fabric regularly collects:

  • Number of discovered devices (I want to make sure we are discovering full scope every time)
  • Number of network interfaces in active state (Interesting metrics to watch after upgrades or migrations)
  • Total number of BGP, OSPF, EIGRP routes from all routers (Again, interesting metrics to watch)

Then I included a couple of filtered data and intents:

  • Number of the established BGP sessions
  • Number of established BGP sessions with no received prefixes (This one is quite difficult to get with standard monitoring systems)
  • Number of active BGP sessions (I was interested in seeing the trending line in time)
  • Number of unreachable NTP sources in entire infrastructure (Very hard to get with standard tools)

Apart from the intent rules I picked from IP Fabric, 100 more default metrics provide valuable feedback from day 1.

Integration phase 1 - setting environment

First, I deployed IP Fabric, which took me about 30 mins to deploy on VMWare, and I could start the first discovery immediately! The goal was to regularly collect data from our virtual lab network (about 600 devices). The IP Fabric completed the first snapshot in about 18 minutes!

Second, I deployed Splunk with the developer license. I used a temporary license of the REST API Modular Input plugin to read the API data.

Integration phase 2 - provide the data flow

The next step was to configure Splunk to read IP Fabric's API. When I think about the whole integration, the only 'struggle' was to get proper API endpoints with the correct payload from the IP Fabric, which is no struggle at all! We have OpenAPI/Swagger available and dynamic API documentation on almost every page in the tool!

I created the Data Input in the REST API Modular Input plugin for each metric I needed to read in Splunk's GUI.

At the end of my journey, I created a new Dashboard in Splunk and combined all Data Inputs with more filters, for example:

  • If the number of discovered devices is less than 500 - switch the color in the dashboard to red
  • If the number of established BGP sessions is above 130 - keep the color green, otherwise switch to red
integrate IP Fabric with Splunk
Dashboard in Splunk based on data from IP Fabric

Then I configured regular snapshots in IP Fabric and let Splunk create a trending line for each input in its dashboard.

Integration conclusion

Everything is about data. That's where the power is. With IP Fabric, everyone has a unique opportunity to access any operational data from the network they need quickly and accurately. The only actual limit is one's imagination.

The ultimate goal for any network or security engineer is to use available data efficiently to keep the network up and running and avoid the unexpected - and that's where the IP Fabric's involvements stand out.

More technical questions?

Are looking for more technical details about how to integrate IP Fabric with Splunk? Please contact me directly on LinkedIn or Twitter, as I am more than happy to provide more guidance on my struggles.

If you have found this article helpful, please follow our company’s LinkedIn or Blog, where more content will be emerging on useful topics like the Splunk integration discussed here. If you would like to test our solution to see for yourself how IP Fabric can help you manage your network more effectively, please get in touch - schedule a demo with IP Fabric.

Get IP Fabric

Request a demo and discover how to increase
your networks visibility & get better time efficiency.
Free Demo | Zero Obligation
Request a Demo
We're Hiring!
Join the Team and be part of the Future of Network Automation
Available Positions
IP Fabric, Inc.
115 BROADWAY, 5th Floor
NEW YORK NY, 10006
United States
This is a block of text. Double-click this text to edit it.
Phone : +1 (914) 752-2991
Email : [email protected]
IP Fabric s.r.o.
Kateřinská 466/40
Praha 2 - Nové Město, 120 00
Czech Republic
This is a block of text. Double-click this text to edit it.
Phone : +420 720 022 997
Email : [email protected]
IP Fabric, Inc. © 2022 All Rights Reserved