Wireless Access

I am attempting to create one pane to see all information related to a mobility solution. I understand that there exists a ClearPass app for Splunk. However, for AWMS and ALE I do not see an app for Splunk. If I did not want to install the app for ClearPass, is there a good workaround for all three?

What type of data are you trying to correlate? Sending syslogs from the
controller and using the ClearPass app will likely give you all the data you
need.



You can integrate Splunk into AirWave using the API so you can lookup a MAC
address inside of Splunk and have it show you data from ClearPass,
controller syslogs and AirWave.

I am currently in an exploratory phase. My goal is to get as much information from each management device and access it all from one location - Splunk. When it comes to Splunk I am definitely a newbie and I would like to determine how useful Splunk can be.

Splunk can both leverage existing data it's capture (syslog, WMI, text logs)
and also make queries to external services via APIs and SQL queries. It's
very powerful. The hardest first step is figuring out what data you want to
show.

Thanks. I will have to give this more thought.

Tim makes some great points, as always. We use Splunk Cloud indexing about 70GB/day and love it! Splunk Professional Services implemented the ClearPass App and they had nothing but praise for it. I probably don't have as much setup experience as Tim, but if you have questions feel free to hit me up.

Thank you both for your assistance. I spent the last week working primarily with every relevant lab device that I have. That includes the firewall, router, switches, ESXi hosts, AWMS, CPPM, ALE, and some additional management systems. I have forwarded them all to the Splunk server which also contains the syslog server. In this environment there is no major need to separate the two (Syslog and Splunk). At this time, I am just trying to see what informatin I get and determine if there is some correlation. From the correlation I want to start generating charts and reports. Currently, the goal is simple. My ultimate goal is to present something to management that the value of using Splunk for all productions devices that we manage - not just some. I need to correlate the logs from the controller, switch, router, firewall, DSLAM (if possible), VPN concentrator, AWMS, CPPM, ALE, etc. that produces viable information regarding a user, device, or site. I will keep digging and see where I can be creative.

Now that I am getting data from ESXi hosts that house AWMS, CPPM, and ALE virtual machines (and other network devices), I have a better idea what I would like to see. However, this may require forwarding not just syslog but SNMP data to Splunk. What I would like to see are charts, graphs, etc. that not only follow a device throughout the network, but track the impact this traffic has on network devices and management systems. I recognize that this is a tall order, but I have got to start somewhere.

I was pulled into another project and had to put this on-hold until a couple of weeks ago. With every Aruba device (IAP, AWMS, CPPM, ALE, Activate) there is a lot of data and, as I am learning, different ways to obtain that data. Now I realize that what I want is not just syslog data for IAPs, AWMS,and CPPM, but to also query APIs from AWMS, CPPM, ALE, and Activate. This is out of my league and I will call in reinforcements. I am a network and systems guy and not a programmer at all. To crack this nut programming skills is what I need to make sense of all of this.

Am I reading your comment correctly in that you got the ClearPass app working for Splunk Cloud? A customer of mine was notified by the Splunk team that the app is not compatible with Splunk Cloud, only on-prem.

Can anyone else shed some insight here?