Configuring and monitoring NETSCOUT Omnis AI Streamer data
NETSCOUT Omnis AI Streamer provides high-speed, packet-level network data streaming for real-time analytics and security monitoring. Leveraging NETSCOUT’s Adaptive Service Intelligence (ASI) technology and Deep Packet Inspection (DPI) capabilities, Omnis AI Streamer captures detailed network traffic information and streams it to the Splunk platform.
Access to DPI (deep packet inspection) data is essential for Splunk users as it enhances security monitoring by providing detailed insights into network traffic. These insights enable the identification of suspicious behavior and potential threats. It also aids in traffic analysis, compliance with regulations, root cause analysis of performance issues, and enriching context around security events, making it easier to correlate incidents with network activity.
The NETSCOUT Omnis AI Streamer App enables your AIOps and security teams to visualize the Omnis AI feed data. The data is generated and curated for custom analytics by NETSCOUT Omnis AI Streamer and by NETSCOUT instrumentation platform Omnis AI Sensor.
Data required
Configuration
To integrate NETSCOUT Omnis AI with the Splunk platform, follow these steps:
- If you haven't already, install and configure AI Streamer.
- Login and register via the NETSCOUT Omnis AI Streamer Master Care page. You'll need an active NETSCOUT Master Care support account to do this.
- Follow the installation steps from the Omnis AI Streamer Server Setup guide and Omnis AI Streamer Analytics Setup Wizard guide.
- Export data to the Splunk platform using one of two options:
- Use CSV files to export the data. You can configure the AI Streamer CSV export by following the instructions listed in the Omnis AI Streamer Splunk integration guide. You'll also need to configure your forwarder by following the steps listed in the Omnis AI Streamer Splunk integration guide.
- Use Kafka topics to forward the data to the Splunk platform. To do this, install and configure Kafka Connect for Splunk, then configure Kafka export from the AI Streamer server by following the steps listed in Omnis AI Streamer Splunk integration guide.
- Install the NETSCOUT Omnis AI Streamer App.
The integration looks like this:
Dashboards
Out of the box, the Omnis AI Streamer App provides the following dashboards:
Application dashboard
The Application dashboard displays performance metrics for application or service views. The data is grouped by the type of application. This dashboard allows IT teams to monitor the overall performance of applications or services and identify availability, transaction times, and performance issues that could potentially impact the user experience.
Site Reliability Engineering dashboard
The Site Reliability Engineering dashboard displays site reliability metrics. These high-level views flag if one of the four indicators (Latency, Traffic, Errors, Saturation) has exceeded the predefined thresholds.
Unified Communication dashboard
The Unified Communication (UC) dashboard displays metrics for UC in terms of call quality and call setup status. This dashboard shows the status of call or video quality for the UC clients/community. The clients or communities which have a Mean Opinion Score (MOS) below the threshold are shown in red.
Asset dashboard
The Asset dashboard displays information about the number of servers and clients detected over time. The data is grouped by private address ranges (which can be configured), or non-private addresses (those not in a private address range). Omnis AI data feed provides accurate asset information based on real-time client-server communication and can be used for tracking and managing IT assets.
Next steps
The following resources will help you get started with the NETSCOUT integration for the Splunk platform:
- NETSCOUT: Omnis AI Insights solution overview
- NETSCOUT: Omnis AI Streamer documentation
- Splunkbase: NETSCOUT Omnis AI Stream App
- Splunkbase: NETSCOUT Omnis Data Streamer Add-on
- NETSCOUT: NETSCOUT Support
- NETSCOUT: NETSCOUT Solutions