Do you use Splunk? How does it fit in with your use of Orion? We're very interested in hearing about how you'd like to see Orion and Splunk play together...
Yes, we use it at the company I work for. All of our logs from all devices go to our Splunk server. I prefer it much more than the built in Syslog server on Orion. It's a lot more robust, scalable and the search capabilities are, for me, unmatched in the industry. We have it integrated to Orion so that we can access it right from the Orion web site. I think its really an invaluable tool. It would be great if you guys would integrate it even further into Orion.
Thanks.
We use splunk and the only integration we currently do is add a custom property that links to splunk with a search for the host and drop a sopy of alerts into splunk for problem correlation. Things I'd like to see:
May I ask how did you accomplish the Splunk custom property search links integration? That's pretty cool...
Make a custom property and use something like this (it assumes all of your devices are in DNS with correct forward and reverse entries)
<a href="">your.splunk.server.here/
Thanks! It's not working for me yet but I'll try to figure it out....
Haven't done it yet b/c I left the previous company but I was pushing hard for a Splunk purchase for over a year and was gonna implement with Orion as the first step.
We have been evaulating Splunk as a replacement to the Solarwinds syslogging tools due to their limited functionality. We have a combination of syslogs and text logs from all our systems that we need a way to search, alert, and report off of. It would be great if we could directly integrate alarms from splunk into the Orion alerting engine.
-David
This is the biggest limit, or lack, in Orion, a proper tool for handling logs (traps, syslogs, etc).
Instead of talking integration with another tool that you don't make yourselves, you should go for similar functionality within your own program (Orion).
When the amount of logging gets big, Splunk is VERY expensive, and I don't want to pay for 2 expensive programs, one is enough
Dal
I certianly agree that it would be great if Solarwinds actually had a functional product for syslogs, text logs and traps but with a database based solution I don't know that they will meet the performance, volume, or robust search capibility that splunk offers. It would be great if Solarwinds could write an integration for customers who's text logging requirements exceed the capibilities of a database based solution into an application that is substantially different then Solarwinds and offers a lot more power and functionality. Of course I wouldn't complain about a number of improvements to the trap and syslog tools in Solarwinds either.
We use Splunk. We use it more than anything for our firewall logs. When we send logs to Orion, it eats up a steady chunk of CPU on the box and searching the logs often times out when done via the Orion web interface. No real integration though, just log into a different interface to view them
Hi Denny
Bumping this back up forum... did you guys get anywhere with how SW might work with Splunk ? Any integration planned ?
No formal integration. Since Splunk takes syslog as input, it's fairly straightforward to forward alerts to it. You can also have it fetch the NPM event log.
hello..by using splunk how do i define service port priority or chosen LAN protocol?
Hi-
I know this is an old thread, but I am very interested in some integration of Splunk graphs and charts into NPM. We now have 10.1.1 and APM 3.5 (looking at 4.0 now too) and are very happy with it.
Our devs want to stay with logs for now, and I'd like to tie in the NPM dashboards with Splunk. Has anyone here explored this?
Thanks,
Mike
that would be really cool, splunk is one of the very few tools we haven't replaced with solarwinds products yet...
If you want to place a Splunk graph or dashboard element on one of the Solarwinds pages where you are NOT passing anything to it you can use a simple iframe in the Solarwinds Custom HTML resource. Splunk details how to do that here: http://www.splunk.com/base/Documentation/latest/Developer/3rdParty
If you want to customize the splunk resource on node pages for example you will have to write something using the Splunk REST API. Which has been on my list of things to do for the last year or so. I think it would be extremely useful to be able to return customized results based off of a node name or a custom property for a node by passing that variable for splunk to run a customized search with.
I know that Splunk is one product that we had to move to due to the limitations of Solarwinds for log collection (we collect ~20GB of logs daily with a 1 Year online retention), but I think the two could work together pretty well if the integration could be created. Hopefully this summer I can spend a week or so and write it...
I am in a Fed facility so licensing is not an issue as much as just getting a handle on things. We are working on getting Splunk set up and the plan is to have it index from Orion as well as lots of other sources. SW is well liked for the most part and does what we need it too in that regard. As I am architecting the deployment I see the two applications working together with SW being more about monitoring and Splunk being an analysis tool.
