cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

SolarWind and Splunk Integration

Hi Everyone,

I have SW and Splunk in our environment and I have certain monitors in splunk looking for 503, 404 errors in IIS logs, etc.. What I want to know if possible is that when Splunk finds these errors I want to get alerted from SolarWinds. Is there a way for when Splunk finds these errors in the IIS logs on our web servers that it can trigger an alert in SolarWinds to send an email/page to the appropriate people. I don't want to have to manage two locations of alerts and that is why i am asking this question.

thanks

Tags (1)
5 Replies

I am getting a 403 error when configuring Splunk to use port 17778 on Orion server.   Do I have to do anything special to open this port.

The response status=403 for request which url=https://10.156.80.112:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+EventID,EventTi...>'2020-01-29 10:30:00.00' and method=GET.

    raise SSLHandshakeError(e)

SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)

[stanza_name="Inventory"] The response status=403 for request which url=https://10.156.80.112:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT NodeID, ObjectSubType, IPAddress, IPAddressType, DynamicIP, Caption, NodeDescription, Description, DNS, SysName, Vendor, SysObjectID, Location, Contact, VendorIcon, Icon, Status, StatusLED, StatusDescription, CustomStatus, IOSImage, IOSVersion, GroupStatus, StatusIcon, lastBoot, SystemUpTime, ResponseTime, PercentLoss, AvgResponseTime, MinResponseTime, MaxResponseTime, CPULoad, MemoryUsed, MemoryAvailable, PercentMemoryUsed, PercentMemoryAvailable, LastSync, LastSystemUpTimePollUtc, IsServer, Severity, UiSeverity, ChildStatus, Allow64BitCounters, AgentPort, TotalMemory, CMTS, CustomPollerLastStatisticsPollSuccess, SNMPVersion, PollInterval, EngineId, RediscoveryInterval, NextPoll, NextRediscovery, StatCollection, External, Community, RWCommunity, IP, IP_Address, IPAddressGUID, NodeName, BlockUntil,  OrionIdPrefix, OrionIdColumn, SkippedPollingCycles, MinutesSinceLastSync, EntityType, DetailsUrl, DisplayName, Category, IsOrionServer, UnManaged, UnManageFrom, UnManageUntil, Image, StatusIconHint FROM Orion.Nodes and method=GET.

2020-01-29 15:34:49,869 +0000 log_level=INFO, pid=7316, tid=Thread-4, file=engine.py, func_name=_run, code_line_no=270 | [stanza_name="Inventory"] This job need to be terminated.

0 Kudos
Level 12

A more direct option may be to have SolarWinds look at the log files and alert off the same errors. Do you have SAM or just NPM? I know this is an old question, just figured I would help out if its still needing an answer

0 Kudos

I know this is an old question, but this is something that I am trying to setup myself.  I have found info and links for SolarWinds to send info to Splunk, but I want it to go the other way and add a splunk dashboard to Solarwinds.  I am new to using both products and am not sure what the options are.

.

0 Kudos

kalbry1  wrote:

I know this is an old question, but this is something that I am trying to setup myself.  I have found info and links for SolarWinds to send info to Splunk, but I want it to go the other way and add a splunk dashboard to Solarwinds.  I am new to using both products and am not sure what the options are.

.

There are comparatively more options now than before. For instance you could send your logs directly to Solarwinds and set up similar log processing rules to alert of the same errors, or simply forward to Solarwinds so configuration overhead is minimal. The platform receiver of syslog and traps would be the orion log viewer. See Orion Log Viewer the New and Improved Version of the Syslog and Trap Viewers  which will allow for alerting and integration into Service Now.

0 Kudos

thank you Serena for the information. I am looking forward to getting

familiar with what all this can do.