14 Replies Latest reply on Nov 22, 2017 8:48 AM by deanmooqe

    Splunk app for Solarwinds

    fcpsolaradmin

      I am currently learning Splunk and found that an app was recently released to display Solarwinds data inside Splunk. I have created a simple dashboard with some pretty generic stats.

       

      Has anyone else had a chance to use this app,and if so what have you done with it?

       

      Solarwinds app for splunk

        • Re: Splunk app for Solarwinds
          sja

          Nice

           

          Can it display the alerts and events?

           

          /Sja

          • Re: Splunk app for Solarwinds
            mprobus

            I am currently learning Splunk.  I don't have admin access to Splunk actually install the app, but I'm curious as to what you get out of it so I can push for it to be installed.

            • Re: Splunk app for Solarwinds
              bobmarley

              Thanks for the post. It does look like it will bring in anything you want with the generic data input.

               

               

              Here is the description from splunkbase.

               

              "The Splunk Add-on for SolarWinds allows a Splunk software administrator to collect SolarWinds alerts and SolarWinds asset inventory (network devices and their various attributes). This add-on also includes a generic input that allows you to schedule any SolarWinds query and index the corresponding output in Splunk.

              You can then directly analyze the data or use it as a contextual data feed to correlate with other application performance-related data in the Splunk platform."

              About

              With the SolarWinds add-on for Splunk, you have the ability to ingest the following SolarWinds data sources:

              1- SolarWinds alerts
              2- SolarWinds asset Inventory (network devices and their various attributes)
              3- SolarWinds queries which is a generic data input that allows you to index the output of any SolarWinds select statement/query

              Installation

              Deploy the spl file as a splunk app from Splunk Web using "Install App from File".

              Configuration

              • Using Splunk web go to “SolarWinds Add-on for Splunk” App
              • Click on “Configuration” tab
              • Enter the Credentials under the “Account” tab. These are the credentials needed to authenticate to the SolarWinds API. The username/password used should have the minimum permission needed to run the SolarWinds query via REST API
              • Enter the Solarwinds Server and port under “Add-on Settings”
              • Configure proxy if you have proxy between Splunk and SolarWinds

              Starting Data collection

              • Click on “Input” Tab from within the “SolarWinds Add-on for Splunk” App
              • Add new Input. You have 3 types:
                • SolarWinds Alerts: This is an incremental poll that keeps track of last alert indexed in checkpoint file and queries the deltas for just the new alerts on next poll iteration. To configure, select the account used for authentication. Set the initial start time. Format allowed should follow "yyyy-MM-dd hh:mm:ss.%3f" for example “2017-01-16 10:15:01.54”.
                • SolarWinds Node Inventory (network devices and their various attributes): This is snapshot poll. This input allows you to take a snapshot of all assets at every poll. We recommend keeping the poll interval high 12h (43200 seconds) or higher
                • SolarWinds Query: This is a generic data input that allows you to index the output of any SolarWinds select statement/query. You can enter any SolarWinds select statement and index the output in splunk. This is snapshot poll as well so we recommend keeping the poll interval high as well

              Release Notes

               

              Version 1.0.0
              June 9, 2017

               

              2 of 2 people found this helpful
              • Re: Splunk app for Solarwinds
                bobmarley

                I think the possibilities are pretty endless using the generic data input. I don't have it installed yet but plan on doing it on our lab system soon.

                • Re: Splunk app for Solarwinds
                  fcpsolaradmin

                  Just leaving DC after attending Splunk .Conf and I will admit I wore my Solarwinds shirts while attending.   A few Splunk people asked if I use the app and what we are doing with it and I told them my hopes of maybe using it for performance data but now that Splunk v7 has the ability to collect and display performance data I am not sure what I will use it for.

                    • Re: Splunk app for Solarwinds
                      bobmarley

                      I would have like to go to the conference but it was in DC..... yuck!  I still think I will eventually make use of the app for porting alerts over to Splunk

                        • Re: Splunk app for Solarwinds
                          fcpsolaradmin

                          You don't like DC? I thought it was cool. I guess it was even better for those who brought family as they could go to museums and stuff during the conference. I live in a small northern WI town so anytime I get to a big city I like it.

                           

                          Got to see what others were doing with Splunk and that was great. Hopefully if the SWUGs turns out to be a big enough success maybe one day Solarwinds will have a conference I like Ignite and VMWorld but those conferences sometimes have a feeling of a sales seminar.

                      • Re: Splunk app for Solarwinds
                        hoppingubu

                        I haven't even created a dashboard for it. I hope to soon. I am particularly interested in alerts and inventory. I just haven't had the time to do it.

                         

                        I have searched SolarWinds and know that at least Splunk is getting data and indexing it. Maybe one day I'll be able to work on it.