14 Replies Latest reply on Nov 22, 2017 8:48 AM by deanmooqe

    Splunk app for Solarwinds

    fcpsolaradmin

      I am currently learning Splunk and found that an app was recently released to display Solarwinds data inside Splunk. I have created a simple dashboard with some pretty generic stats.

       

      Has anyone else had a chance to use this app,and if so what have you done with it?

       

      Solarwinds app for splunk

        • Re: Splunk app for Solarwinds
          sja

          Nice

           

          Can it display the alerts and events?

           

          /Sja

            • Re: Splunk app for Solarwinds
              fcpsolaradmin

              It has 3 data input options

               

              Solarwinds Query -Queries the SW database.

               

              Solarwinds Alerts- This seems to be events not so much actual alerts. Still looking into

               

              Solarwinds Node Inventory.- Gather node info using api.

              1 of 1 people found this helpful
            • Re: Splunk app for Solarwinds
              mprobus

              I am currently learning Splunk.  I don't have admin access to Splunk actually install the app, but I'm curious as to what you get out of it so I can push for it to be installed.

              • Re: Splunk app for Solarwinds
                bobmarley

                Thanks for the post. It does look like it will bring in anything you want with the generic data input.

                 

                 

                Here is the description from splunkbase.

                 

                "The Splunk Add-on for SolarWinds allows a Splunk software administrator to collect SolarWinds alerts and SolarWinds asset inventory (network devices and their various attributes). This add-on also includes a generic input that allows you to schedule any SolarWinds query and index the corresponding output in Splunk.

                You can then directly analyze the data or use it as a contextual data feed to correlate with other application performance-related data in the Splunk platform."

                About

                With the SolarWinds add-on for Splunk, you have the ability to ingest the following SolarWinds data sources:

                1- SolarWinds alerts
                2- SolarWinds asset Inventory (network devices and their various attributes)
                3- SolarWinds queries which is a generic data input that allows you to index the output of any SolarWinds select statement/query

                Installation

                Deploy the spl file as a splunk app from Splunk Web using "Install App from File".

                Configuration

                • Using Splunk web go to “SolarWinds Add-on for Splunk” App
                • Click on “Configuration” tab
                • Enter the Credentials under the “Account” tab. These are the credentials needed to authenticate to the SolarWinds API. The username/password used should have the minimum permission needed to run the SolarWinds query via REST API
                • Enter the Solarwinds Server and port under “Add-on Settings”
                • Configure proxy if you have proxy between Splunk and SolarWinds

                Starting Data collection

                • Click on “Input” Tab from within the “SolarWinds Add-on for Splunk” App
                • Add new Input. You have 3 types:
                  • SolarWinds Alerts: This is an incremental poll that keeps track of last alert indexed in checkpoint file and queries the deltas for just the new alerts on next poll iteration. To configure, select the account used for authentication. Set the initial start time. Format allowed should follow "yyyy-MM-dd hh:mm:ss.%3f" for example “2017-01-16 10:15:01.54”.
                  • SolarWinds Node Inventory (network devices and their various attributes): This is snapshot poll. This input allows you to take a snapshot of all assets at every poll. We recommend keeping the poll interval high 12h (43200 seconds) or higher
                  • SolarWinds Query: This is a generic data input that allows you to index the output of any SolarWinds select statement/query. You can enter any SolarWinds select statement and index the output in splunk. This is snapshot poll as well so we recommend keeping the poll interval high as well

                Release Notes

                 

                Version 1.0.0
                June 9, 2017

                 

                2 of 2 people found this helpful
                • Re: Splunk app for Solarwinds
                  bobmarley

                  I think the possibilities are pretty endless using the generic data input. I don't have it installed yet but plan on doing it on our lab system soon.

                  • Re: Splunk app for Solarwinds
                    fcpsolaradmin

                    Just leaving DC after attending Splunk .Conf and I will admit I wore my Solarwinds shirts while attending.   A few Splunk people asked if I use the app and what we are doing with it and I told them my hopes of maybe using it for performance data but now that Splunk v7 has the ability to collect and display performance data I am not sure what I will use it for.

                      • Re: Splunk app for Solarwinds
                        bobmarley

                        I would have like to go to the conference but it was in DC..... yuck!  I still think I will eventually make use of the app for porting alerts over to Splunk

                          • Re: Splunk app for Solarwinds
                            fcpsolaradmin

                            You don't like DC? I thought it was cool. I guess it was even better for those who brought family as they could go to museums and stuff during the conference. I live in a small northern WI town so anytime I get to a big city I like it.

                             

                            Got to see what others were doing with Splunk and that was great. Hopefully if the SWUGs turns out to be a big enough success maybe one day Solarwinds will have a conference I like Ignite and VMWorld but those conferences sometimes have a feeling of a sales seminar.

                        • Re: Splunk app for Solarwinds
                          hoppingubu

                          I haven't even created a dashboard for it. I hope to soon. I am particularly interested in alerts and inventory. I just haven't had the time to do it.

                           

                          I have searched SolarWinds and know that at least Splunk is getting data and indexing it. Maybe one day I'll be able to work on it.