Can it display the alerts and events?
1 of 1 people found this helpful
It has 3 data input options
Solarwinds Query -Queries the SW database.
Solarwinds Alerts- This seems to be events not so much actual alerts. Still looking into
Solarwinds Node Inventory.- Gather node info using api.
I am currently learning Splunk. I don't have admin access to Splunk actually install the app, but I'm curious as to what you get out of it so I can push for it to be installed.
2 of 2 people found this helpful
Thanks for the post. It does look like it will bring in anything you want with the generic data input.
Here is the description from splunkbase.
"The Splunk Add-on for SolarWinds allows a Splunk software administrator to collect SolarWinds alerts and SolarWinds asset inventory (network devices and their various attributes). This add-on also includes a generic input that allows you to schedule any SolarWinds query and index the corresponding output in Splunk.
You can then directly analyze the data or use it as a contextual data feed to correlate with other application performance-related data in the Splunk platform."
With the SolarWinds add-on for Splunk, you have the ability to ingest the following SolarWinds data sources:
1- SolarWinds alerts
2- SolarWinds asset Inventory (network devices and their various attributes)
3- SolarWinds queries which is a generic data input that allows you to index the output of any SolarWinds select statement/query
Deploy the spl file as a splunk app from Splunk Web using "Install App from File".
- Using Splunk web go to “SolarWinds Add-on for Splunk” App
- Click on “Configuration” tab
- Enter the Credentials under the “Account” tab. These are the credentials needed to authenticate to the SolarWinds API. The username/password used should have the minimum permission needed to run the SolarWinds query via REST API
- Enter the Solarwinds Server and port under “Add-on Settings”
- Configure proxy if you have proxy between Splunk and SolarWinds
Starting Data collection
- Click on “Input” Tab from within the “SolarWinds Add-on for Splunk” App
- Add new Input. You have 3 types:
- SolarWinds Alerts: This is an incremental poll that keeps track of last alert indexed in checkpoint file and queries the deltas for just the new alerts on next poll iteration. To configure, select the account used for authentication. Set the initial start time. Format allowed should follow "yyyy-MM-dd hh:mm:ss.%3f" for example “2017-01-16 10:15:01.54”.
- SolarWinds Node Inventory (network devices and their various attributes): This is snapshot poll. This input allows you to take a snapshot of all assets at every poll. We recommend keeping the poll interval high 12h (43200 seconds) or higher
- SolarWinds Query: This is a generic data input that allows you to index the output of any SolarWinds select statement/query. You can enter any SolarWinds select statement and index the output in splunk. This is snapshot poll as well so we recommend keeping the poll interval high as well
Version 1.0.0June 9, 2017
I do have it setup and working. I was just hoping others could tell me what they were doing with it or share their dashboards.
Hi, I already follow this guideline but there are no output from my searching...could you share what the setup needed for account tab on configuration since I worried wrongly setting?
it is credential for Solarwinds server(I used windows server 2012) or else?
I think the possibilities are pretty endless using the generic data input. I don't have it installed yet but plan on doing it on our lab system soon.
They are indeed endless yet at the same time I'm lost as to what data i want to display
1 of 1 people found this helpful
I finally installed it. Not so much to make displays, i just want to automate compares of tables from other products so i can ensure when something is added to the network it gets added to all of the tools and is in our CMDB.
Just leaving DC after attending Splunk .Conf and I will admit I wore my Solarwinds shirts while attending. A few Splunk people asked if I use the app and what we are doing with it and I told them my hopes of maybe using it for performance data but now that Splunk v7 has the ability to collect and display performance data I am not sure what I will use it for.
I would have like to go to the conference but it was in DC..... yuck! I still think I will eventually make use of the app for porting alerts over to Splunk
You don't like DC? I thought it was cool. I guess it was even better for those who brought family as they could go to museums and stuff during the conference. I live in a small northern WI town so anytime I get to a big city I like it.
Got to see what others were doing with Splunk and that was great. Hopefully if the SWUGs turns out to be a big enough success maybe one day Solarwinds will have a conference I like Ignite and VMWorld but those conferences sometimes have a feeling of a sales seminar.
I haven't even created a dashboard for it. I hope to soon. I am particularly interested in alerts and inventory. I just haven't had the time to do it.
I have searched SolarWinds and know that at least Splunk is getting data and indexing it. Maybe one day I'll be able to work on it.
I'd be interested in keeping up with what you or others are doing with it. I'll do the same