|Has index-time operations||true|
|Create an index||false|
|Implements summarization||true: summary index, Data Model with acceleration|
Gigamon® Visibility App for Splunk allows a Splunk® Enterprise administrator to collect, store, and visualize the health and analytics of the Gigamon Visibility Fabric™. By allowing Gigamon® Visibility App for Splunk app access to GigaVUE®-FM, the administrator can have full visibility and reporting across the entire Visibility Fabric. Automated searches collect and store aggregated network statistics from ports and maps within the Visibility Fabric. The Map Explorer enables the administrator to visualize the traffic policies within the Visibility Fabric.
Gigamon® Visibility App for Splunk comes with a modular input and the associated classes required to connect and consume the data from the GigaVUE-FM APIs. These files are located within the bin folder of the App.
Version 1.0.4 of Gigamon® Visibility App for Splunk is compatible with:
|Splunk Enterprise||6.2 6.3 6.4 6.5 6.6|
|Vendor Products||GigaVUE-FM 3.1 and above|
|Lookup file changes||This App utilizes KVStore for many lookups, including: GigaVUE-FM instances, Clusters, Flow Maps, cards, and ports.|
Gigamon® Visibility App for Splunk includes the following new features:
Questions and answers
Access questions and answers specific to Gigamon® Visibility App for Splunk at answers.splunk.com
Support for Gigamon® Visibility App for Splunk is available Monday thru Friday, 8 AM - 5 PM PST by emailing App.Splunk@gigamon.com.
To function properly, Gigamon® Visibility App for Splunk requires the following software:
Because this App runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.
Download Gigamon® Visibility App for Splunk at https://splunkbase.splunk.com .
To install and configure this app on your supported platform, follow these steps:
Follow these steps to install the app in a single server instance of Splunk Enterprise:
Install to search head
Install to indexers
Install to universal forwarders
Install to SHC
1. Install the App using the SHC Deployer
2. Install the TA-GigamonForSplunk Add-On (included in the appserver/addons folder) to the Indexer Tier, according to your configuration.
3. Install the IA-GigamonForSplunk Add-On (included in the appserver/addons/folder) to a Heavy Forwarder. Configure the connection to your GigaVUE-FM from the Heavy Forwarder interface.
This app provides the index-time and search-time knowledge for the following types of data from Gigamon Visibility Fabric nodes:
- sourcetype = gigamon:api:service:port
Audit Event Information
- sourcetype = gigamon:api:service:audit
- sourcetype = gigamon:api:service:license
- sourcetype = gigamon:api:service:maps
- sourcetype = gigamon:api:service:node
- sourcetype = gigamon:api:service:stats
- sourcetype = gigamon:api:service:users
Traffic Analyzer Data
- sourcetype = gigamon:api:service:traffic
Gigamon® Visibility App for Splunk contains several KV Stores.
The KV Stores are descriptive in what they contain: giga_clusters, giga_fms, giga_ports, giga_cards, giga_maps.
The only configuration out of the box is to connect the App with your GigaVUE-FM. You can do this by accessing the Credential Configuration page. It is located on the Menu under Administration -> Configuration Menu Item as GigaVUE-FM.
To change the location of the data from the main index, update the event type giga_idx with the appropriate index name. You must also change the Modular Input configuration to point to the new index.
For syslog and system event dashboards to get populated, individual Gigavue nodes need to be configured to send syslog to the Splunk instance where GigamonApp is installed. Also a data input need to be created on Splunk for syslog to ingest data from Gigamon nodes.
If you find yourself in a situation where the Gigamon® Visibility App for Splunk doesn't work properly, or display the information you thought would be there, here are some simple troubleshooting steps to follow.
1.Start with the Gigamon Visibility App Health dashboard. It is found under the Administration section of the navigation.
1.Check the error sourcetype: sourcetype=GigamonForSplunk:error
1.Check the internal logs: index=_internal source=gigamon
1.Rebuild the lookups: Navigate to the Generate Lookups view under Administration -> Configuration navigation item.
For syslog, individual Gigavue nodes need to be configured to send syslog to the Splunk instance where an input needs to be created
Fixed The pre-built panel for proper display.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.