This is an app powered by the Splunk Add-on Builder.
The NetApp StorageGRID App for Splunk is used to build dashboards and run ad-hoc searches on top of the data collected and indexed by the NetApp StorageGRID Add-on for Splunk. The NetApp StorageGRID Add-on for Splunk can be downloaded from here
This App is supported on the Search head in case of distributed Splunk platform deployment and also on standalone Splunk instance. Below table provides the reference for installing the App on distributed Splunk deployment:
|Splunk instance type||Supported||Required||Comments|
|Search Heads||Yes||Yes||This App is required on Search Heads as it has dashboards and searches.|
|Indexers||Yes||No||This App is not required on the indexers.|
|Heavy Forwarders||Yes||No||This App is not required on the heavy forwarders.|
Follow the link mentioned below to install the App based on your deployment:
If there is already older version of app installed in your Splunk instance, then you can upgrade app by following two ways:
Using the latest version available on Splunkbase.
You can download latest version of App from Splunkbase and you can upload it into Splunk by navigating to
Admin will have to update/replace name of the index in 'get_sg_index' macro if StorageGRID data is being indexed in any index other than main. There is no additional configuration required.
Settings > Advanced search > Search macros.
NetApp StorageGRID App for Splunkin
Visible in the Appto
Created in the App.
get_sg_indexand click on it to edit.
This app contains the following saved searches, which are used for populating data in the dashboard:
Test Your Install
The main app dashboard can take some time to populate the dashboards Once data collection is started by Add-on. A good test to see that you are receiving all of the expected data is to run below given search on Main app search dashboard after several minutes:
search `get_sg_index` | stats count by sourcetype
In particular, you should see these sourcetypes:
If you don't see these sourcetypes
If the dashboard filters are not being populated
* Added two new dashboards named as - "Load Balancer" and "Platform Services Overview".
* Changed navigation menu for all of the dashboards.
* Removed 7 panels from "Security Audit" dashboard as the required audit logs are deprecated in the newer version of the StorageGrid.
* Added 2 new panels in "Security Audit" dashboard to audit the use of management APIs by the grid managers & the tenant accounts.
* Replaced column "No. of Established Connections" with "Active Connections of Storage Nodes" in "Security Audit" dashboard.
* Added 2 new panels in "ILM details" dashboard to monitor the objects dropped.
* Removed 3 panels which were based on audit logs from "S3 details" and " Swift details" dashboards.
* Added panels - "Average duration to perform Operations on S3 Objects" and "Average duration to perform Operations on Swift Objects" in "S3 details" and "Swift details" dashboards respectively.
* Added multi-level drill-downs for the following panels in "S3 details" and "Swift details" dashboards.
* Fixed issue of wrong Site Name on Storage per Node panel of Summary dashboard.
* Fixed issue of count mismatch with storagegrid UI for few panels.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.