icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Dell EMC ECS Add-on for Splunk
SHA256 checksum (dell-emc-ecs-add-on-for-splunk_120.tgz) 1d45796173cf635453917a9a1127057fac1077e087a363d6fddeafd60affb3c1 SHA256 checksum (dell-emc-ecs-add-on-for-splunk_110.tgz) b1ec27c3d1435e069ab157d506d8d10919007436921b5dc2c5f14d96932140b6 SHA256 checksum (dell-emc-ecs-add-on-for-splunk_100.tgz) ce5d7c9e1e6feac80cd8918d239d1ae874e47f8b18112c8881db3aac1508ef24
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Dell EMC ECS Add-on for Splunk

Splunk Cloud
Overview
Details
The Splunk Technology Add-on (TA) for Dell EMC ECS collects data from ECS to be used by the Dell EMC ECS App for Splunk Enterprise

Dell ECS Add-on for Splunk

Dell ECS Add-on is a Splunk Add-on which is collecting data from ECS REST APIs and indexes into the Splunk Enterprise.
* Author - Dell Inc.

Release Notes

  • Version 1.2.0

    • Upgraded to latest python libraries.
    • Deprecated python2 support.
    • Added support for latest Splunk version.
    • Added flux API support for DELL v3.6.
  • Version 1.1.0

    • Splunk 8 Support
    • Made Add-on Python23 compatible

Requirements

Splunk Enterprise:

  • Version 8.1.x and 8.2.x

Python:

  • Version 3.7

Tested on CentOS, Windows with the latest chrome and firefox version.

Recommended System Configuration

Standard Splunk Enterprise configuration of Search Head, Indexer, and Forwarder.

Topology and Setting up Splunk Environment

This Add-On can be set up in two ways:

1) Standalone Mode: Install the Add-on app on a single machine. This single machine would serve as a Search Head + Indexer + Heavy forwarder for this setup.
2) Distributed Environment: Install Add-on on search head and Heavy forwarder (for REST API).

  • Add-on resides on search head machine need not require any configuration here.
  • Add-on needs to be installed and configured on the Heavy forwarder system.
  • Execute the following command on Heavy forwarder to forward the collected data to the indexer. /opt/splunk/bin/splunk add forward-server <indexer_ip_address>:9997
  • On the Indexer machine, enable event listening on port 9997 (recommended by Splunk).
  • Add-on needs to be installed on search head for CIM mapping

Installation

This TA can be installed through UI using following steps.

  1. Log in to Splunk Web and navigate to Apps > Manage Apps.
  2. Click install app from file.
  3. Click Choose file and select Dell ECS Add-on installation file.
  4. Click on Upload.
  5. Restart Splunk.

Upgradation to version 1.2.0 from the previous version

  1. Disable all Inputs.
  2. Reconfigure the accounts by clicking on edit and save it again after providing require fields.
  3. Enable all Inputs.

Application Setup

Configurations

After Installation

  1. Click on the Configuration tab next to Inputs tab.
  2. Click on the Add button to add an ECS Server information.
  3. Provide your ECS Server credential and Click on Add.
Global account parameters Mandatory or Optional Description
Account name Mandatory Provide unique name to uniquely identify ECS Server details
Server Address Mandatory Provide Server Address for ECS server (IP Address)
Username Mandatory Provide User name of ECS server
Password Mandatory Provide Password of ECS server
Verify SSL Certificate Optional To get the data from APIs using SSL, remains the checkbox enable otherwise disable it. Note that if checkbox is enable then user needs to append certificate in $SPLUNK_HOME/etc/apps/TA-dellecs/ta_dell_ecs/requests/cacert.pem file, for the safety purpose please take a backup of cacert.pem while appending SSL certificate
Proxy Enable Optional To enable proxy for the account. If an account with proxy enabled is used in any input then it uses the proxy details attached to that account for the data collection

Following proxy params will show up once Proxy Enable checkbox is checked:

Proxy Paramters Mandatory or Optional Description
Proxy Type Mandatory Select proxy type that you want to use from dropdown. The TA supports http proxy only.
Proxy Host Mandatory Host or IP of the proxy server
Proxy Port Mandatory Port for proxy server
Proxy Username Optional Username of the proxy server. It is mandatory in case when user has entered Password
Proxy Password Optional Password of the proxy server. It is mandatory in case when user has entered Username
  1. To configure log-level, Select Logging.
  2. Select the log level from dropdown and click on Save.

If you are configuring data collection >=3.6 version of Dell ECS

Load Balancer:

On the TA side, configuration of the ECS Node IP’s is needed instead of a VIP. This is because it utilizes the API call GET /vdc/nodes to return all ECS node information and match it with the configured account. It then uses that to grab the data from the ECS influxDB using the Flux API to help minimize impact on the ECS cluster.

So, configuring a VIP does work for ECS version 3.5 and below but not for 3.6.

Increase the Timeout if required:

If we run into Timeout Error, then follow the below steps to increase timeout value in Splunk Add-on.

1.) Disable the Input
2.) Navigate to location: $SPLUNK_HOME/etc/apps/TA-dellecs/bin. Make below changes:
    i.) Copy ecs_connect.py and rename it to ecs_connect.py.bak so we would have a backup.
    ii.) In ecs_connect.py find for string: self.TIMEOUT=15
    iii.) Change value of timeout from 15 to 60 (i.e. 60 seconds)
    Note: This change would affected all three modular inputs (login and data collection)
3.)  Enable Input

Inputs

  1. Go to the apps list and open Dell ECS Add-on for Splunk. From the inputs screen, click on Create New Input. It has multiple input configuration Dell ECS Input , Dell ECS Namespaces Input, Dell ECS Buckets Input.
  2. Dell ECS Input will index all the data into the Splunk except Namespace and Bucket data.
  3. Dell ECS Namespace Input will index Namespace data only.
  4. Dell ECS Buckets Input will index Buckets data only.
    Note that if multiple inputs are created with the same global account, there will be duplicate Events in Splunk.
Input Parameter Mandatory or Optional Description
Name Mandatory Provide unique name to uniquely identify a ECS Server details
Interval Mandatory Interval in seconds or cron schedule. The input will be triggered at every interval time and fetch the data from ECS endpoints. cron schedule e.g. for every one minute cron schedule will be /1 * * *.
Index Mandatory Index in which you want to store your data.
Global Account Mandatory Select previously configured ECS Server details.
Start Time Optional Provide start time in GMT from which Data Collection will start. Time format is "%Y-%m-%dT%H:%M".

Search

To see data logged by Dell ECS Add-on for Splunk, select the Search tab. Search Dell_ECS_index macro.

External Libraries used

Libraries(Python) Version Repository link License
croniter 0.3.25 https://pypi.org/project/croniter/ https://github.com/kiorky/croniter/blob/master/docs/LICENSE
dateutil 2.6.1 https://pypi.org/project/python-dateutil/ https://github.com/dateutil/dateutil/blob/master/LICENSE

Troubleshooting

To troubleshoot Dell ECS Add-on, check following log files
$SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_input.log
$SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_namespaces_input.log
* $SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_buckets_input.log file.

User can search for ERROR logs in the Splunk using following query
* index="_internal" source=**ta_dell_ecs_dell_ecs_*.log** ERROR

Uninstall & Cleanup steps

  • Remove $SPLUNK_HOME/etc/apps/TA-dellecs
  • Remove $SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_input.log
  • Remove $SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_namespaces_input.log
  • Remove $SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_buckets_input.log
  • To reflect the cleanup changes in UI, Restart Splunk Enterprise instance

Support

Copyright

  • Copyright (C) 2022 Dell Technologies Inc. All Rights Reserved.

External Documentation

Please reference the guide located to below link for additional configuration details.
Link: https://www.delltechnologies.com/asset/en-us/products/storage/technical-support/h18011-dell-emc-ecs-app-for-splunk-enterprise-configuration-guide.pdf

Release Notes

Version 1.2.0
Feb. 18, 2022
  • Migrated App and TA to use the latest version of jQuery.
  • Added support for Flux API for ECS EMC v3.6.x and above.
Version 1.1.0
Feb. 12, 2020

Added support of Splunk 8.x
Made Add-on Python2 and Python3 compatible
Added proxy support
Added extraction for CAS logs

Version 1.0.0
Oct. 18, 2019

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.