icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Dell EMC ECS Add-on for Splunk
SHA256 checksum (dell-emc-ecs-add-on-for-splunk_100.tgz) ce5d7c9e1e6feac80cd8918d239d1ae874e47f8b18112c8881db3aac1508ef24
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Dell EMC ECS Add-on for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
The Splunk Technology Add-on (TA) for Dell EMC ECS collects data from ECS to be used by the Dell EMC ECS App for Splunk Enterprise

Dell EMC ECS Add-on for Splunk

The Splunk Technology Add-on (TA) for Dell EMC ECS collects data from ECS to be used by the Dell EMC ECS App for Splunk Enterprise.

Requirements

Splunk Enterprise:

  • Version 7.1.x, 7.2.x and 7.3.x

Python:

  • Version 2.7

Tested on CentOS, Windows.
Dell EMC ECS Add-on for Splunk TA should be installed on a Heavy Forwarder and Search Head.
This app also requires the Dell EMC ECS App for Splunk

Recommended System Configuration

Standard Splunk Enterprise configuration of Search Head, Indexer, and Forwarder.

Installation

Documentation for this add-on is located here.

This TA can be installed through UI using following steps.

  1. Log in to Splunk Web and navigate to Apps > Manage Apps.
  2. Click install app from file.
  3. Click Choose file and select Dell ECS Add-on installation file.
  4. Click on Upload.
  5. Restart Splunk.

Application Setup

Configurations

After Installation

  1. Click on the Configuration tab next to the Inputs tab.
  2. Click on the Add button to add an ECS VDC.
  3. Provide the ECS VDC Management credentials and Click on Add.
Parameter Required Description
Account name Yes Provide unique name to uniquely identify Dell EMC ECS Sever details
Server Address Yes Provide the Server Address to a VDC node (IP Address)
Username Yes Provide User name of Dell EMC ECS server
Password Yes Provide Password of Dell EMC ECS server
*Verify SSL Certificate Optional Use SSL to access the ECS Management API

* Note that if the SSL checkbox is enabled, then you need to append the API certificate in $SPLUNK_HOME/etc/apps/TA-dellecs/ta_dell_ecs/requests/cacert.pem file. For safety purposes, please take a backup of cacert.pem before appending the SSL certificate

  1. To configure log-level, Select Logging.
  2. Select the log level from dropdown and click on Save.

Inputs

  1. Go to the apps list and open Dell ECS Add-on for Splunk. From the inputs screen, click on Create New Input. It has multiple input configuration Dell ECS Input , Dell ECS Namespaces Input, Dell ECS Buckets Input.
  2. Dell ECS Input will index all the data into the Splunk except Namespace and Bucket data.
  3. Dell ECS Namespace Input will index Namespace data only.
  4. Dell ECS Buckets Input will index Buckets data only.
    Note that if multiple inputs are created with the same global account, there will be duplicate Events in Splunk.
Parameter Required Description
Name Yes Provide unique name to uniquely identify a Dell EMC ECS Sever details
*Interval Yes Interval in seconds for the cron schedule.
Index Yes Index in which you want to store your data.
Global Account Yes Select previously configured ECS Server details.
Start Time Optional Start time in GMT from which Data Collection will start. "%Y-%m-%dT%H:%M".

*The input will be triggered at every interval time and fetch the data from Dell EMC ECS endpoints. cron schedule e.g. for every one minute cron schedule will be /1 * * *.

Search

To see data logged by the Dell ECS Add-on for Splunk, select the Search tab. Search Dell_ECS_index macro.

External Libraries used

Libraries(Python) Version Repository link License
croniter 0.3.25 https://pypi.org/project/croniter/ https://github.com/kiorky/croniter/blob/master/docs/LICENSE
dateutil 2.6.1 https://pypi.org/project/python-dateutil/ https://github.com/dateutil/dateutil/blob/master/LICENSE

Troubleshooting

To troubleshoot Dell ECS Add-on, check following log files
$SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_input.log
$SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_namespaces_input.log
* $SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_buckets_input.log file.

User can search for ERROR logs in the Splunk using following query
* index="_internal" source=**ta_dell_ecs_dell_ecs_*.log** ERROR

Release Notes

Version 1.0.0
Oct. 18, 2019

16
Installs
12
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.