The Splunk Technology Add-on (TA) for Dell EMC ECS collects data from ECS to be used by the Dell EMC ECS App for Splunk Enterprise.
Splunk Enterprise:
Python:
Tested on CentOS, Windows.
Dell EMC ECS Add-on for Splunk TA should be installed on a Heavy Forwarder and Search Head.
This app also requires the Dell EMC ECS App for Splunk
Standard Splunk Enterprise configuration of Search Head, Indexer, and Forwarder.
Documentation for this add-on is located here.
This TA can be installed through UI using following steps.
install app from file
. Choose file
and select Dell ECS Add-on installation file. Upload
.After Installation
Configuration
tab next to the Inputs
tab. Add
button to add an ECS VDC.Add
.Parameter | Required | Description |
---|---|---|
Account name | Yes | Provide unique name to uniquely identify Dell EMC ECS Sever details |
Server Address | Yes | Provide the Server Address to a VDC node (IP Address) |
Username | Yes | Provide User name of Dell EMC ECS server |
Password | Yes | Provide Password of Dell EMC ECS server |
*Verify SSL Certificate | Optional | Use SSL to access the ECS Management API |
*
Note that if the SSL checkbox is enabled, then you need to append the API certificate in $SPLUNK_HOME/etc/apps/TA-dellecs/ta_dell_ecs/requests/cacert.pem
file. For safety purposes, please take a backup of cacert.pem before appending the SSL certificate
Logging
. Save
.Dell ECS Add-on for Splunk
. From the inputs screen, click on Create New Input
. It has multiple input configuration Dell ECS Input
, Dell ECS Namespaces Input
, Dell ECS Buckets Input
.Dell ECS Input
will index all the data into the Splunk except Namespace and Bucket data.Dell ECS Namespace Input
will index Namespace data only.Dell ECS Buckets Input
will index Buckets data only.Parameter | Required | Description |
---|---|---|
Name | Yes | Provide unique name to uniquely identify a Dell EMC ECS Sever details |
*Interval | Yes | Interval in seconds for the cron schedule. |
Index | Yes | Index in which you want to store your data. |
Global Account | Yes | Select previously configured ECS Server details. |
Start Time | Optional | Start time in GMT from which Data Collection will start. "%Y-%m-%dT%H:%M". |
*
The input will be triggered at every interval time and fetch the data from Dell EMC ECS endpoints. cron schedule e.g. for every one minute cron schedule will be /1 * * *.
To see data logged by the Dell ECS Add-on for Splunk
, select the Search
tab. Search Dell_ECS_index
macro.
Libraries(Python) | Version | Repository link | License |
---|---|---|---|
croniter | 0.3.25 | https://pypi.org/project/croniter/ | https://github.com/kiorky/croniter/blob/master/docs/LICENSE |
dateutil | 2.6.1 | https://pypi.org/project/python-dateutil/ | https://github.com/dateutil/dateutil/blob/master/LICENSE |
To troubleshoot Dell ECS Add-on, check following log files
$SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_input.log
$SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_namespaces_input.log
* $SPLUNK_HOME/var/log/splunk/ta_dell_ecs_dell_ecs_buckets_input.log file.
User can search for ERROR logs in the Splunk using following query
* index="_internal" source=**ta_dell_ecs_dell_ecs_*.log** ERROR
Added support of Splunk 8.x
Made Add-on Python2 and Python3 compatible
Added proxy support
Added extraction for CAS logs
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.