How to integrate Splunk with Netcool OMNIbus?

tnewrelic — Wed, 05 Jul 2017 06:34:20 GMT

Hi,

We are looking to integrate Splunk 6.x with Netcool OMNIbus.

Please help us how can we proceed.

Thanks!!

Re: How to integrate Splunk with Netcool OMNIbus?

adonio — Wed, 05 Jul 2017 11:44:17 GMT

seems like a broad question, are you looking to bring Netcool data to Splunk? send Splunk alerts to Netcool?
regardless, start here, https://answers.splunk.com/topics/netcool.html plenty of answers in this portal
hope it helps

Re: How to integrate Splunk with Netcool OMNIbus?

larryleeroberts — Tue, 11 Jul 2017 14:20:56 GMT

I too had this question some time ago and found no really good answer but figured it out. I used the Splunk Add-On Builder to create a new app for Splunk. Then with a very small script made posteifmsg available as an alert option from within Splunk. Very easy to do and effective.

Below is my code if it helps you or anyone else trying to do this.

# encoding = utf-8

import os
import sys
import time
import datetime
import subprocess

def process_event(helper, *args, **kwargs):
    """
    # OMNIbus Splunk Integration
    # Version 1.0
    # Author Larry Roberts
    # ENV SIT
    # Dependency: posteifmsg
    # Location: /lcl/sit/apps/splunk/default/etc/apps/TA-OMNIbus/bin/posteifmsg
    #
    # IMPORTANT
    # Do not remove the anchor macro:start and macro:end lines.
    # These lines are used to generate sample code. If they are
    # removed, the sample code will not be updated when configurations
    # are updated.

    [sample_code_macro:start]

    # The following example gets the alert action parameters and prints them to the log
    gfs_impact = helper.get_param("gfs_impact")
    helper.log_info("gfs_impact={}".format(gfs_impact))

    gfs_urgency = helper.get_param("gfs_urgency")
    helper.log_info("gfs_urgency={}".format(gfs_urgency))

    easyvista_category_id = helper.get_param("easyvista_category_id")
    helper.log_info("easyvista_category_id={}".format(easyvista_category_id))

    event_summary = helper.get_param("event_summary")
    helper.log_info("event_summary={}".format(event_summary))


    # The following example adds two sample events ("hello", "world")
    # and writes them to Splunk
    # NOTE: Call helper.writeevents() only once after all events
    # have been added
    helper.addevent("hello", sourcetype="sample_sourcetype")
    helper.addevent("world", sourcetype="sample_sourcetype")
    helper.writeevents(index="summary", host="localhost", source="localhost")

    # The following example gets the events that trigger the alert
    events = helper.get_events()
    for event in events:
        helper.log_info("event={}".format(event))

    # helper.settings is a dict that includes environment configuration
    # Example usage: helper.settings["server_uri"]
    helper.log_info("server_uri={}".format(helper.settings["server_uri"]))
    [sample_code_macro:end]
    """

    helper.log_info("omnibus_event: Alert action OMNIbus started.")

    # Remove characters that will break the posteifmsg syntax
    summary_fix=helper.get_param("event_summary").replace('"', '').replace("'", '')
    category_fix=helper.get_param("easyvista_category_id").replace('"', '').replace("'", '')

    # Map values to posteifmsg syntax requirements
    value1="-f /lcl/sit/apps/splunk/default/etc/apps/TA-OMNIbus/bin/config.ini"
    value2="-m "+"'"+summary_fix+"'"
    value3="GFS_Impact="+helper.get_param("gfs_impact")
    value4="GFS_Urgency="+helper.get_param("gfs_urgency")
    value5="GFS_Category="+"'"+category_fix+"'"
    value6="Node=Splunk"
    value7="Generic"
    value8="Splunk"

    # Fire the posteifmsg command
    os.system("/lcl/sit/apps/splunk/default/etc/apps/TA-OMNIbus/bin/posteifmsg %s %s %s %s %s %s %s %s" % (value1,value2,value3,value4,value5,value6,value7,value8))

    # Log the fire event to Splunk
    helper.addevent("omnibus_alert:"+summary_fix+" GFS_Impact:"+helper.get_param("gfs_impact")+" GFS_Urgency:"+helper.get_param("gfs_urgency")+" Category:"+category_fix, sourcetype="omnibus_alert")
    helper.writeevents(index="main", host="localhost", source="localhost")
    return 0

Re: How to integrate Splunk with Netcool OMNIbus?

adonio — Wed, 12 Jul 2017 01:59:45 GMT

very cool!
thanks for sharing

Re: How to integrate Splunk with Netcool OMNIbus?

Krish509 — Tue, 21 Nov 2017 10:46:26 GMT

Thank you larryleeroberts

What are the actions need from netcool side to capture the event?Could you provide any document if you have?

Thanks

Re: How to integrate Splunk with Netcool OMNIbus?

Krish509 — Tue, 21 Nov 2017 10:46:31 GMT

Thank you larryleeroberts

What are the actions need from netcool side to capture the event?Could you provide any document if you have?

Thanks

topic Re: How to integrate Splunk with Netcool OMNIbus? in Getting Data In

How to integrate Splunk with Netcool OMNIbus?

Re: How to integrate Splunk with Netcool OMNIbus?

Re: How to integrate Splunk with Netcool OMNIbus?

Re: How to integrate Splunk with Netcool OMNIbus?

Re: How to integrate Splunk with Netcool OMNIbus?

Re: How to integrate Splunk with Netcool OMNIbus?