topic Re: Export Logs from Zabbix to Splunk Dashboard via API on Button Click in Splunk Search

Export Logs from Zabbix to Splunk Dashboard via API on Button Click

rohithvr19 — Sat, 11 Jan 2025 10:13:01 GMT

Is it possible to create a button in a Splunk dashboard that, when clicked, runs a script to export logs from Zabbix and display them on the dashboard? The dashboard should only be visible after the button is clicked. Has anyone implemented something like this before? Please help, as I’m really stuck on this!

Re: Export Logs from Zabbix to Splunk Dashboard via API on Button Click

gcusello — Sat, 11 Jan 2025 10:20:19 GMT

Hi @rohithvr19 ,

this is the opposite of the normal way to run of Splunk:

Splunk isn't a client of external platforms to use when needed.

The usual way to run is:

schedule the ingestions of logs from the external source (e.g. Zabbix and save the extraction in an index,
run a search n a dashboard and display logs.

It's the same approach to use DB-Connect: you can run SQL queries but the correct approach is schedule queries and run on indexed results.

Why this? because your approach is very very slow and results aren't saved in any archive, so you have ro run the API script every time and it consumes a large amount of resources.

Use the Splunk Add-On for Zabbix ( https://splunkbase.splunk.com/app/5272 ) to extract logs and then create your own dashboards.

Ciao.

Giuseppe

Re: Export Logs from Zabbix to Splunk Dashboard via API on Button Click

PickleRick — Sat, 11 Jan 2025 12:21:55 GMT

Strictly theoretically speaking it would probably be possible to do what you want using classic dashboard, a lot of custom JS and possibly a custom search commands. The thing is, it's so unusual and custom there's a fat chance noone ever tried something like that and you'd have to write everything from scratch yourself.

But as @gcusello already pointed out - it's completely opposite to the normal Splunk data workflow. What's your use case?

Re: Export Logs from Zabbix to Splunk Dashboard via API on Button Click

rohithvr19 — Sat, 11 Jan 2025 14:58:48 GMT

Thank you, @gcusello and @PickleRick, for your responses.

I have tried using the Zabbix add-on for Splunk, but unfortunately, it is not working for my use case. My requirement is to display real-time audit logs from Zabbix in a Splunk dashboard, but only upon user request, such as via a button click or similar functionality.

Could you suggest a standard and efficient approach to accomplish this task?

Re: Export Logs from Zabbix to Splunk Dashboard via API on Button Click

gcusello — Sat, 11 Jan 2025 15:50:15 GMT

Hi @rohithvr19 ,

real time monitoring isn't possible, you can have a near real time monitoring sheduling a very frequent update of the data (e.g. every 5 or 10 minutes), otherwise, you need a different solution.

As I said, the performace of a query pressing a button are very very low!

and the only solution is a frequent update (e.g. every 5 minutes).

Ciao.

Giuseppe

Re: Export Logs from Zabbix to Splunk Dashboard via API on Button Click

PickleRick — Sat, 11 Jan 2025 19:33:41 GMT

Honestly, it looks as if you were trying to have a Zabbix console just done with other tools. It doesn't make much sense.