All Apps and Add-ons

Ability To Ingest Solarwinds DPA Data with SoarWinds Add-On

deastman
SplunkTrust
SplunkTrust

I'm currently utilizing SolarWinds DPA. I would like to ingest data from SWDPA for use within Splunk. However, I'm not interested in consuming every single bit of data from DPA into Splunk. Does this SW Add-On allow for ingestion from the DPA application? If so, how is that configured?

0 Karma
1 Solution

Richfez
SplunkTrust
SplunkTrust

The Add-on for SolarWinds uses SolarWind's REST API to retrieve data from SolarWinds.

This is nearly all cases is far, far better than using a DB connection because, in the understated words of a DBA working in conjunction with a Thwack MVP we employ, the DB can be "a bit messy."

But that means if the data you want is not available over the REST API, this might not work.

Reviewing the results of a web search for something like "solarwinds dpa api" returns hits like this disappointing support item. Of course, their documentation isn't clear about if this is current information or old, so maybe this has been resolved. I get other hints it has not been resolved.

While that's disappointing, all isn't necessarily lost, though. The data that the REST interface exposes (or in this case doesn't expose) is still stored in the SW DB. While it won't be easy because, again, it's messy under the covers, it should at least be possible to install the Splunk DB Connect app and create the queries you need to get this data.

Unfortunately "Possible" is a far cry from "Easy". Still, I hope this at least gives you options.

I CAN say that for the other stuff SW exposes via REST, it works pretty well.

Happy Splunking!
-Rich

View solution in original post

0 Karma

Richfez
SplunkTrust
SplunkTrust

The Add-on for SolarWinds uses SolarWind's REST API to retrieve data from SolarWinds.

This is nearly all cases is far, far better than using a DB connection because, in the understated words of a DBA working in conjunction with a Thwack MVP we employ, the DB can be "a bit messy."

But that means if the data you want is not available over the REST API, this might not work.

Reviewing the results of a web search for something like "solarwinds dpa api" returns hits like this disappointing support item. Of course, their documentation isn't clear about if this is current information or old, so maybe this has been resolved. I get other hints it has not been resolved.

While that's disappointing, all isn't necessarily lost, though. The data that the REST interface exposes (or in this case doesn't expose) is still stored in the SW DB. While it won't be easy because, again, it's messy under the covers, it should at least be possible to install the Splunk DB Connect app and create the queries you need to get this data.

Unfortunately "Possible" is a far cry from "Easy". Still, I hope this at least gives you options.

I CAN say that for the other stuff SW exposes via REST, it works pretty well.

Happy Splunking!
-Rich

0 Karma

deastman
SplunkTrust
SplunkTrust

Rich,
Thank you for your insight and answer on this matter. I agree the DB is rather messy. We are going to pursue the DB Connect option possibly. Otherwise, we may forgo ingesting this unless required, as the DPA interface seems to work just fine.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...