All Apps and Add-ons
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Can I install SolarWinds Add-on for Splunk on a se...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bestSplunker
Contributor
05-07-2018
01:34 AM
Dear everyone:
I have a single site cluster that inclusion 5 peer node and 4 search head. I will use SolarWinds Add-on for Splunk to collect solarwinds event/data. I've read doc and some answer forum post(eg. https://answers.splunk.com/answers/592960/solarwinds-add-on-for-splunk-no-results-when-searc.html). but I can't get a result when searching the output.
Can I install SolarWinds Add-on for Splunk on search head?
- I configured a solarwinds sever and default port
17778 - I configured log level is debug.
- No proxy and firewall between solarwinds and splunk severs
I configured inputs. the type is 'SolarWinds Query' and SolarWinds Alerts
I create a new index manually on search head called
swinsI tested swins like fllowing url :
I can see the returned JSON data but why I can't get the result when searching output?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nick405060
Motivator
06-07-2018
04:18 PM
Did you get it working? I've tried installing it on the search head, index server, and deployment server. I got it to work at once point but now I can't replicate it. To me it would make the most sense being on the deployment server and forwarded to the index server, like all other (forwarded) data is
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nick405060
Motivator
06-07-2018
04:18 PM
Did you get it working? I've tried installing it on the search head, index server, and deployment server. I got it to work at once point but now I can't replicate it. To me it would make the most sense being on the deployment server and forwarded to the index server, like all other (forwarded) data is
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nick405060
Motivator
07-27-2018
03:53 PM
The problem for us ended up just being a problem authenticating to the API. I created a new SW account with the right permissions and didn't use LDAP and that fixed the issue
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bestSplunker
Contributor
06-07-2018
06:43 PM
yes. I suggest installing it on HF and deployment server, It can working. If installed on the search header, it will not be able to get data from API.
Get Updates on the Splunk Community!
.conf25 Registration is OPEN!
Ready. Set. Splunk!
Your favorite Splunk user event is back and better than ever. Get ready for more technical ...
Detecting Cross-Channel Fraud with Splunk
This article is the final installment in our three-part series exploring fraud detection techniques using ...
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
