All Apps and Add-ons

Can I install SolarWinds Add-on for Splunk on a search head?

bestSplunker
Contributor

Dear everyone:

I have a single site cluster that inclusion 5 peer node and 4 search head. I will use SolarWinds Add-on for Splunk to collect solarwinds event/data. I've read doc and some answer forum post(eg. https://answers.splunk.com/answers/592960/solarwinds-add-on-for-splunk-no-results-when-searc.html). but I can't get a result when searching the output.

Can I install SolarWinds Add-on for Splunk on search head?

  1. I configured a solarwinds sever and default port 17778
  2. I configured log level is debug.
  3. No proxy and firewall between solarwinds and splunk severs
  4. I configured inputs. the type is 'SolarWinds Query' and SolarWinds Alerts

  5. I create a new index manually on search head called swins

  6. I tested swins like fllowing url :

    https://1.1.1.1:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Poller...

I can see the returned JSON data but why I can't get the result when searching output?

1 Solution

nick405060
Motivator

Did you get it working? I've tried installing it on the search head, index server, and deployment server. I got it to work at once point but now I can't replicate it. To me it would make the most sense being on the deployment server and forwarded to the index server, like all other (forwarded) data is

View solution in original post

nick405060
Motivator

Did you get it working? I've tried installing it on the search head, index server, and deployment server. I got it to work at once point but now I can't replicate it. To me it would make the most sense being on the deployment server and forwarded to the index server, like all other (forwarded) data is

nick405060
Motivator

The problem for us ended up just being a problem authenticating to the API. I created a new SW account with the right permissions and didn't use LDAP and that fixed the issue

bestSplunker
Contributor

yes. I suggest installing it on HF and deployment server, It can working. If installed on the search header, it will not be able to get data from API.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...