All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I install SolarWinds Add-on for Splunk on a search head?

bestSplunker
Contributor
‎05-07-2018 01:34 AM

Dear everyone:

I have a single site cluster that inclusion 5 peer node and 4 search head. I will use SolarWinds Add-on for Splunk to collect solarwinds event/data. I've read doc and some answer forum post(eg. https://answers.splunk.com/answers/592960/solarwinds-add-on-for-splunk-no-results-when-searc.html). but I can't get a result when searching the output.

Can I install SolarWinds Add-on for Splunk on search head?

  1. I configured a solarwinds sever and default port 17778
  2. I configured log level is debug.
  3. No proxy and firewall between solarwinds and splunk severs

  4. I configured inputs. the type is 'SolarWinds Query' and SolarWinds Alerts

  5. I create a new index manually on search head called swins

  6. I tested swins like fllowing url :

    https://1.1.1.1:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Poller...

I can see the returned JSON data but why I can't get the result when searching output?

Reply
1 Solution
Solved! Jump to solution
Solution

nick405060
Motivator
‎06-07-2018 04:18 PM

Did you get it working? I've tried installing it on the search head, index server, and deployment server. I got it to work at once point but now I can't replicate it. To me it would make the most sense being on the deployment server and forwarded to the index server, like all other (forwarded) data is

View solution in original post

Reply
Solved! Jump to solution
Solution

nick405060
Motivator
‎06-07-2018 04:18 PM

Did you get it working? I've tried installing it on the search head, index server, and deployment server. I got it to work at once point but now I can't replicate it. To me it would make the most sense being on the deployment server and forwarded to the index server, like all other (forwarded) data is

Reply
Solved! Jump to solution

nick405060
Motivator
‎07-27-2018 03:53 PM

The problem for us ended up just being a problem authenticating to the API. I created a new SW account with the right permissions and didn't use LDAP and that fixed the issue

Reply
Solved! Jump to solution

bestSplunker
Contributor
‎06-07-2018 06:43 PM

yes. I suggest installing it on HF and deployment server, It can working. If installed on the search header, it will not be able to get data from API.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...