All Apps and Add-ons

How to get NetApp logs into Splunk

blasighb
Engager

Installed Splunk within environment, and wanted to forward all NetApp logs into SPLUNK Indexer. Current set up is Splunk Search head and Indexer on same box, one syslog server that is being indexed. Would like a step by step to forward logs from NetApp to Splunk.

0 Karma

gertux
New Member

Hi i had an issue with the NetApp plugin, i've already configured and installed and also add the cluster mode array with the IP address and credentials validated. Also i run the Scheduler, but when i go to the "Proactive Monitoring" and then for example to the "Cluster View" i'm getting the following message "Search query is not fully resolved.", and nothing is displayed. Could someone help me out with this since i'd like to try Splunk to monitor our Filers from NetApp.

Thanks in advance,

Best regards to all

0 Karma

bboe
Splunk Employee
Splunk Employee

There could be a couple different causes to this issue. One is that the tsidx searches did not finish populating their indexes before the page was loaded. This issue will resolve itself over time.

First, it might be helpful to check that you're getting data. By default, data goes into index=ontap. If this index is empty, then there's a problem with your configuration. Check that your data collection node is configured as a forwarder and sending data to your indexer. If you're not seeing data in index=_internal from the data collection node host, then there's a connection problem that needs resolution.

If you're still seeing the same issues, check index=_internal sourcetype=splunk_ta_ontap_api* OR sourcetype=hydra* ERROR for any errors during collection.

hitesh_kanchan
Explorer

I am facing a similar issue where I am not able to see any data. Just wanted to confirm on the settings that I did.

I have a Splunk server which is configured as a SearchHead and Indexer. Installed the Netapp App on that.
On this server, I added a OntapServer by clicking on the "Add Ontap Collection" button. Is that fine.

I have not setup any Data Collection Node. Is it mandatory to set up one?

I don't see anything in index=_internal host=someHost.

0 Karma

sudovicic_splun
Splunk Employee
Splunk Employee

For details on how to get logs, performance and configuration data from NetApp ONTAP environment, please refer to Splunk App for NetApp Data ONTAP docs:

http://docs.splunk.com/Documentation/NetApp/2.0/DeployNetapp/Configuredatacollection

0 Karma

halr9000
Motivator

What @sdaniels said, but if the only thing you are interested in are the actual system logs (and not performance or configuration data, which the app provides in addition), then you can certainly do syslog forwarding. On NetApp 7-mode, it works exactly like any unix, i.e. 'man syslogd.conf'. Here's a blog post with some instructions: http://networkadminkb.com/KB/a455/how-to-configure-a-netapp-fas-to-forward-syslog-messages.aspx

Cluster-mode is different. You would use the 'event' command while logged into a command shell. ONTAP 8.1 reference guide link [may require login to view]: https://library.netapp.com/ecmdocs/ECMP1120736/html/event/destination/modify.html

0 Karma

sdaniels
Splunk Employee
Splunk Employee

There is a documentation tab on the App website. If you run into issues after following those steps feel free to post a question.

http://apps.splunk.com/app/1293

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...