All Apps and Add-ons

How to get NetApp logs into Splunk

blasighb
Engager

Installed Splunk within environment, and wanted to forward all NetApp logs into SPLUNK Indexer. Current set up is Splunk Search head and Indexer on same box, one syslog server that is being indexed. Would like a step by step to forward logs from NetApp to Splunk.

0 Karma

gertux
New Member

Hi i had an issue with the NetApp plugin, i've already configured and installed and also add the cluster mode array with the IP address and credentials validated. Also i run the Scheduler, but when i go to the "Proactive Monitoring" and then for example to the "Cluster View" i'm getting the following message "Search query is not fully resolved.", and nothing is displayed. Could someone help me out with this since i'd like to try Splunk to monitor our Filers from NetApp.

Thanks in advance,

Best regards to all

0 Karma

bboe
Splunk Employee
Splunk Employee

There could be a couple different causes to this issue. One is that the tsidx searches did not finish populating their indexes before the page was loaded. This issue will resolve itself over time.

First, it might be helpful to check that you're getting data. By default, data goes into index=ontap. If this index is empty, then there's a problem with your configuration. Check that your data collection node is configured as a forwarder and sending data to your indexer. If you're not seeing data in index=_internal from the data collection node host, then there's a connection problem that needs resolution.

If you're still seeing the same issues, check index=_internal sourcetype=splunk_ta_ontap_api* OR sourcetype=hydra* ERROR for any errors during collection.

hitesh_kanchan
Explorer

I am facing a similar issue where I am not able to see any data. Just wanted to confirm on the settings that I did.

I have a Splunk server which is configured as a SearchHead and Indexer. Installed the Netapp App on that.
On this server, I added a OntapServer by clicking on the "Add Ontap Collection" button. Is that fine.

I have not setup any Data Collection Node. Is it mandatory to set up one?

I don't see anything in index=_internal host=someHost.

0 Karma

sudovicic_splun
Splunk Employee
Splunk Employee

For details on how to get logs, performance and configuration data from NetApp ONTAP environment, please refer to Splunk App for NetApp Data ONTAP docs:

http://docs.splunk.com/Documentation/NetApp/2.0/DeployNetapp/Configuredatacollection

0 Karma

halr9000
Motivator

What @sdaniels said, but if the only thing you are interested in are the actual system logs (and not performance or configuration data, which the app provides in addition), then you can certainly do syslog forwarding. On NetApp 7-mode, it works exactly like any unix, i.e. 'man syslogd.conf'. Here's a blog post with some instructions: http://networkadminkb.com/KB/a455/how-to-configure-a-netapp-fas-to-forward-syslog-messages.aspx

Cluster-mode is different. You would use the 'event' command while logged into a command shell. ONTAP 8.1 reference guide link [may require login to view]: https://library.netapp.com/ecmdocs/ECMP1120736/html/event/destination/modify.html

0 Karma

sdaniels
Splunk Employee
Splunk Employee

There is a documentation tab on the App website. If you run into issues after following those steps feel free to post a question.

http://apps.splunk.com/app/1293

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...