All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to install and configure SCOM - System Center Operation Manager integration?

tmarlette
Motivator
‎05-19-2015 03:30 PM

I am attempting to install the SCOM app using a univeral forwarder on the SCOM box, and so far this is what I have done.

This is what I have
1. SCOM server has a UF on it
a. powershell add on installed by DS
b. Scom add-on installed by DS
c. Has .NET 3.5 and Powershell 2
2. Search Head doesn't see any data
a. powershell add on installed through UI
b. Scom add-on installed by through UI

My Problem:
No SCOM data hit's the index though the UF is currently configured to send data directly to the indexers. We ARE receiving data for OS level metrics but not SCOM which is what we are trying to install. Also, when I'm running the Powershell scripts manually, I get errors. I am including them

Here are the errors I am getting when I attempt to run the commands as admin in Powershell:
alt text

Question1:
How do I get the UF on the SCOM machine to send data to the Indexing tier?

Other Comments / Questions:
On a heavy forwarder, I have installed all of the components for SCOM (powershell / scom add-ons) as well as configured them, however I don't see anyplace for me to set my 'SCOM server' within settings / configurations for the app to pull the data from.. Linux obviously won't run powershell by default, so I was also curious about how this actually works?

  1. Does the Heavy forwarder collect data from the SCOM?
  2. Does the Heavy Forwarder just transform the data before it hits the indexers and scripts are still ran locally on the SCOM machine? a. If that's true will I need to change my outputs.conf for the SCOM machine for ALL data types, and start sending data to the HF instead of the indexing tier?

Here are the errors I am getting when I attempt to run the commands as admin in Powershell:

Preview file
1 KB
Reply
1 Solution
Solved! Jump to solution
Solution

tmarlette
Motivator
‎11-19-2015 08:16 AM

Yes. The Powershell script itself that was written by Splunk has a variable in it that is not set properly. We had to adjust the poweshell script to account for this, and then it works fine.

it's been awhile but if I remember right, it has a hard time with the way it handles the different objects / categories written within the .conf file. That Variable within the powershell script is the one that causes the issue.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

sshres5
Communicator
‎08-16-2016 11:11 AM

I deployed it to one of the SCOM servers with UF. I configured the inputs.conf and getting
[ERROR] The remote server returned an error: (404) Not Found.
at getSplunkServerVersion, C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_microsoft-scom\bin\scom_command_loader.ps1: line 651
on ta_scom.log ..

Also based on the documentation, add-on needs to be installed on search head too, and needs to be on windows. Is your search head on Windows? Is it possible to use it on UNIX search head?

I am wondering if anyone has just used powershell to get alerts, events and used it part of a regular TA.

0 Karma
Reply
Solved! Jump to solution

tmarlette
Motivator
‎08-19-2016 08:25 AM

My search head is Linux, and that works just fine. The add-on needs to be on the search head to parse the data, but it has nothing to do with the powershell function of this. You can actually deploy to your search head and delete the inputs.conf on your search head in the app as it's unnecessary.

as a suggestion to resolve:
1. try running the powershell script with the parameters in the .conf file manually via powershell on the machine.

if it works, it's not the script, it's permissions or something else. If it doesn't, then the script could be busted.

0 Karma
Reply
Solved! Jump to solution
Solution

tmarlette
Motivator
‎11-19-2015 08:16 AM

Yes. The Powershell script itself that was written by Splunk has a variable in it that is not set properly. We had to adjust the poweshell script to account for this, and then it works fine.

it's been awhile but if I remember right, it has a hard time with the way it handles the different objects / categories written within the .conf file. That Variable within the powershell script is the one that causes the issue.

0 Karma
Reply
Solved! Jump to solution

agupta2607
New Member
‎02-20-2020 02:47 AM

Hi, Can you please provide some information regarding the changes you did to get the logs in splunk.

We have already UF installed on the SCOM server.

Thanks
Ajay

0 Karma
Reply
Solved! Jump to solution

cpetterborg
SplunkTrust
SplunkTrust
‎11-18-2015 03:32 PM

Have you ever figured this out? I have almost the same problem. Our SE says that it is a known problem and he is trying to find the solution to this problem, but if you have the answer, so much the better. If I find an answer, I'll be sure we get it documented here.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...