All Apps and Add-ons

How to set up EMC Isilon Add-on for Splunk Enterprise?

ithakur
Engager

When I tried to set up, the following error shows up:

Encountered the following error while trying to update: Error while posting to url=/servicesNS/nobody/TA_EMC-Isilon/isiloncustom/isilonendpoint/setupentity

mconty2
New Member

Also, the fact that you're on OneFS v7.x is also likely to be the explanation for why you're not seeing the Node Events info you mentioned. The event-related PAPI endpoints (https:.../3/event/eventlists...) that you see in local/inputs.conf don't exist in v7.x; they, too, appear in v8.x.

But if you don't mind changing ${SPLUNK_HOME}/etc/apps/TA_EMC-Isilon/local/inputs.conf even further, you might want to try editing the clause(s) that refer to "/3/event/eventlists" to be "/2/event/events/" instead. I can't guarantee that this'll solve your problem, but it's what I would try, if I were you and if I really wanted to see event data.

Again, good luck!

0 Karma

nhvardhan58
Explorer

Thank you for the answer, apologize for the delayed response. Since those Event were not necessary for creating the dashboard currently did not concentrate on this question which i posted.

Surely will try the above and let you know the result. which would be useful for our future dashboard.

0 Karma

mconty2
New Member

I suspect that your cluster is running version 7.x of OneFS, where neither of those PAPI endpoints are defined. They weren't added until v8.x. So, if you can't stand having those log entries appear, then edit ${SPLUNK_HOME}/etc/apps/TA_EMC-Isilon/local/inputs.conf and delete or comment-out each the [isilon://...] clauses that refer to those endpoints; there should be one clause per endpoint per cluster. Then, restart Splunk. At least, that's what I'd do if I really wanted to eliminate those log entries.

Of course, another way to get rid of those errors would be to upgrade your cluster to OneFS v8.x. But that's a slightly more complicated solution. 🙂

Good luck!
--Mark

0 Karma

nhvardhan58
Explorer

Hi mconty2

Thanks for the explanation, i had the same error.

I created a new index with name "isilon" and mapped it to EMC Isilon App for Splunk Enterprise" app, and it worked fine.

Now i have a different issue,

After launching the App, under Node Details we are able to see the data in all the section but not in Node Events and Event by Severity.
We are seeing the below error in the logs, any help would be great.

ERROR 14860 - EMC Isilon Error: HTTP Request error: 404 Client Error: Not Found for endpoint https://10.36.249.113:8080/platform/3/statistics/summary/system

ERROR 19376 - EMC Isilon Error: HTTP Request error: 404 Client Error: Not Found for endpoint https://10.59.43.100:8080/platform/3/network/interfaces

mconty2
New Member

First off, if you haven't by now, I would add this to TA_EMC-isilon/local/app.conf:

is_configured = 1

Several other folks have indicated that they had to do this to get the app to work correctly. But even after I did that, it continued to fail. I looked in /opt/splunk/var/log/isilon/emc_isilon.log, and found several occurrences of this error msg:

2018-02-07 09:40:46,904 ERROR 140461065750272 - EMC Isilon Error: index isilon does not exist

i looked under Settings > Indexes, and sure enough, there isn't one there. So, this app doesn't appear to create the necessary index.

I created the "isilon" index, flagged it as relating to the "EMC Isilon App for Splunk Enterprise" app, and bingo I was able to add an entry from the "Add any of the Cluster node credentials" page.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...