- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: How to use Splunk for root cause analysis for ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Senario:
In day to day operation we face issues with applications like performance problem due to DB, application issues in most of the cases the short term solution is to restart the application or database. due restarting the db and application we lost log or trace information for the DB and SAP application, as the Trace files got over written after restart.
How can I use Splunk for storing the log trace files so that I use these for root cause and root condition analysis?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The short answer is you can't easily by default. SAP produces a vast array of logs and traces in all kinds of formats, which you can't parse out the box easily. The J2EE stack is the exception where you can find Log4J style logs, which you can parse without much hassle. However most of the action is on the ABAP side which is what you are after 😞 You have two options, write a SAP ABAP app to log the data out so Splunk can eat it or write a connector that deals with the SAP complexity and forwards events to Splunk in a sane format.
Our SAP collector is now availible http://telicthoughts.blogspot.com/2013/08/splunking-sap.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PowerConnect for SAP (https://splunkbase.splunk.com/app/3153/) can be utilized for what you're wanting. However, you'd have to purchase a license for the add-on that sits on the SAP server. Depending on where you're located you can either purchase a license and support through RHONDOS or the BNW directly.
Rhondos.com
http://www.powerconnect.io/contact-us/
YouTube video on how PowerConnect works: https://youtu.be/s-76bGvRMPE
Again, PowerConnect is the ONLY SAP-certified app that sits in the SAP ABAP layer and pushes data into Splunk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
... or you could build the SAP collector and get it to store SM21, SM50, SM04, ST03N and CCMS MTE values throughout the day and ingest them into Splunk via the RFC connector. Check out http://sapninja.com
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The short answer is you can't easily by default. SAP produces a vast array of logs and traces in all kinds of formats, which you can't parse out the box easily. The J2EE stack is the exception where you can find Log4J style logs, which you can parse without much hassle. However most of the action is on the ABAP side which is what you are after 😞 You have two options, write a SAP ABAP app to log the data out so Splunk can eat it or write a connector that deals with the SAP complexity and forwards events to Splunk in a sane format.
Our SAP collector is now availible http://telicthoughts.blogspot.com/2013/08/splunking-sap.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there any public documentation on SAP that one could use to write such an SAP ABAP app?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It may sound silly to say it this way, but you would use Splunk for SAP log files in the same way that you would use it for any other logfile. Splunk's primary requirement is that the log files be plain text.
The basic plan for any data you wish to index into splunk is roughly this:
- Install a Splunk Indexer somewhere
- Make the log files of interest available to the indexer (this may be done through the use of a forwarder)
- Tell Splunk to start reading the log files of interest.
- Use Splunk search to find what you are looking for
The crucial part about "plain text" is that Splunk does not understand application-specific proprietary file formats. As an example, Splunk could not produce any meaningful indexed data out of a directory full of .PDF files.
There are potentially some challenges with each type of log file - line/event breaking and timestamp recognition come to mind first.
But, none of these steps/issues are specific to SAP. You'll have some legwork to do in order to figure out how to configure Splunk to understand these SAP trace files. You might consider contacting Splunk sales and starting a proof-of-concept project. Splunk SEs have probably seen or dealt with SAP logfiles before, or have access to someone who has.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where are the trace log files created? Are they actual files on disk, and are they in a binary or ASCII format? (Sorry, my SAP knowledge is limited)
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
