All Apps and Add-ons

Is it possible to collect events from multiple SolarWinds Servers simultaneously with SolarWinds Add-on?

showipint
Explorer

I am currently running plunk in an environment with multiple Solarwinds servers and would like to Splunk to be the centralized area for all Solarwinds alerts.

1 Solution

alexeyglukhov
Path Finder

Hi showipint,

I faced the same problem (we have several separated instances of SolarWinds) and, if it helps, what I used was a powershell script (SWIS solution: https://github.com/solarwinds/OrionSDK/wiki), which extracts needed data from all needed SW nodes via API and puts into csv file and then using classic Splunk approach we ingest that csv.

I can share the script if you want.

I hope in the future releases of the add-on this functionality will be added.

Alexey

View solution in original post

0 Karma

_joe
Communicator

I appreciate @alexeyglukhov's answer, but I was wondering if anyone else had found a Linux solution to this problem? An update to this app was just pushed a month ago and it still does not seem to support multiple SolarWinds servers.

I've been playing with the possibility of renaming the app and doing Linux SED character pattern replacement to find and correct all the places the configuration/python files have app name dependencies but I haven't had much luck getting the main query to run. I was wondering if anyone was able to accomplish this?

0 Karma

alexeyglukhov
Path Finder

Hi showipint,

I faced the same problem (we have several separated instances of SolarWinds) and, if it helps, what I used was a powershell script (SWIS solution: https://github.com/solarwinds/OrionSDK/wiki), which extracts needed data from all needed SW nodes via API and puts into csv file and then using classic Splunk approach we ingest that csv.

I can share the script if you want.

I hope in the future releases of the add-on this functionality will be added.

Alexey

0 Karma

showipint
Explorer

Hello Alexey,

Thank you for your feedback...Yes, I would very much love for you too share your script with me...I was so excited when i found this add-on and then to be disappointed that it could only connect to one instance. I really hope there is plan to include this in the next released.

0 Karma

alexeyglukhov
Path Finder

Sure !

So, firstly install needed powershell packages (as mentioned on SWIS wiki page: SWIS solution)

And if you choose to have the user's password secured use:

"your_password_here" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | set-content "G:\SWSplunkIntegration\SWPassword_encrypted.txt"

Then that password will be used in the script below:

Import-Module SwisPowerShell

#SolarWinds host names
$hostnames = "your_SW_hostname_here","your_another_SW_hostname_here"

#credentials
$username = "your_username"

#encrypted password is being read from the file
$password = Get-Content "G:\SWSplunkIntegration\SWPassword_encrypted.txt" | ConvertTo-SecureString
$creds = New-Object System.Management.Automation.PsCredential($username,$password)

# remove existing output file before extracting the latest data
Remove-Item -“path G:\SWSplunkIntegration\* -Filter *devices*

# connect to each SolarWinds host and pull the data and output to csv file for further ingestion by Splunk
ForEach ($hostname in $hostnames) 
{
$swis = Connect-Swis -Credential $creds -host $hostname
Get-SwisData $swis 'SELECT NodeName, IPAddress, Description, Status, StatusDescription, CPULoad, PercentMemoryUsed, PercentMemoryAvailable, TotalMemory FROM Orion.Nodes' | Export-Csv "NetworkDevicesSolarWinds_$(get-date -f yyyyMMdd).csv" -Append -force -notypeinformation

Regarding list of fields you will be extracting - play with SWQL a bit to decide which ones you need, in my case I just needed those in the script:

SELECT NodeName, IPAddress, Description, Status, StatusDescription, CPULoad, PercentMemoryUsed, PercentMemoryAvailable, TotalMemory FROM Orion.Nodes
0 Karma

showipint
Explorer

Hi Alexey,

Thanks for sharing... I'll play around with it to see how best it can work for me.

0 Karma

alexeyglukhov
Path Finder
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...