- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Is it possible to collect events from multiple Sol...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am currently running plunk in an environment with multiple Solarwinds servers and would like to Splunk to be the centralized area for all Solarwinds alerts.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi showipint,
I faced the same problem (we have several separated instances of SolarWinds) and, if it helps, what I used was a powershell script (SWIS solution: https://github.com/solarwinds/OrionSDK/wiki), which extracts needed data from all needed SW nodes via API and puts into csv file and then using classic Splunk approach we ingest that csv.
I can share the script if you want.
I hope in the future releases of the add-on this functionality will be added.
Alexey
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I appreciate @alexeyglukhov's answer, but I was wondering if anyone else had found a Linux solution to this problem? An update to this app was just pushed a month ago and it still does not seem to support multiple SolarWinds servers.
I've been playing with the possibility of renaming the app and doing Linux SED character pattern replacement to find and correct all the places the configuration/python files have app name dependencies but I haven't had much luck getting the main query to run. I was wondering if anyone was able to accomplish this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi showipint,
I faced the same problem (we have several separated instances of SolarWinds) and, if it helps, what I used was a powershell script (SWIS solution: https://github.com/solarwinds/OrionSDK/wiki), which extracts needed data from all needed SW nodes via API and puts into csv file and then using classic Splunk approach we ingest that csv.
I can share the script if you want.
I hope in the future releases of the add-on this functionality will be added.
Alexey
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Alexey,
Thank you for your feedback...Yes, I would very much love for you too share your script with me...I was so excited when i found this add-on and then to be disappointed that it could only connect to one instance. I really hope there is plan to include this in the next released.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sure !
So, firstly install needed powershell packages (as mentioned on SWIS wiki page: SWIS solution)
And if you choose to have the user's password secured use:
"your_password_here" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | set-content "G:\SWSplunkIntegration\SWPassword_encrypted.txt"
Then that password will be used in the script below:
Import-Module SwisPowerShell
#SolarWinds host names
$hostnames = "your_SW_hostname_here","your_another_SW_hostname_here"
#credentials
$username = "your_username"
#encrypted password is being read from the file
$password = Get-Content "G:\SWSplunkIntegration\SWPassword_encrypted.txt" | ConvertTo-SecureString
$creds = New-Object System.Management.Automation.PsCredential($username,$password)
# remove existing output file before extracting the latest data
Remove-Item -“path G:\SWSplunkIntegration\* -Filter *devices*
# connect to each SolarWinds host and pull the data and output to csv file for further ingestion by Splunk
ForEach ($hostname in $hostnames)
{
$swis = Connect-Swis -Credential $creds -host $hostname
Get-SwisData $swis 'SELECT NodeName, IPAddress, Description, Status, StatusDescription, CPULoad, PercentMemoryUsed, PercentMemoryAvailable, TotalMemory FROM Orion.Nodes' | Export-Csv "NetworkDevicesSolarWinds_$(get-date -f yyyyMMdd).csv" -Append -force -notypeinformation
Regarding list of fields you will be extracting - play with SWQL a bit to decide which ones you need, in my case I just needed those in the script:
SELECT NodeName, IPAddress, Description, Status, StatusDescription, CPULoad, PercentMemoryUsed, PercentMemoryAvailable, TotalMemory FROM Orion.Nodes
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Alexey,
Thanks for sharing... I'll play around with it to see how best it can work for me.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One more thing in addition
discussion regarding Splunk App on SolarWinds forum
Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...
Monitoring Amazon Elastic Kubernetes Service (EKS)
Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation
