All Apps and Add-ons

Is it possible to get NetApp logs to the Splunk App for NetApp Data ONTAP on Splunk Enterprise in a Windows environment?

faizancool85
Path Finder

Hello Guys,

I am going to do a PoC with some use-cases of NetApp and Exchange.

The thing I want to achieve is to deploy both apps on the same OS platform, but the problem I am facing is both apps require different OS platforms of Splunk Enterprise.

The Netapp deployment guide says, Splunk app for NetApp Data ONTAP can be deployed on the Linux platform of Splunk Enterprise.
FYI : http://docs.splunk.com/Documentation/NetApp/2.1.0/DeployNetapp/Platformandhardwarerequirements

The Exchange deployment guide says, Splunk app for Excahnge can be deployed on the Windows Platform of Splunk Enterprise.
FYI : http://docs.splunk.com/Documentation/MSExchange/3.1.3/DeployMSX/Platformandhardwarerequirements

I am fearing that the client will not allow us to have two Search heads.

How can we achieve this? Is there any possible way to get NetApp logs to a Windows Environment of Splunk Enterprise?

Guys please help me out to figure of some solution. Thanks in Advance.

0 Karma
1 Solution

trapti_splunk
Splunk Employee
Splunk Employee

We do not recommend this but however you can try out.

Follow the below steps:

  • Unzip the "splunk-app-for-netapp-data-ontap_xxx".

  • Manually drop the 4 folders, "splunk_app_netapp" , "Splunk_TA_ontap" , "SA-Utils" and "SA-Hydra" in your /opt/splunk/etc/apps on the windows machine (where you need ONTAP data).
    NOTE: Do not configure the app. Just keep the folders in apps directory.

  • Forward your indexed ONTAP data from Linux machine to the windows machine. (forwarding and receiving > configure forwarding > Add NEW > :9997 and save)

  • Configure receiving on port 9997 on your windows machine. (Forwarding and Receiving > Configure receiving > Add port "9997")

  • Restart Splunk.

Check under INDEXES, you should get the ONTAP data on windows server.

View solution in original post

0 Karma

joerg_vonderohe
New Member

The Splunk App is fully supported on Linux:
You can also install the app on a Splunk Enterprise instance that runs on other 64-bit operating systems such as Linux. In this scenario, the app displays Windows data coming from external Windows sources.

We use this scenario for years..

0 Karma

trapti_splunk
Splunk Employee
Splunk Employee

We do not recommend this but however you can try out.

Follow the below steps:

  • Unzip the "splunk-app-for-netapp-data-ontap_xxx".

  • Manually drop the 4 folders, "splunk_app_netapp" , "Splunk_TA_ontap" , "SA-Utils" and "SA-Hydra" in your /opt/splunk/etc/apps on the windows machine (where you need ONTAP data).
    NOTE: Do not configure the app. Just keep the folders in apps directory.

  • Forward your indexed ONTAP data from Linux machine to the windows machine. (forwarding and receiving > configure forwarding > Add NEW > :9997 and save)

  • Configure receiving on port 9997 on your windows machine. (Forwarding and Receiving > Configure receiving > Add port "9997")

  • Restart Splunk.

Check under INDEXES, you should get the ONTAP data on windows server.

0 Karma

faizancool85
Path Finder

Thank you for your quick reply !

Is that possible to forward directly to windows machine from NetApp?

0 Karma

Masa
Splunk Employee
Splunk Employee

Sorry but, please keep in mind that for Splunk app for NetApp is not supported on Windows platform. So, trapi's suggestion is that "you can try out". If it does not work, it does not work.

faizancool85
Path Finder

Guys just one quick suggestion,
if someone wants to install netapp and install MS exchange app ? How will it work?

0 Karma

trapti_splunk
Splunk Employee
Splunk Employee

Both the applications will not work on single SH.

You can try the above steps of forwarding your indexed ONTAP data to your windows machine (where you have MS Exchange app) and it should work.

This works for me in my test environment.

0 Karma

Masa
Splunk Employee
Splunk Employee

I'm not MS exchange app expert. But, I believe MS exchange app SH can be linux machine. Am I misunderstadning?

Quick installation of Splunk app for NetApp on Windows environment may work without error. However, if it does not work for such as missing data or lookup table failed to populate etc, that's what we might get stuck.

Again, quick test will work in most cases. But at the same time, the app on Windows is not test in QA and not certified as supported platform. We also do not know any scalability issue.

So, if you want to test it and if it worked. That's great. I'll be happy to hear that.

0 Karma

faizancool85
Path Finder

got it Masa !
So we have to go for 2 search heads.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...