All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a Splunk app for Proxmox to troubleshoot Proxmox ?

john_q
Explorer
‎08-24-2017 05:35 AM

We have a Proxmox virtual environment and there are some server instances in that Proxmox.
I want to know server instance information whether it is on or off in that Proxmox through logs.

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎08-25-2017 05:31 AM

There is no app that I can find for proxmox, nor do there seem to be apps for any of the underlying technologies (QEMU, KVM, or LXC).

Of course that doesn't mean you can't create your own. Some of the surrounding logs and material may be already done for you - for instance the Splunk Add-on and App for Unix and Linux (that's two separate things) may collect all the system-level stuff you'd need from the host. As a start, I'd get that set up.

Depending on the complexity of what you are after, doing the rest may not be real hard. Using QEMU as an example, the basic steps would likely be
a) Create an index for your specific data, perhaps called "qemu"
b) Find the location of log files that could be useful - the Fedora Project's "How to debug Virtualization problems" page may be a good start.
c) Test inputting those logs into your index. This will take some trial and error, depending on how the logs are formatted and written.
d) Build any extractions or knowledge objects you need.
e) Finally, create alerts, reports and dashboards.

There is work involved, but you might find it's rather minimal - often times for these reasonably simple use cases, it's easy enough to start out with basic logs and search for, oh, "ERROR" and things in them.

Anyway, happy Splunking!
-Rich

0 Karma
Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...