All Apps and Add-ons

Looking for Splunk App for NetApp ONTAP version 1

redc
Builder

We currently have ONTAP version 7.3.6. Upgrading is not trivial at this time. But we would really, REALLY love to have this app! I noticed that version 2.x is only compatible with ONTAP 8.x and up, and I was hoping that maybe 1.x would be compatible with ONTAP 7.x.

So, three questions:

  1. Is the Splunk App for ONTAP version 1.x compatible with ONTAP 7.x?
  2. Is version 1.x compatible with Splunk 6?
  3. If the answer to both #1 and #2 is "yes," is version 1.x still obtainable and where would I find it? (I was only able to find version 2.x on the app page here.)

halr9000
Motivator

As the author of v1 (but not subsequent versions), trust me when I say you probably don't want to bother with v1. 🙂

The answers are:

  1. Yes
  2. Not without some review. Maybe.
  3. I'd really rather not, but keep reading.

If you have a lab system to test, I suggest trying the current version against your controllers as they are. I don't recall if we do an explicit version check. If not--then I would expect there is a good chance that most or all things would just work. (We do support 7-mode filers, but not 7.x firmware versions.) If we do a hard version check, which you would find out during install at some point, let me know personally (direct message through here is fine). That could be a quick hack to change the version string. It would be totally unsupported, of course. Then you at least know what's possible, and perhaps that would factor in your upgrade plans. Who knows?

Based on the above, then we can talk about v1. As an initial version, it's unpolished and has few features. But more importantly, it would be even harder to support, because version 1 shares nothing code-wise with versions 2 onward. And there are exactly three people on the planet that have mucked with that code, and you don't want to wait on us to dig up the bones to troubleshoot an issue. OTOH, it was released as open source, so legally, there's no barrier.

redc
Builder

Okay, so I just installed v2...so far, reasonably good.

The problem I'm currently running into has to do with the assignment of credentials on our NetApp. There are seven "groups" available that we can assign a user to: Administrators, Backup Operators, Compliance Administrators, Guests, Power Users, Replicators, and Users. (Apparently, we can't create our own custom groups.)

When we assign the user to the "Users" group, the "Connection Validation" section says "Valid," but the "Credential Validation" section says "Invalid." Using the "Administrators" group, both sections say "Valid." All of the other groups say "Invalid" for both sections.

For obvious security reasons, we don't want to put the user in the "Administrators" group.

Any troubleshooting tips?

P.S. Just to see if this was going to work with version 7.3.6, I went ahead and used the "Administrators" group and fired up the scheduler. I'm getting lots of perf data, but none of the other reports or dashboards seem to be getting data at this point. Only been running for about 7 minutes right now, though, so I'll give it a little more time before passing judgement. 🙂

0 Karma

halr9000
Motivator

It's certainly possible that you won't get 100% of the data, even after resolving any permissions issues. I was thinking to mention that, but as I really didn't know without looking deeply at the code, I figured you would find out either way.

As far as permissions goes, here is a list of the capabilities required by the user account: http://docs.splunk.com/Documentation/NetApp/2.0.2/DeployNetapp/Otherdeploymentconsiderations#Create_...

0 Karma

redc
Builder

Alright, finally getting back to this (went to Splunk Live! yesterday, so...was a wee bit distracted).

None of the other data sources seem to be populating. 😞

Found "No results returned handler=" for icmp, ip, tcp, and udp in the hydra_worker_ta_ontap_collection_worker_beta.log and the hydra_worker_ta_ontap_collection_worker_gamma.log.

I have the following sourcetypes in the raw data:

  1. ontap:lun
  2. ontap:nfsexports
  3. ontap:options
  4. ontap:perf
  5. ontap:system
  6. ontap:vfiler

Only the "lun" and "nfsexports" seem to have anything that is recognizable as a volume name (although it's not labeled as a volume name, it's "path" or "pathname", respectively).

The dashboards all have text inputs for things like "LUN Name" and "Volume Name" (which none of this data seems to have), so I'm not entirely certain what's supposed to go in those. When I take a guess at what they're supposed to have, I get "no results" for everything.

I haven't literally checked every single report in the Reports tab, but all the ones I've checked so far come back with no results.

0 Karma

halr9000
Motivator

Ok, then I was wrong about the expected level of compatibility with older versions. Sorry about that. It is possible that you could make some use of the data that it has gathered, but obviously not the dashboards. For example, options should have a lot of configuration detail, and perf should have some stats in it. Correlating to recognizable ONTAP objects might be a challenge.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...