All Apps and Add-ons

SolarWinds Add-on for Splunk: Help with installation

cboillot
Contributor

I am unable to get this to work. Who else has gotten this to work and what was the trick?

0 Karma

aromanauskas
Path Finder

I could be wrong but I believe that this search should have been:

index="_internal" error solarwinds

0 Karma

ehaddad_splunk
Splunk Employee
Splunk Employee

what error do you get when you run
index=internal error solarwinds

0 Karma

cboillot
Contributor

No results found.

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey@ @cboillot, Can you describe some of the steps you already took to try to install this add-on, or if you're getting any error messages, etc.?

0 Karma

ehaddad_splunk
Splunk Employee
Splunk Employee

index=_internal error solarwinds
what error do you get you type this?

0 Karma

cboillot
Contributor

This is from this morning:

2017-09-11 17:46:56,344 +0000
log_level=ERROR, pid=2236,
tid=Thread-4, file=engine.py,
func_name=_send_request,
code_line_no=325 |
[stanza_name="Alerts"] The response
status=403 for request which
url=https://sdnetmon01.ads.state.mo.us:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Ev...
00:00:00.00' and method=GET.

0 Karma

cboillot
Contributor

there is what stands out:

09-07-2017 15:00:51.682 -0500 WARN
HttpListener - Socket error from
127.0.0.1 while accessing /servicesNS/nobody/Splunk_TA_SolarWinds/Splunk_TA_SolarWinds_settings/logging:
Winsock error 10054

and

2017-09-07 19:25:11,006 +0000
log_level=ERROR, pid=3540,
tid=Thread-4, file=engine.py,
func_name=_send_request,
code_line_no=302 |
[stanza_name="NodeInventory"]
HTTPError reason=HTTP Error Unable to
find the server at http when sending
request to
url=https://http://oriontest.state.mo.us:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT
NodeID, ObjectSubType, IPAddress,
IPAddressType, DynamicIP, Caption,
NodeDescription, Description, DNS,
SysName, Vendor, SysObjectID,
Location, Contact, VendorIcon, Icon,
Status, StatusLED, StatusDescription,
CustomStatus, IOSImage, IOSVersion,
GroupStatus, StatusIcon, lastBoot,
SystemUpTime, ResponseTime,
PercentLoss, AvgResponseTime,
MinResponseTime, MaxResponseTime,
CPULoad, MemoryUsed, MemoryAvailable,
PercentMemoryUsed,
PercentMemoryAvailable, LastSync,
LastSystemUpTimePollUtc, IsServer,
Severity, UiSeverity, ChildStatus,
Allow64BitCounters, AgentPort,
TotalMemory, CMTS,
CustomPollerLastStatisticsPollSuccess,
SNMPVersion, PollInterval, EngineId,
RediscoveryInterval, NextPoll,
NextRediscovery, StatCollection,
External, Community, RWCommunity, IP,
IP_Address, IPAddressGUID, NodeName,
BlockUntil, OrionIdPrefix,
OrionIdColumn, SkippedPollingCycles,
MinutesSinceLastSync, EntityType,
DetailsUrl, DisplayName, Category,
IsOrionServer, UnManaged,
UnManageFrom, UnManageUntil, Image,
StatusIconHint FROM Orion.Nodes
method=GET

Since we do not have HTTPS configured property on the test server yet, I pointed to our production environment. after that last message. Nothing from today.

0 Karma

cboillot
Contributor

I did everything under Installation & Configuration with the exception of configuring a proxy, as we don't use one. I have the FQDN for our primary poller as the SolwarWinds Server. I just don't see any data.

I am not seeing any error messages. Maybe I am looking in the wrong place?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...