SolarWinds Add-on for Splunk: Help with installati...

cboillot · ‎09-08-2017

I am unable to get this to work. Who else has gotten this to work and what was the trick?

aromanauskas · ‎10-02-2017

I could be wrong but I believe that this search should have been:

index="_internal" error solarwinds

ehaddad_splunk · ‎09-08-2017

what error do you get when you run
index=internal error solarwinds

cboillot · ‎09-11-2017

No results found.

lfedak_splunk · ‎09-08-2017

Hey@ @cboillot, Can you describe some of the steps you already took to try to install this add-on, or if you're getting any error messages, etc.?

ehaddad_splunk · ‎09-08-2017

index=_internal error solarwinds
what error do you get you type this?

cboillot · ‎09-11-2017

This is from this morning:

2017-09-11 17:46:56,344 +0000
log_level=ERROR, pid=2236,
tid=Thread-4, file=engine.py,
func_name=_send_request,
code_line_no=325 |
[stanza_name="Alerts"] The response
status=403 for request which
url=https://sdnetmon01.ads.state.mo.us:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Ev...
00:00:00.00' and method=GET.

cboillot · ‎09-08-2017

there is what stands out:

09-07-2017 15:00:51.682 -0500 WARN
HttpListener - Socket error from
127.0.0.1 while accessing /servicesNS/nobody/Splunk_TA_SolarWinds/Splunk_TA_SolarWinds_settings/logging:
Winsock error 10054

and

2017-09-07 19:25:11,006 +0000
log_level=ERROR, pid=3540,
tid=Thread-4, file=engine.py,
func_name=_send_request,
code_line_no=302 |
[stanza_name="NodeInventory"]
HTTPError reason=HTTP Error Unable to
find the server at http when sending
request to
url=https://http://oriontest.state.mo.us:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT
NodeID, ObjectSubType, IPAddress,
IPAddressType, DynamicIP, Caption,
NodeDescription, Description, DNS,
SysName, Vendor, SysObjectID,
Location, Contact, VendorIcon, Icon,
Status, StatusLED, StatusDescription,
CustomStatus, IOSImage, IOSVersion,
GroupStatus, StatusIcon, lastBoot,
SystemUpTime, ResponseTime,
PercentLoss, AvgResponseTime,
MinResponseTime, MaxResponseTime,
CPULoad, MemoryUsed, MemoryAvailable,
PercentMemoryUsed,
PercentMemoryAvailable, LastSync,
LastSystemUpTimePollUtc, IsServer,
Severity, UiSeverity, ChildStatus,
Allow64BitCounters, AgentPort,
TotalMemory, CMTS,
CustomPollerLastStatisticsPollSuccess,
SNMPVersion, PollInterval, EngineId,
RediscoveryInterval, NextPoll,
NextRediscovery, StatCollection,
External, Community, RWCommunity, IP,
IP_Address, IPAddressGUID, NodeName,
BlockUntil, OrionIdPrefix,
OrionIdColumn, SkippedPollingCycles,
MinutesSinceLastSync, EntityType,
DetailsUrl, DisplayName, Category,
IsOrionServer, UnManaged,
UnManageFrom, UnManageUntil, Image,
StatusIconHint FROM Orion.Nodes
method=GET

Since we do not have HTTPS configured property on the test server yet, I pointed to our production environment. after that last message. Nothing from today.

cboillot · ‎09-08-2017

I did everything under Installation & Configuration with the exception of configuring a proxy, as we don't use one. I have the FQDN for our primary poller as the SolwarWinds Server. I just don't see any data.

I am not seeing any error messages. Maybe I am looking in the wrong place?

SolarWinds Add-on for Splunk: Help with installation

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation