- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk App for NetApp Ontap issues
So, I cannot get ANY data from the NetApp simulator (8.2 7-Mode). I am using VMware workstation as a proof of concept.....
Caveats - 1 I am NOT a Linux guru. 2. I am new to Splunk. 3. I like to follow the KISS (Keep it Simple Stupid) principal. Ultimate goal is to make an OVA for quick deployment of Splunk to multiple environments with possibly a script to set IP's and configure everything to work.
Here are the configs:
syslog.conf (on NetApp)
Set the alert level for the console
*.err /dev/console
Set the alert level for the local messages file
*.info /etc/messages
Set the alert level for the syslog server
*.info @192.168.216.150
input.conf
The below stanzas are examples only, and should be customized to suit your
environment.
[monitor:///opt/netapp_logs/192.168.216.30/etc/log]
disabled = false
followTail = 0
host_segment = 3
index = netapp
blacklist = (stats)|(/mlog/.last_rotate)|(/log/autosupport)
[script://$SPLUNK_HOME/etc/apps/Splunk_TA_ONTAP7/bin/SNap.py -h 01]
disabled = 0
interval = 500
sourcetype = netapp:internal
index = netapp
input.conf (alternate try /netapp is in the root of the server)
The below stanzas are examples only, and should be customized to suit your
environment.
[monitor:///netapp/192.168.216.30/etc/log]
disabled = false
followTail = 0
host_segment = 3
index = netapp
blacklist = (stats)|(/mlog/.last_rotate)|(/log/autosupport)
[script://$SPLUNK_HOME/etc/apps/Splunk_TA_ONTAP7/bin/SNap.py -h 01]
disabled = 0
interval = 500
sourcetype = netapp:internal
index = netapp
snap_hosts.csv
SNAP_HOSTS
This configuration file is used to tell SNAP.PY from which filers to collect API data.
HEADER:
filer (hostname or IP), NetApp user, password
See README for information on required permissions for API access to NetApp filers.
192.168.216.30, root, netapp123
I have an NFS share mounted to the /netapp folder on the root of the Red Hat box.
I created the user accounts per the documentation (tried it twice and got the error that the accounts already exist - so that is all correct)
I just tried again and keep getting this:
This search has completed, but did not match any events. The terms specified in the highlighted portion of the search:
search index=netapp
over the time range:
(earliest indexed event) – (latest indexed event)
did not return any data. Possible solutions are to:
* relax the primary search criteria
* widen the time range of the search
* check that the default search indexes for your account include the desired indexes
The following messages were returned by the search subsystem:
* DEBUG: base lispy: [ AND index::netapp ]
* DEBUG: search context: user="admin", app="SplunkAppForNetAppONTAP", bs-pathname="/opt/splunk/etc"
SO, what am I doing wrong or missing?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay. Figured out part of it - EBSAK as I missed this: For a single server deployment, copy all three apps: SplunkAppForNetAppONTAP, Splunk_TA_ONTAP7, Splunk_SA_ONTAP_KB, to $SPLUNK_HOME/etc/apps on your Splunk server and continue to Step 4. - I parsed it wrong.
Still not getting information to the Summary page, but for now it is working better than before. Like I said, Newbie 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wow nothing? No comments at all? Not even by a Splunk person?
Guess I won't be touting Splunk to gather NetApp information.
