All Apps and Add-ons

TA-prtg: How do I add the PAI on the prtg to the prtg.conf file?

heybails88
Path Finder

Hello,

Using https://splunkbase.splunk.com/app/3282/ TA-prtg, I'm specifically trying to get the API to work in Splunk. I have all of our index servers loaded with the app. I have a user built on both sides, and I have the prtg.conf file configured with port 443 as well. I think it needs to specifically gather from the "live data" API on PRTG? Maybe not. But what do I add from the api on prtg to the prtg.conf file (or maybe the searchbnf.conf file?) to make that connection? Any help would be appreciated.

Thanks!

0 Karma

NimaBokhar
Path Finder

hey how are you i have the same issue
this is my prtg.conf

[default]
server=10.4.1.15
protocol=HTTPS
user=USERNAME
password=CLEARTEXTPASS

but i don't get any data in my splunk dashboard.
also, i use windows as my splunk server so i don't have /local so what should i do about that

0 Karma

dominiquevocat
Motivator

Local is just a folder under the app. What version of PRTG do you use? I might have to upgrade the implementation...

0 Karma

NimaBokhar
Path Finder

version 7.1.0 Build 2e75b3406c5b
also after changing the config, i get this error on the app

Error in 'prtglivedata' command: External search command exited unexpectedly with non-zero error code 1.

0 Karma

dominiquevocat
Motivator

PRTG 7.1.0 ?

also when you have a panel that gives an error you can inspect the job and get the search log.

0 Karma

NimaBokhar
Path Finder

yeah sorry
Prtg version : 17.3.33.2753

0 Karma

dominiquevocat
Motivator

ok, i need to check if i can get access to a PRTG, preferably that version... It is in english, right?
Also i really need the search log of the job. you can email it to me.

0 Karma

NimaBokhar
Path Finder

yes sure man, but I don't know what do you mean by search log of the job

0 Karma

dominiquevocat
Motivator

Hi, i was on vacation so sorry for the delay.
Please contact me via email so i can detail it some more for you.
The search log you can open by hovering over a dashboard panel and in the lower right corner there should pop up a few icons, one allows yo to run the search in a new window and looks like a magnifying glass and one looks looks like a lower case i this will open the search info windows and there on top is a link to the search log. I would need the logfile.

Please make sure you have a copy of prtg.conf in the app folder in an underfolder called local and have the parameters like hostname, user and password in that file all else won't work.

0 Karma

dominiquevocat
Motivator

Hi, sorry for the delay i was on vacation...

the prtg.conf needs to be in the local folder and contain these items:

[default]
server=[dns.name|192.168.0.2]
protocol=[HTTP|HTTPS]
user=USERNAME
password=ThisIsAClearTextPasswordForNow

It will then collect the historicdata endpoint of prtg true.

If nothing is specified it will use the [default] stanza else use server=stanzaname to specify which section to use

does this help?

0 Karma

heybails88
Path Finder

Ok, I have all that (it was in the prtg.conf.example). Thanks. However, what do you mean by this?

"It will then collect the historicdata endpoint of prtg true."

I see a json, xml, and csv link in the prtg.api under "Historic Data"

How do I connect TA-prtg? I'm still not seeing any data. Do I post, say, an xml link in the prtg.conf file? Such as:

-bash-4.2$ cat prtg.conf.example
[default]
server=[dns.name|192.168.0.2]
protocol=[HTTP|HTTPS]
user=USERNAME
password=ThisIsAClearTextPasswordForNow
/api/historicdata.xml?id=objectid&avg=0&sdate=2017-01-20-00-00-00&edate=2017-01-21-00-00-00

From the PRTG-api

API Calls for Historic Data

The API calls for historic data tables look like this:

"Historic data in XML format:
/api/historicdata.xml?id=objectid&avg=0&sdate=2017-01-20-00-00-00&edate=2017-01-21-00-00-00
Historic data in CSV format:
/api/historicdata.csv?id=objectid&avg=0&sdate=2017-01-20-00-00-00&edate=2017-01-21-00-00-00
Historic data in JSON format:
/api/historicdata.json?id=objectid&avg=0&sdate=2017-01-20-00-00-00&edate=2017-01-21-00-00-00&usecaption=1
The first URL will give you the data in XML format, the second URL will respond with CSV data, the third URL will return JSON. You must supply the object ID of a sensor as well as a start date/time "sdate" and end date/time "edate". If you use the JSON call, additionally provide the parameter usecaption=1 to get more information than just the raw data table."

0 Karma

dominiquevocat
Motivator

um, as per the description that is apparently lacking...

"
TA-prtg

Custom commands to use the PRTG Webapi from Splunk. Includes a dashboard with an overview of your PRTG Data illustrating the usage and/or directly useful to you i guess.

Config is in prtg.conf in \local only!

Currently implemented:

| prtgws api="table" columns="objid,type,group,device,sensor,status,message,lastvalue,priority,favorite" gets you the inventory

| prtglivedata content="status" | fields Alarms gets you the alarms, generally content="" equals to the api call on prtg http api.

| prtglivedata content="sensors" filter_status=5 count=100 | table _time,device,group,message,sensor,status,objid gets you the sensors marked as DOWN (filter_type=5)

| prtglivedata content=sensordetails id=2071 | fields - _raw,_time,source,sourcetype ,host |transpose | rename column AS Key | rename "row 1" AS Value gets you the sensordetails for sensor 2071

| prtghistoricdata id=2071 count=1 | fields - _raw,_time,*(RAW),source,sourcetype,host | transpose | rename column AS Key | rename "row 1" AS Value will give you the current measurement for sensor 2071

| prtghistoricdata id=2071 | timechart max("Traffic Total (speed)(RAW)") will get you the sensordata from the timerange of the search for the sensor 2071 and chart the series "Traffic Total (speed)(RAW)" (we use a SNMP traffic sensor for this example.

Config is in prtg.conf in \local only!"

You can use your credentials in prtg.conf to run any of these commands in search on a searchhead to get data. There is a dashboard showing some usage.

Nowhere does it say to install it on an indexer and nowhere does it say that it is a scripted input...

It could be made though. Actually it might be a good case to implement it as a virtual index allowing for regular searching but not sure if i get around to it. I made the current implementation as a preparation for a monitoring project so that we could use metrics already in PRTG to use it in ITSI but we never went for ITSI so we do not use it at all i think.

0 Karma

heybails88
Path Finder

Sorry for all the questions...I'm a splunk newbie when it comes to configuring apps. Here's my prtg.conf (minus the IP and the PASS), in the local directory.

-bash-4.2$ cat prtg.conf
[default]
server=
protocol=[HTTP|HTTPS]
user=prtgadmin
password=

Inventory

| prtgws api="table" columns="objid,type,group,device,sensor,status,message,lastvalue,priority,favorite"

api call on prtg http api

| prtglivedata content="status" | fields Alarms content=""

Down sensors

| prtglivedata content="sensors" filter_status=5 count=100 | table _time,device,group,message,sensor,status,objid

Sensor details for 2071

| prtglivedata content=sensordetails id=2071 | fields - _raw,_time,source,sourcetype ,host |transpose | rename column AS Key | rename "row 1" AS Value

Current measurement for sensor 2071

| prtghistoricdata id=2071 count=1 | fields - _raw,_time,*(RAW),source,sourcetype,host | transpose | rename column AS Key | rename "row 1" AS Value

Sensordata from the timerange of the search and chart the series

| prtghistoricdata id=2071 | timechart max("Traffic Total (speed)(RAW)")

0 Karma

dominiquevocat
Motivator

duno, you guys use https? then only have https as protocol 🙂

example:

[default]
server=prtg.xxx
user=prtgxxx
password=prtgxxx
protocol=http

i slightly anonymize it

anyway it should all look like this when it works: https://www.youtube.com/watch?v=_vOb6UFX6hU

0 Karma

heybails88
Path Finder

do you know how to debug my setup? It would seem that Splunk is connecting, but I get no data. There is nothing in the prtg.log on the splunk side, nor do I see any errors in any of the logs related to prtg. Just no data!

0 Karma

dominiquevocat
Motivator

um, mail me curious.sle@gmail.com i guess i can include some debuging output for you

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...