Archive
Highlighted

TA-prtg: How do I add the PAI on the prtg to the prtg.conf file?

Path Finder

Hello,

Using https://splunkbase.splunk.com/app/3282/ TA-prtg, I'm specifically trying to get the API to work in Splunk. I have all of our index servers loaded with the app. I have a user built on both sides, and I have the prtg.conf file configured with port 443 as well. I think it needs to specifically gather from the "live data" API on PRTG? Maybe not. But what do I add from the api on prtg to the prtg.conf file (or maybe the searchbnf.conf file?) to make that connection? Any help would be appreciated.

Thanks!

0 Karma
Highlighted

Re: TA-prtg: How do I add the PAI on the prtg to the prtg.conf file?

Motivator

Hi, sorry for the delay i was on vacation...

the prtg.conf needs to be in the local folder and contain these items:

[default]
server=[dns.name|192.168.0.2]
protocol=[HTTP|HTTPS]
user=USERNAME
password=ThisIsAClearTextPasswordForNow

It will then collect the historicdata endpoint of prtg true.

If nothing is specified it will use the [default] stanza else use server=stanzaname to specify which section to use

does this help?

0 Karma
Highlighted

Re: TA-prtg: How do I add the PAI on the prtg to the prtg.conf file?

Path Finder

Ok, I have all that (it was in the prtg.conf.example). Thanks. However, what do you mean by this?

"It will then collect the historicdata endpoint of prtg true."

I see a json, xml, and csv link in the prtg.api under "Historic Data"

How do I connect TA-prtg? I'm still not seeing any data. Do I post, say, an xml link in the prtg.conf file? Such as:

-bash-4.2$ cat prtg.conf.example
[default]
server=[dns.name|192.168.0.2]
protocol=[HTTP|HTTPS]
user=USERNAME
password=ThisIsAClearTextPasswordForNow
/api/historicdata.xml?id=objectid&avg=0&sdate=2017-01-20-00-00-00&edate=2017-01-21-00-00-00

From the PRTG-api

API Calls for Historic Data

The API calls for historic data tables look like this:

"Historic data in XML format:
/api/historicdata.xml?id=objectid&avg=0&sdate=2017-01-20-00-00-00&edate=2017-01-21-00-00-00
Historic data in CSV format:
/api/historicdata.csv?id=objectid&avg=0&sdate=2017-01-20-00-00-00&edate=2017-01-21-00-00-00
Historic data in JSON format:
/api/historicdata.json?id=objectid&avg=0&sdate=2017-01-20-00-00-00&edate=2017-01-21-00-00-00&usecaption=1
The first URL will give you the data in XML format, the second URL will respond with CSV data, the third URL will return JSON. You must supply the object ID of a sensor as well as a start date/time "sdate" and end date/time "edate". If you use the JSON call, additionally provide the parameter usecaption=1 to get more information than just the raw data table."

0 Karma
Highlighted

Re: TA-prtg: How do I add the PAI on the prtg to the prtg.conf file?

Motivator

um, as per the description that is apparently lacking...

"
TA-prtg

Custom commands to use the PRTG Webapi from Splunk. Includes a dashboard with an overview of your PRTG Data illustrating the usage and/or directly useful to you i guess.

Config is in prtg.conf in \local only!

Currently implemented:

| prtgws api="table" columns="objid,type,group,device,sensor,status,message,lastvalue,priority,favorite" gets you the inventory

| prtglivedata content="status" | fields Alarms gets you the alarms, generally content="" equals to the api call on prtg http api.

| prtglivedata content="sensors" filterstatus=5 count=100 | table _time,device,group,message,sensor,status,objid gets you the sensors marked as DOWN (filtertype=5)

| prtglivedata content=sensordetails id=2071 | fields - raw,time,source,sourcetype ,host |transpose | rename column AS Key | rename "row 1" AS Value gets you the sensordetails for sensor 2071

| prtghistoricdata id=2071 count=1 | fields - raw,time,*(RAW),source,sourcetype,host | transpose | rename column AS Key | rename "row 1" AS Value will give you the current measurement for sensor 2071

| prtghistoricdata id=2071 | timechart max("Traffic Total (speed)(RAW)") will get you the sensordata from the timerange of the search for the sensor 2071 and chart the series "Traffic Total (speed)(RAW)" (we use a SNMP traffic sensor for this example.

Config is in prtg.conf in \local only!"

You can use your credentials in prtg.conf to run any of these commands in search on a searchhead to get data. There is a dashboard showing some usage.

Nowhere does it say to install it on an indexer and nowhere does it say that it is a scripted input...

It could be made though. Actually it might be a good case to implement it as a virtual index allowing for regular searching but not sure if i get around to it. I made the current implementation as a preparation for a monitoring project so that we could use metrics already in PRTG to use it in ITSI but we never went for ITSI so we do not use it at all i think.

0 Karma
Highlighted

Re: TA-prtg: How do I add the PAI on the prtg to the prtg.conf file?

Path Finder

Sorry for all the questions...I'm a splunk newbie when it comes to configuring apps. Here's my prtg.conf (minus the IP and the PASS), in the local directory.

-bash-4.2$ cat prtg.conf
[default]
server=
protocol=[HTTP|HTTPS]
user=prtgadmin
password=

Inventory

| prtgws api="table" columns="objid,type,group,device,sensor,status,message,lastvalue,priority,favorite"

api call on prtg http api

| prtglivedata content="status" | fields Alarms content=""

Down sensors

| prtglivedata content="sensors" filter_status=5 count=100 | table _time,device,group,message,sensor,status,objid

Sensor details for 2071

| prtglivedata content=sensordetails id=2071 | fields - raw,time,source,sourcetype ,host |transpose | rename column AS Key | rename "row 1" AS Value

Current measurement for sensor 2071

| prtghistoricdata id=2071 count=1 | fields - raw,time,*(RAW),source,sourcetype,host | transpose | rename column AS Key | rename "row 1" AS Value

Sensordata from the timerange of the search and chart the series

| prtghistoricdata id=2071 | timechart max("Traffic Total (speed)(RAW)")

0 Karma
Highlighted

Re: TA-prtg: How do I add the PAI on the prtg to the prtg.conf file?

Motivator

duno, you guys use https? then only have https as protocol 🙂

example:

[default]
server=prtg.xxx
user=prtgxxx
password=prtgxxx
protocol=http

i slightly anonymize it

anyway it should all look like this when it works: https://www.youtube.com/watch?v=_vOb6UFX6hU

0 Karma
Highlighted

Re: TA-prtg: How do I add the PAI on the prtg to the prtg.conf file?

Path Finder

do you know how to debug my setup? It would seem that Splunk is connecting, but I get no data. There is nothing in the prtg.log on the splunk side, nor do I see any errors in any of the logs related to prtg. Just no data!

0 Karma
Highlighted

Re: TA-prtg: How do I add the PAI on the prtg to the prtg.conf file?

Motivator

um, mail me curious.sle@gmail.com i guess i can include some debuging output for you

0 Karma
Highlighted

Re: TA-prtg: How do I add the PAI on the prtg to the prtg.conf file?

Explorer

hey how are you i have the same issue
this is my prtg.conf

[default]
server=10.4.1.15
protocol=HTTPS
user=USERNAME
password=CLEARTEXTPASS

but i don't get any data in my splunk dashboard.
also, i use windows as my splunk server so i don't have /local so what should i do about that

0 Karma
Highlighted

Re: TA-prtg: How do I add the PAI on the prtg to the prtg.conf file?

Motivator

Local is just a folder under the app. What version of PRTG do you use? I might have to upgrade the implementation...

0 Karma