Getting Data In

Interface Monitoring possible with splunk?

Yannik333
Explorer

Hello i have just a little question.

We have 2 Ticket Systems in our Company.
I'm searching for a programm, that monitor and analyze the Interface and Connection of these two systems.
Is it possible with splunk?

And if yes, which app from splunk is useful?

Thanks 🙂

Yannik333
Explorer

Thanks for the fast answer,

now more detailed Information, what i will do with splunk.

  1. Our two ticket systems are on Windows OS and i want install splunk on windows, too. Is that a problem?
  2. The connection, i want to check is a "Fileinterface" (The 1st ticketsystem import tickets, logs etc in the 2nd ticketsystem). I want to monitor these datas and the Windows Error from the OS'.
  3. I will search in splunk for the error messages from the ticketsystem, if something go wrong.

And i hope now there is an app for splunk windows, what i can use.

Just an info: I do this in my final exam for the company. So i have just 16-18 work hours at the project (in 1-2 month) to realize this. 😕

0 Karma

chris
Motivator

1.) No, Splunk can be installed on Windows. 2.) You can monitor the Windows Event log, if you want to Monitor a directory with files there are possibilities. 3.) Is easy if the ticketsystem writes log messages. There is an a Splunk App for Windows (http://splunk-base.splunk.com/apps/22315/splunk-app-for-windows) and a so calle technology add on which might be more interesting (http://splunk-base.splunk.com/apps/28933/splunk-for-windows-technology-add-on). 16-18h sounds like it is doable write me an email: sinloft@gmail.com and we can work things out.

chris
Motivator

I guess there are different ways to solve this depending on what you mean by analyzing the interface & connection.

You could just check /var/log/messages or /var/log/syslog (on a Unix System) for events that indicate that an interface came up or went down and write a search to detect the situation and assume, that if the Interface is ok the connection is ok:

Jan 25 13:10:02 host kernel: [2149765.760464] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Jan 25 13:10:02 host kernel: [2149765.761220] ADDRCONF(NETDEV_UP): eth0: link is not ready
Jan 25 13:10:02 host kernel: [2149765.761235] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready

You could also write a script and set up a scripted input that verifies the connection ( using ping or telnet/nc or maybe wget for an http connection) and the creata a scripted input (easier) or a modular input:

http://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/ScriptSetup
http://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/ModInputsIntro

Or maybe the ticketing software will write error messages if there is a connection problem and you can use that information (or you could use all 3 methods)

This app (or the windows pendant) are a good starting point there is a Dashboard called "Connection Details" that will populate if the app is configured correctly:
http://splunk-base.splunk.com/apps/22314/splunk-for-unix-and-linux
-> It is also a good example to see how scripted inputs work (see the inputs.conf file and check the bin directory withi its shell scripts).

Is this the info you were looking for?

Chris

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...