Hello i have just a little question.
We have 2 Ticket Systems in our Company.
I'm searching for a programm, that monitor and analyze the Interface and Connection of these two systems.
Is it possible with splunk?
And if yes, which app from splunk is useful?
I guess there are different ways to solve this depending on what you mean by analyzing the interface & connection.
You could just check /var/log/messages or /var/log/syslog (on a Unix System) for events that indicate that an interface came up or went down and write a search to detect the situation and assume, that if the Interface is ok the connection is ok:
Jan 25 13:10:02 host kernel: [2149765.760464] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Jan 25 13:10:02 host kernel: [2149765.761220] ADDRCONF(NETDEVUP): eth0: link is not ready
Jan 25 13:10:02 host kernel: [2149765.761235] ADDRCONF(NETDEVCHANGE): eth0: link becomes ready
You could also write a script and set up a scripted input that verifies the connection ( using ping or telnet/nc or maybe wget for an http connection) and the creata a scripted input (easier) or a modular input:
Or maybe the ticketing software will write error messages if there is a connection problem and you can use that information (or you could use all 3 methods)
This app (or the windows pendant) are a good starting point there is a Dashboard called "Connection Details" that will populate if the app is configured correctly:
-> It is also a good example to see how scripted inputs work (see the inputs.conf file and check the bin directory withi its shell scripts).
Is this the info you were looking for?
Thanks for the fast answer,
now more detailed Information, what i will do with splunk.
And i hope now there is an app for splunk windows, what i can use.
Just an info: I do this in my final exam for the company. So i have just 16-18 work hours at the project (in 1-2 month) to realize this. 😕
1.) No, Splunk can be installed on Windows. 2.) You can monitor the Windows Event log, if you want to Monitor a directory with files there are possibilities. 3.) Is easy if the ticketsystem writes log messages. There is an a Splunk App for Windows (http://splunk-base.splunk.com/apps/22315/splunk-app-for-windows) and a so calle technology add on which might be more interesting (http://splunk-base.splunk.com/apps/28933/splunk-for-windows-technology-add-on). 16-18h sounds like it is doable write me an email: email@example.com and we can work things out.