Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it possible to use Paessler PRTG Modular input with indexer cluster?

max8006
Explorer
‎02-02-2023 05:32 AM

Hi,

I have a question if there is a possibility to use the APP Paessler PRTG Modular Input in a distributed indexer scenario. I can install the app on the SH, but how do I create the reference to the indexer cluster. I can only select the local index on the SH. Does that work with a heavy forwarder maybe? 

Thanks,

max

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-03-2023 08:09 AM

By definition, the HF sends everything it gets to the indexers so there's no need to worry about that.

You'll be able to select the index if they are defined on the HF.  Do that by copying the app that defines your indexes (you DO use an app, right?) from an indexer to the HF.  You also can edit the PRTG app's config file to specify the index.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎02-02-2023 05:59 AM

Installing a modular input on indexers can lead to duplicate data.  Install it on a single SH (not a SHC) or a HF.

The app used to define indexes on your indexers should also be installed on your SHs and HFs.  This ensures the UI knows about all indexes.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

max8006
Explorer
‎02-03-2023 07:07 AM

The problem is that the PRTG APP makes RESTAPI calls to get the data for indexing. I don't understand how this is supposed to work on the indexer itself. There must be some way for a HF to make these calls and send the information to the indexers. In the app, I can't select the indexes that are defined on the standalone indexers.

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-03-2023 08:09 AM

By definition, the HF sends everything it gets to the indexers so there's no need to worry about that.

You'll be able to select the index if they are defined on the HF.  Do that by copying the app that defines your indexes (you DO use an app, right?) from an indexer to the HF.  You also can edit the PRTG app's config file to specify the index.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...