Monitoring Splunk

Solarwinds Orion and Splunk

tmontney
Builder

Is there any kind of integration for Solarwinds and Splunk? I want Splunk to monitor Solarwinds.

Tags (1)

hellubuntu
New Member

alt text

HELP!

0 Karma

jkat54
SplunkTrust
SplunkTrust

You haven't installed the Java bridge driver apparently.

0 Karma

jkat54
SplunkTrust
SplunkTrust

It's part of the DBX setup.

0 Karma

joshuabiggley
Path Finder

What sort of monitoring were you thinking about? Splunk offers a lot of options for log ingestion from Solarwinds (APM, NPM, etc. application logs) as well as things like extracting specific data sets directly from the Solarwinds DB for visualization and analytics of events. For example, you could use the DB Connect v2 Splunk app to pull alert history to help you analyze which nodes, types of objects, spexific objects, etc were triggering most often.

A word of caution though -- ingesting performance data via universal forwarders direct from monitored nodes is not a good idea. Sure, there are lots of apps that will help.you visualize that data in Splunk, but you are already collection that data in Solarwinds anyway and Splunk licensing is far more expensive than the equivalent functionality from Solarwinds. If you are hellbent on getting performance data, consider extracting it from the Orion DB via the DB Connect v2 app. No sense paying to collect the same data twice.

Let me know what you are thinking about doing. We're right in the middle of a pretty large Splunk implementation and I manage a pretty good size Solarwinds install too. (NPM, SAM, NTA, SRM, VMAN, etc.)

0 Karma

lloydknight
Builder

Hello @joshuabiggley,

Do you have steps on getting in NPM data to Splunk?

0 Karma

jeffrey_berry
Path Finder

We ended up using the "Splunk DB Connect" app which query's the Solarwinds tables for the needed data. It requires a bit of knowledge about the Solarwinds DB schema and "checkpointing" a Splunk data source for Solarwinds logging tables. Also, we replicated the Solarwinds NPM CustomPollerStatistics_Detail table (and added an identity column to this replicated table) using MS SQL server replication since the DateTime field was not a good checkpoint field for the "Splunk DB Connect" app. Also, see these Solarwinds Thwack and Splunk answer posts https://thwack.solarwinds.com/thread/120056 and https://answers.splunk.com/answers/596395/what-are-the-steps-to-configure-an-incremental-pol.html .

0 Karma

tmontney
Builder

Probably better off submitting a new question. This is over 3 years old.

Personally, I used Solarwinds SWQL Studio with PowerShell: https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2018/02/06/intro-to-s...

0 Karma

wdeoliveira_spl
Splunk Employee
Splunk Employee

Hello Joshua,

I have a partner trying to collect data from Solarwinds DB via DBConnect, but they are getting this error with both DBConnect 1 and 2.

Have you ever face this kind of issue? Were you able to connect to solarwinds db?

Encountered the following error while trying to save: Splunkd daemon is not responding: ("Error connecting to /servicesNS/admin/dbx/dbx/databases: ('The read operation timed out',)",)

Any insights appreciated!

Thanks-

Wellington

0 Karma

joshuabiggley
Path Finder

Yes, we were able to make the connection without an issue. I'm no DBX expert but it looks like there is something wonky with your DBX install.

We are running DBX2 and have successfully connected to MSSQL, Oracle, DB2, etc. sources. Have you been able to connect to other DBs? Here are a couple of pointers.

In the connection configuration set the following values:

Database Types = MS-SQL Server Using jTDS Driver
JDBC URL Format = Default should be correct, but verify that it is jdbc:jtds:sqlserver://:/;useCursors=true
Port = 1433
Default Database = This should be the name of your SolarWinds Orion DB.

That works for us but I really think your issue might be with the config of the DBX2 app itself.

Let me know.

0 Karma

hellubuntu
New Member

It did not work for my environment. It displays the error:

com.splunk.dbx2.DriverNotFoundException: The driver class net.sourceforge.jtds.jdbc.Driver is not found, please check if the driver library is installed properly.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...