What sort of monitoring were you thinking about? Splunk offers a lot of options for log ingestion from Solarwinds (APM, NPM, etc. application logs) as well as things like extracting specific data sets directly from the Solarwinds DB for visualization and analytics of events. For example, you could use the DB Connect v2 Splunk app to pull alert history to help you analyze which nodes, types of objects, spexific objects, etc were triggering most often.
A word of caution though -- ingesting performance data via universal forwarders direct from monitored nodes is not a good idea. Sure, there are lots of apps that will help.you visualize that data in Splunk, but you are already collection that data in Solarwinds anyway and Splunk licensing is far more expensive than the equivalent functionality from Solarwinds. If you are hellbent on getting performance data, consider extracting it from the Orion DB via the DB Connect v2 app. No sense paying to collect the same data twice.
Let me know what you are thinking about doing. We're right in the middle of a pretty large Splunk implementation and I manage a pretty good size Solarwinds install too. (NPM, SAM, NTA, SRM, VMAN, etc.)
We ended up using the "Splunk DB Connect" app which query's the Solarwinds tables for the needed data. It requires a bit of knowledge about the Solarwinds DB schema and "checkpointing" a Splunk data source for Solarwinds logging tables. Also, we replicated the Solarwinds NPM CustomPollerStatistics_Detail table (and added an identity column to this replicated table) using MS SQL server replication since the DateTime field was not a good checkpoint field for the "Splunk DB Connect" app. Also, see these Solarwinds Thwack and Splunk answer posts https://thwack.solarwinds.com/thread/120056 and https://answers.splunk.com/answers/596395/what-are-the-steps-to-configure-an-incremental-pol.html .
Probably better off submitting a new question. This is over 3 years old.
Personally, I used Solarwinds SWQL Studio with PowerShell: https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2018/02/06/intro-to-s...
I have a partner trying to collect data from Solarwinds DB via DBConnect, but they are getting this error with both DBConnect 1 and 2.
Have you ever face this kind of issue? Were you able to connect to solarwinds db?
Encountered the following error while trying to save: Splunkd daemon is not responding: ("Error connecting to /servicesNS/admin/dbx/dbx/databases: ('The read operation timed out',)",)
Any insights appreciated!
Yes, we were able to make the connection without an issue. I'm no DBX expert but it looks like there is something wonky with your DBX install.
We are running DBX2 and have successfully connected to MSSQL, Oracle, DB2, etc. sources. Have you been able to connect to other DBs? Here are a couple of pointers.
In the connection configuration set the following values:
Database Types = MS-SQL Server Using jTDS Driver
JDBC URL Format = Default should be correct, but verify that it is jdbc:jtds:sqlserver://:/;useCursors=true
Port = 1433
Default Database = This should be the name of your SolarWinds Orion DB.
That works for us but I really think your issue might be with the config of the DBX2 app itself.
Let me know.
It did not work for my environment. It displays the error:
com.splunk.dbx2.DriverNotFoundException: The driver class net.sourceforge.jtds.jdbc.Driver is not found, please check if the driver library is installed properly.