Moviri Integrator for TrueSight Capacity Optimization - Splunk
The integration comprises three connectors, targeted at different data transfer scenarios:
- Splunk Generic: allows to import almost any kind of KPI, related to both business metrics or infrastructure utilization, that are stored in Splunk, by performing either a custom search query or a Splunk saved search
- Splunk Web Logs: imports web volumes for NCSA-compliant web servers (e.g. Apache) and Microsoft internet Information Services web servers, that are monitored by Splunk in a Splunk standard fashion
- Splunk Unix and Windows: imports performance counters for Unix and Windows systems, that are monitored by Splunk in a Splunk standard fashion
Supported versions of data source software
Splunk 4, 5, 6.
Supported configurations of data source software
The "Moviri Integrator for BMC TrueSight Capacity Optimization – Splunk (Unix and Windows)" connector requires:
- Unix systems, whose data the connector needs to extract, to be monitored by Splunk through the configurations made available by either the "Splunk for Unix and Linux" App (version 4.2 or greater) or the "Splunk Technology Add-on for Unix and Linux" (version 4.7 or greater)
- Windows systems, whose data the connector needs to extract, to be monitored by Splunk through the configurations made available by the built-in "Local performance monitoring" functionality, or the built-in "Remote performance monitoring" functionality
The "Moviri Integrator for BMC TrueSight Capacity Optimization – Splunk (Web Logs)" connector requires:
- Web servers logs , whose data the connector needs to extract, to be indexed by Splunk as the following known source types: access_combined, access_combined_wcookie, access_common or any iis type (iis, iis-5, iis-7…)
Downloading the additional package
ETL Modules are made available in the form of an additional components, which you may download from BMC electronic distribution site (EPD) or retrieve from your content media.
Installing the additional package
To install the connector in the form of a TrueSight Capacity Optimization additional package, refer to Performing system maintenance tasks instructions.
Datasource Check and Configuration
All the connectors included in "Moviri Integrator for BMC TrueSight Capacity Optimization – Splunk" use the Splunk REST API to communicate with Splunk. This is always enabled and no additional configuration is required, even Splunk Web and the Splunk CLI use Splunk's REST API to communicate with a Splunk instance.
The connector requires a user with the following roles:
- a role with "search" capability. Due to this very limited requirement the connectors' user will not be able to connect and use the Splunk Web interface.
- a role with events visibility over the Splunk indexes that contain the data that needs to be extracted. Which data each connector will look for is detailed later in this section.
Common settings for all connectors
The following are the common settings valid for all connectors of "Moviri Integrator for TrueSight Capacity Optimization - Splunk", they are presented in the "Splunk - Setting" configuration tab.
The web address where the Splunk instance can be reached
The Management port of the Splunk instance where the REST API can be contacted.
Select the Splunk application in which the search will be executed, if not set, the user's default application will be used
Default last counter
Date and time to extract the extraction from, in case of first execution.
Max days to extract
Maximum number of days' worth of data to extract in a single execution. Set 0 for no limitations.
The granularity of the extracted data. For "Moviri – Splunk Generic Extractor" it must match the granularity resulting from the search query execution.
See further specific instructions for each extractor:
- Configuring Splunk Generic Extractor
- Configuring Splunk Web Logs Extractor
- Configuring Splunk Unix and Windows Extractor