×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC TrueSight Infrastructure Management 11.3.04 ... Integrating Event integrations

Integrating with Splunk

When you integrate TrueSight Operations Management with Splunk, you can generate events in TrueSight whenever an alarm action is triggered in Splunk.

This integration is tested with Splunk 8.1.1 and later.

On the TrueSight Infrastructure Management server 

  1. Create the SPLUNK_EV class.

    1. Go to $MCELL_HOME/etc/<TSIM_cell>/kb/classes.

    2. Create a .baroc file.
      For example, splunk.baroc.

    3. Add the following lines to the file.
      MC_EV_CLASS:
       SPLUNK_EV ISA EVENT;
      END

    4. Save the file.

    5. Open the .load file present in the classes folder.

    6. Add the name of the .baroc file to the .load file.
      Do not enter the file extension.

    7. Compile the cell kb by running the following command from the command prompt:
      mccomp -n <cell_name>

On the Splunk enterprise server

  1. Log on to https://splunkbase.splunk.com/ and download the TA-truesight.tar.gz file.
  2. Log on to the Splunk enterprise server web UI with administrative privileges.
  3. Click Manage Apps beside Apps.
  4. Click Install app from file.

  5. Select the downloaded TA-truesight.tar.gz file and click Upload.
    Ensure that you see the success message. 
  6. Create an alert:
    1. Click Search & Reporting.
    2. Add the query to fetch data.
      For example, index="_audit" action="login attempt" "info=failed"

    3. Click .
    4. Click Save As > Alert.

    5. On the Save as Alert page, enter an alert name and set Alert type to Real-time.
    6. In the Trigger Action section, click Add Action and select BMC TrueSight Event Integration



    7. Save the alert.
      When an alert is triggered, an event of the SPLUNK_EV class will be generated in TrueSight Operations Management. 

      If you do not find such events, check the /tmp/bmc.out file on the Splunk Enterprise Server where more details are available. For any other issues, contact BMC Support.


Was this page helpful? Yes No Submitting... Thank you
Last modified by Krutarth Mohakud on Sep 05, 2022
event_integrations integration

Comments

Log in or register to comment.

Troubleshooting MIB compilation errors
Integrations that enable service impact management
© Copyright 2013 - 2020 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.