Moviri - Splunk Extractor
"Moviri Integrator for BMC Helix Continuous Optimization – Splunk" enables the setup of a continuous data flow between Splunk and BMC Helix Continuous Optimization for capacity relevant metrics.
The integration comprises three connectors targeted at different data transfer scenarios:
- Splunk Generic: allows importing almost any kind of KPI, related to both business metrics or infrastructure utilization, that is stored in Splunk, by performing either a custom search query or a Splunk saved search
- Splunk Web Logs: imports web volumes for NCSA-compliant web servers (e.g. Apache) and Microsoft internet Information Services web servers, that are monitored by Splunk in a Splunk standard fashion
- Splunk Unix and Windows: imports performance counters for Unix and Windows systems, that are monitored by Splunk in a Splunk standard fashion
Requirements
Supported versions of data source software
Splunk 4, 5, 6, 7, 8, 9
Supported configurations of data source software
The "Moviri Integrator for BMC Helix Continuous Optimization – Splunk (Unix and Windows)" connector requires:
- Unix systems, whose data the connector needs to extract, to be monitored by Splunk through the configurations made available by either the "Splunk for Unix and Linux" App (version 4.2 or greater) or the "Splunk Technology Add-on for Unix and Linux" (version 4.7 or greater)
- Windows systems, whose data the connector needs to extract, to be monitored by Splunk through the configurations made available by the built-in "Local performance monitoring" functionality, or the built-in "Remote performance monitoring" functionality
The "Moviri Integrator for BMC Helix Continuous Optimization – Splunk (Web Logs)" connector requires:
- Web servers logs , whose data the connector needs to extract, to be indexed by Splunk as the following known source types: access_combined, access_combined_wcookie, access_common or any iis type (iis, iis-5, iis-7…)
Installation
Downloading the additional package
ETL Modules are made available in the form of an additional components, which you may download from BMC electronic distribution site (EPD) or retrieve from your content media.
Installing the additional package
To install the connector in the form of BMC Helix Continuous Optimization additional package, refer to Performing system maintenance tasks instructions.
Datasource Check and Configuration
All the connectors included in "Moviri Integrator for BMC Helix Continuous Optimization  – Splunk" use the Splunk REST API to communicate with Splunk. This is always enabled and no additional configuration is required, even Splunk Web and the Splunk CLI use Splunk's REST API to communicate with a Splunk instance. The connector supports Splunk-local users and Active Directory accounts for authentication.
The connector requires a user with the following roles:
- a role with "search" capability. Due to this very limited requirement, the connectors' user will not be able to connect and use the Splunk Web interface.
- a role with events visibility over the Splunk indexes that contain the data that needs to be extracted. Which data each connector will look for is detailed later in this section.

 
Connectors configuration
Common settings for all connectors
The following are the common settings valid for all connectors of "Moviri Integrator for BMC Helix Continuous Optimization - Splunk", they are presented in the "Splunk - Setting" configuration tab.
| Property Name | Value Type | Required? | Default | Description | 
| Splunk Host | String | Yes | The web address where the Splunk instance can be reached | |
| Port | Integer | Yes | 8089 | The Management port of the Splunk instance where the REST API can be contacted. | 
| Splunk - API Authentication Method | Drop Down | Yes | No Authentication | A drop down to select which type of authentication to use. Options are No Authentication, Basic Authentication, and Authentication Token. | 
| Splunk - Username | String | No | Username, only available when Basic Authentication is chosen for the Authentication Method | |
| Splunk - Password | String | No | Password, only available when Basic Authentication is chosen for the Authentication Method | |
| Splunk - API Authentication Token | String | No | Authentication Token generated from the Splunk API, only available when Authentication Token is chosen for the Authentication Method | |
| Splunk Application | String | No | Select the Splunk application in which the search will be executed, if not set, the user's default application will be used | |
| Default last counter | Date | Yes | Date and time to extract the extraction from, in case of first execution. | |
| Max days to extract | Integer | Yes | 7 | Maximum number of days' worth of data to extract in a single execution. Set 0 for no limitations. | 
| Data granularity | String | Yes | 1h | The granularity of the extracted data. For "Moviri – Splunk Generic Extractor" it must match the granularity resulting from the search query execution. | 
 
 
See further specific instructions for each extractor:
