Moviri - Splunk Extractor

"Moviri Integrator for BMC Helix Continuous Optimization – Splunk" enables the setup of a continuous data flow between Splunk and  BMC Helix Continuous Optimization for capacity relevant metrics. 

The integration comprises three connectors, targeted at different data transfer scenarios:

  • Splunk Generic: allows to import almost any kind of KPI, related to both business metrics or infrastructure utilization, that are stored in Splunk, by performing either a custom search query or a Splunk saved search
  • Splunk Web Logs: imports web volumes for NCSA-compliant web servers (e.g. Apache) and Microsoft internet Information Services web servers, that are monitored by Splunk in a Splunk standard fashion
  • Splunk Unix and Windows: imports performance counters for Unix and Windows systems, that are monitored by Splunk in a Splunk standard fashion

This ETL is compatible with BMC Helix Continuous Optimization 19.11 and onward.


Requirements

Supported versions of data source software

Splunk 4, 5, 6, 7, 8

Supported configurations of data source software

The "Moviri Integrator for BMC Helix Continuous Optimization – Splunk (Unix and Windows)" connector requires:

  • Unix systems, whose data the connector needs to extract, to be monitored by Splunk through the configurations made available by either the "Splunk for Unix and Linux" App (version 4.2 or greater) or the "Splunk Technology Add-on for Unix and Linux" (version 4.7 or greater)
  • Windows systems, whose data the connector needs to extract, to be monitored by Splunk through the configurations made available by the built-in "Local performance monitoring" functionality, or the built-in "Remote performance monitoring" functionality

The "Moviri Integrator for BMC Helix Continuous Optimization  – Splunk (Web Logs)" connector requires:

  • Web servers logs , whose data the connector needs to extract, to be indexed by Splunk as the following known source types: access_combined, access_combined_wcookie, access_common or any iis type (iis, iis-5, iis-7…)

Installation

Downloading the additional package

ETL Modules are made available in the form of an additional components, which you may download from BMC electronic distribution site (EPD) or retrieve from your content media.

Installing the additional package

 To install the connector in the form of BMC Helix Continuous Optimization additional package, refer to Performing system maintenance tasks instructions.

Datasource Check and Configuration

All the connectors included in "Moviri Integrator for BMC Helix Continuous Optimization  – Splunk" use the Splunk REST API to communicate with Splunk. This is always enabled and no additional configuration is required, even Splunk Web and the Splunk CLI use Splunk's REST API to communicate with a Splunk instance. The connector supports Splunk-local users and Active Directory accounts for authentication.
The connector requires a user with the following roles:

  • a role with "search" capability. Due to this very limited requirement the connectors' user will not be able to connect and use the Splunk Web interface.
  • a role with events visibility over the Splunk indexes that contain the data that needs to be extracted. Which data each connector will look for is detailed later in this section.



 

Connectors configuration

Common settings for all connectors

The following are the common settings valid for all connectors of "Moviri Integrator for BMC Helix Continuous Optimization  - Splunk", they are presented in the "Splunk - Setting" configuration tab.

Property Name

Value Type

Required?

Default

Description

Splunk Host

String

Yes


The web address where the Splunk instance can be reached

Port

Integer

Yes

8089

The Management port of the Splunk instance where the REST API can be contacted.

Splunk - API Authentication MethodDrop DownYesNo AuthenticationA drop down to select which type of authentication to use. Options are No Authentication, Basic Authentication, and Authentication Token.

Splunk - Username

String

No


Username, only available when Basic Authentication is chosen for the Authentication Method

Splunk - Password

String

No


Password, only available when Basic Authentication is chosen for the Authentication Method

Splunk - API Authentication TokenStringNo
Authentication Token generated from the Splunk API, only available when Authentication Token is chosen for the Authentication Method

Splunk Application

String

No



Default last counter

Date

Yes


Date and time to extract the extraction from, in case of first execution.

Max days to extract

Integer

Yes

7

Maximum number of days' worth of data to extract in a single execution. Set 0 for no limitations.

Data granularity

String

Yes

1h

The granularity of the extracted data. For "Moviri – Splunk Generic Extractor" it must match the granularity resulting from the search query execution.



 

 See further specific instructions for each extractor:



Was this page helpful? Yes No Submitting... Thank you

Comments