Follow the below-listed steps to install an Add-on from the bundle:
Apps->Manage Apps
.Install app from file
.Choose File
and select the App package.Select Upload
and follow the prompts.
OR
Directly from the Find More Apps
section provided in Splunk Home Dashboard.
Follow the below steps to upgrade the App.
Follow below steps to upgrade Dell Isilon Technology addon from version 2.2 to 2.3
- Download tar of Dell Isilon Technology addon from splunk base (v2.3)
- Extract tar of Dell Isilon Technology addon under $SPLUNK_HOME/etc/apps
- Execute upgrade python script under $SPLUNK_HOME/etc/apps/TA_EMC-Isilon/bin/upgrade_from_v2.2_to_v2.3.py. On execution, the script will ask for input and the user has to provide already setup nodes as comma-separated value.
for eg. $SPLUNK_HOME/bin/splunk cmd python $SPLUNK_HOME/etc/apps/TA_EMC-Isilon/bin/upgrade_from_v2.2_to_v2.3.py
User can verify configured nodes from $SPLUNK_HOME/etc/apps/TA_EMC-Isilon/local/passwords.conf
This script will add stanza for each node in given list in file $SPLUNK_HOME/etc/apps/TA_EMC-Isilon/local/isilonappsetup.conf. Verify entry for each node in this file
- Restart Splunk
Those inputs will be in disabled mode by default and can be enabled from Inputs page. (Not required if you are on Search Head in distributed environment.)
To enable forwarding syslog data in any Isilon Cluster version, perform the following steps:
Make following changes in file /etc/mcp/override/syslog.conf (copy from /etc/mcp/default/syslog.conf if not present):
Restart syslogd using this command - /etc/rc.d/syslogd restart.
In some cases, syslog.conf file is already placed at /etc/mcp/override directory location but it is empty. In that case, just put the log file name and the forwarder ip in that file. Below is the content of sample syslog.conf:
auth.* @<forwarders_ip_address>
!audit_config
*.* @<forwarders_ip_address>
!audit_protocol
*.* @<forwarders_ip_address>
!*
Run the following commands to enable protocol, config and syslog auditing according to Isilon OneFS version:
For Dell Isilon cluster with oneFS version 9.x.x:
isi audit settings global modify --protocol-auditing-enabled Yes
isi audit settings global modify --config-auditing-enabled Yes
isi audit settings global modify --config-syslog-enabled Yes
isi audit settings modify --syslog-forwarding-enabled Yes
We are using Dell Isilon API for data collection purpose.
This app is compatible with "Authentication","Inventory" and "Performance" datamodels of Splunk CIM (Common information model).
The main app dashboard can take some time to populate the dashboards Once data collection is started. A good test to see that you are receiving all of the data we expect is to run this search after several minutes:
search `isilon_index` | stats count by sourcetype
In particular, you should see these sourcetypes: * emc:isilon:rest * emc:isilon:syslog
If you don't see these sourcetypes, have a look at the messages for "emc:isilon:rest". User can see logs at $SPLUNK_HOME/var/log/isilon/emc_isilon.log file.
For "emc:isilon:syslog", check the syslog file in /etc/mcp/override/syslog.conf - it should have @<forwarders_ip_address> in front of the required log file and !* at the end of the syslog.conf file. Also, run following command to see whether the syslog forwarding is enabled or not:
For Dell Isilon cluster with oneFS version 7.x.x - isi audit settings view
For Dell Isilon cluster with oneFS version 8.x.x - isi audit settings view, isi audit settings global view
Dell Isilon forward syslog and audit logs on 514 UDP port by default. Please make sure port 514 is open and reserved for Isilon syslogs only.
General checks:
$SPLUNK_HOME/var/log/splunk/
directory.index="_internal" source=*ta_emc_isilon_*.log
query to see all the logs in UI. Also, user can use index="_internal" source=*ta_emc_isilon_*.log ERROR
query to see ERROR logs in the Splunk UI.Dell PowerScale Add-on for Splunk
. Click on Configuration and go to the Logging tab. Select the Log level to DEBUG and save it.If data is not getting collected:
To disable the Add-on, you must be logged in to Splunk as an Administrator and follow the steps below.
- Go to 'Manage Apps' from Splunk's home page.
- In the search box, type the name of the add-on, and then click Search. In the Status column, next to Add-on, click Disable.
Uninstalling from a Standalone Environment
Uninstalling from a distributed or clustered environment
Fixed AppCert cloud issues
Added support of new security patch coming in EMC Isilon cluster with oneFS version 8.1.0.4 and above.
Added support of pagination in active directory API calls.
Fixed 503 Server Error: Service Not Available Error for API calls.
Removed Input stanza for Syslog ingestion([udp://514]) and added instuction in documentation on how to setup syslog data ingestion.
Version: 2.1
-> Changed data collection method from Scripted Input to REST API Modular Input
-> Added support for Isilon Version 8.0
-> Added new data source(udp 514) and field extractions to integrate Isilion Syslogs & Audit logs
-> Added new API calls and extractions to comply with CIM models - Authentication, Inventory and Performance
Since the data collection method has been changed in release 2.0, user must need to remove the previous version of app ($SPLUNK_HOME/etc/apps/TA_EMC-Isilon) and perform the fresh installation of new bundle and set up the app again.Please note that removing old installation is not going to remove previously indexed data.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.