The Cisco ACI App for Splunk Enterprise is used to build dashboards on indexed data provided by the "Cisco ACI Add-on for Splunk Enterprise" app.
This app delivers centralized, real-time visibility for applications and ACI infrastructures across the bare metal and virtualized environments.
Install the main app (Cisco ACI App for Splunk Enterprise) and Add-on app (Cisco ACI Add-on for Splunk Enterprise) on a single machine. * Here both the app resides on a single machine. * The main app uses the data collected by Add-on app and builds dashboard on it
Restart Splunk
Note:
1) If the previous version of App is already installed, remove the cisco-app-ACI folder from Splunk app folder before the installation of a newer version or the user can upgrade the app from Splunk UI.
2) If in case cleaned Splunk eventdata, please make sure to delete the files ending with _LastTransactionTime.txt from TA_cisco-ACI/bin/ folder.
These files are saving timestamp to get only incremental data from APIC or MSO.
Ref documentation provided by "Cisco ACI Add-on for Splunk Enterprise" for Configuration of Add-on
Note: If the previous version of the Add-on app is already installed, remove the TA_cisco-ACI folder from Splunk app folder before installation of a newer version or the user can upgrade the app from Splunk UI.
If the user upgrades the app, it should be ensured that index, sourcetype, and interval must be mentioned for each input in local/inputs.conf
Please disable all the scripted inputs before upgrading Add-on(TA_cisco-ACI).
* Download the App package
* From the UI navigate to Apps->Manage Apps
* In the top right corner select "Install app from file"
* Select "Choose File" and select the App package
* Check Upgrade App
* Select "Upload" and follow the prompts.
#### OR
* If a newer version is available on splunkbase, then App/Add-on can be updated from UI also.
* From the UI navigate to Apps->Manage Apps
OR click on the gear icon
* Search for Cisco ACI App/Add-on
* Click on 'Update to <version>'
under Version Column.
Please follow the below steps.
'-stats'
is present, then perform the following steps.Restart Splunk
Follow below steps if you are collecting data using Certificate Based Authentication
in v4.3.0 OR v4.4.0 and Upgrading Add-on to v5.0.0
You need to convert your Private key to RSA Private key by running following command in cmd.
Enable all the scripted inputs.
This section provides the steps to uninstall App from a standalone Splunk platform installation.
(Optional) If you want to remove data from Splunk database, you can use the below Splunk CLI clean command to remove indexed data from an app before deleting the app.
Delete the app and its directory. The app and its directory are typically located in the folder$SPLUNK_HOME/etc/apps/<appname> or run the following command in the CLI:
You may need to remove user-specific directories created for your app by deleting any files found here: $SPLUNK_HOME/bin/etc/users/*/<appname>
Restart the Splunk platform. You can navigate to Settings -> Server controls and click the restart button in Splunk web UI or use the following Splunk CLI command to restart Splunk:
Once the Add-on app is configured to receive data from ACI, The main app dashboard can take some time before the data is populated in all panels. A good test to see that you are receiving all of the data is to run this search after several minutes:
index="<your index>" | stats count by sourcetype
Troubleshooting APIC configuration:
If you don't see these sourcetypes, have a look at the messages output by the scripted input: collect.py. Here is a sample search that will show them:
index=_internal component="ExecProcessor" collect.py "ACI Error:" | table _time host log_level message
Troubleshooting MSO configuration:
You can also see $SPLUNK_HOME/var/log/splunk/splunkd.log file to check if any error has occurred.
This app stores the indexed data in accelerated datamodels and build dashboards by fetching data from datamodels. Below is the list of datamodels that have been created in the app.
Events - Maps to general information for all the MOs of class=eventrecord.
If you want to improve the performance of dashboards, you must need to enable the acceleration of datamodel. Please follow the below steps:
This app provides savedsearches that generate lookup files or send email alerts.
In addition to out-of-the-box reporting and analytics capabilities for your ACI environment, the app includes a set of pre-defined dashboards for specific user roles:
Helpdesk admin: Enables Help desk operator to analyze various faults in the system and escalate them to tenant or fabric admin accordingly. He will have access to only "Home", "Authentication" and "Helpdesk" dashboards.
Tenant admin: Enables Tenant admin to analyze and drill down faults and health related issues to a particular tenant. He can drill down into Applications, EPGs, and VM endpoints to identify a single point of failure within the admin. He will have access to only "Home", "Authentication" and "Tenants" Dashboards.
Fabric admin: Enables Fabric Admin to analyze physical network related issues. It gives visibility into fabric components of networks e.g. leaf, spine and it's physical components like chassis, ports, fan tray, line card, etc.
Tenant user: Enables Tenant User to manage a specific tenant and all of its components like Application, EPGs ,and VMs. To create a Tenant user for tenant "ABC", follow the steps given below.
1) Create a role with name "tenant_ABC". In search criteria put "dn=uni/tn-ABC/*".
2) Create a new user with the name user-ABC and apply the role of "tenant_ABC" to this user.
3) Edit the permission of Tenant Dashboard to provide read access to a user with the role "tenant_ABC".
The app also includes a set of MSO dashboards for specific use cases:
Sites: Information about sites associated with MSO and the fault count of various severity levels. Drill-downs are provided in Site Information, Site Health graph, and panels consisting of fault counts, so users can get a detailed view of the same.
Schemas: Information about schemas configured with MSO. Drill down into No. of Schemas Associated With MSO single pane visualization will show schema details, drill-down on Application Profiles, Bridge Domain, External EPGs, and VRF single pane visualization to get insights about particular health and fault details and drill-down on contracts will show contracts health details.
Tenants: Graphical representation of tenants associated with sites, schemas, and users. Drill down on table showing Tenant Details for a particular site will re-direct to Tenant Details dashboard giving more description about the selected tenant.
Users: Information about MSO users and their roles. More details about user and roles are given by drill down on Users and Roles panel.
Policy: Information about policies configured in MSO. Drill down on Policy SubType Breakdown panel will show details of specific subtype.
All the MSO dashboards have Audit Logs panel showing Audit Logs of a particular type, for example, schemas dashboard have audit logs only of type schema.
output will be truncated at xxx results due to excessive memory usage...
, user can manually increase the memory limit in limits.confUpdated setup guide
Version 4.4.0:
Added support of Splunk 8.x
Version 4.3.0:
• Correlate compute, network and storage components by providing integration with Splunk app for vmware
• This app includes a set of pre-defined dashboards for specific user roles – Helpdesk admin, Tenant admin, Fabric Admin, VMM admin
• Support for multiple APIC's (App Version 4.0 onwards)
• Overall fabric health score monitoring
• Multi-Pod and Micro-segemntation support
• Top affected tenants, their health score and faults with the drilldown capability to look into fault descriptions and recommended actions.
• Top affected spines and leafs, their health score and faults with the drilldown capability to look into their physical components e.g. chassis, fan tray, power supply, supervisor etc.
• Trending of faults over time, by cause and by impacted assets
• Threshold setting for KPI's (e.g tenants, end point groups, contracts, filters, bridge domains and l3out networks) and generate alerts when threshold exceeds warning/critical limits
• Provides Top TCAM percentage used nodes and Port utilization of leafs and spines. Also provides tenant-based utilization report for bandwidth consumed
• Authentication tracking
• Ability to correlate ACI compute and storage data with data collected by Splunk app for VMware
• Splunk version supported 7.0, 7.1, 7.2, 7.3 and 8.0
• Splunk search head system should have 16 GB of RAM and a octa-core CPU to run this app smoothly
• This main app Cisco ACI App for Splunk Enterprise also requires Cisco ACI Add-on for Splunk Enterprise.
For Cisco ACI App for Splunk Enterprise (Version 4.4.0) download Cisco ACI Add-on for Splunk Enterprise (Version 4.5.0)
For Cisco ACI App for Splunk Enterprise (Version 2.2.2) download Cisco ACI Add-on for Splunk Enterprise (Version 2.2)
For Cisco ACI App for Splunk Enterprise (Version 3.0) download Cisco ACI Add-on for Splunk Enterprise (Version 3.0)
For Cisco ACI App for Splunk Enterprise (Version 4.0) download Cisco ACI Add-on for Splunk Enterprise (Version 4.0)
Install main app (Cisco ACI App for Splunk Enterprise) and Add-on app (Cisco ACI Add-on for Splunk Enterprise) on a single machine.
• Here both the app resides on a single machine.
• Main app uses the data collected by Add-on app and builds dashboard on it
• This app should be installed on search head either through UI through "Manage Apps" or by extracting zip file into /opt/splunk/etc/apps folder.
• Restart Splunk.
• Note: If the previous version of App is already installed, remove the cisco-app-ACI folder from Splunk app folder before installation of newer version.
• Login to Splunk: http://your_splunk_host:port
• In browser type: http://your_splunk_host:port/en-US/_bump . Click "Bump Version".
• In browser type: http://your_splunk_host:port/en-US/debug/refresh. Click "Refresh".
• Restart Splunk
• Create index for Cisco ACI App for Splunk Enterprise (Only App Version 4.x)
• To Create an index 'apic' with Splunk Web.
In Splunk Web, navigate to Settings -> Indexes and click New Index.
Index Name: apic
App: Cisco ACI App for Splunk Enterprise
Keep default for other inputs. Click Save.
• Restart Splunk
• Users also needs to install and configure Add-on app (Cisco ACI Add-on for Splunk Enterprise). The installation and configuration steps are provided in add-on app documentation.
• Login to Splunk: http://your_splunk_host:port
• Complete instruction is also available as “Setup Guide” tab in Cisco ACI App for Splunk Enterprise.
• This app is supported by Cisco Systems.
• Email support during weekday business hours.
• Please ask questions by creating a TAC case on https://globalcontacts.cloudapps.cisco.com/contacts/contactDetails/en_US/c1o1-c2o2-c3o8
OR contact us at 1 800 553 2447 or 1 408 526 7209
• Overview: Cisco ACI App for Splunk Enterprise
• Splunk and Cisco APIC drive network analytics
• Cisco Marketplace Website: Cisco ACI for Splunk Enterprise
Added New dashboards for Multi-Site Orchestrator
MSO Overview
Sites
Schemas
Tenants
Users
Policy
Added support for filter out data based on the Multi-Site Orchestrator on all ACI dashboards
Version 4.3.0
Added 3 Dashboards of Cloud APIC
Changed savedsearches - APICFabricLookup, APICCEPLookup
* Bug Fixes
v 4.2.4
- Additional Dashboards for Controller Statistics and ACL Logs on L2 and L3 layer
- Better UI performance
- Additional VLAN information
- Bug fixes
v 4.2.3
-Additional bug fixes
v 4.2.2
- Additional Cloud Support
v 4.2.1
- Additional Dashboards for Controller Statistics and ACL Logs on L2 and L3 layer
- Better UI performance
- Additional VLAN information
- Bug fixes
For App related questions, kindly create a TAC case
https://globalcontacts.cloudapps.cisco.com/contacts/contactDetails/en_US/c1o1-c2o2-c3o8
OR
Contact Us
1 800 553 2447 or
1 408 526 7209
v 4.2.2
- Additional Cloud Support
v 4.2.1
- Additional Dashboards for Controller Statistics and ACL Logs on L2 and L3 layer
- Better UI performance
- Additional VLAN information
- Bug fixes
For App related questions, kindly create a TAC case
https://globalcontacts.cloudapps.cisco.com/contacts/contactDetails/en_US/c1o1-c2o2-c3o8
OR
Contact Us
1 800 553 2447 or
1 408 526 7209
v 4.2.1
- Additional Dashboards for Controller Statistics and ACL Logs on L2 and L3 layer
- Better UI performance
- Additional VLAN information
- Bug fixes
v 4.2.0
- Additional Dashboards for Controller Statistics and ACL Logs on L2 and L3 layer
- Better UI performance
- Additional VLAN information
- Bug fixes
Version 4.1.3 updates (compatible with ACI add-on 4.1.1):
New Fabric Extenders dashboard
APIC Syslog parsing capability - Used in System Faults and Events dashboard
APIC Health and Status monitoring
Minor bugs and fixes
Optimized dashboard/search performance
For Technical Support: contact aci-splunk-app@cisco.com OR create a case with Cisco TAC.
All features existing in the version 4.0
New sample data for eventgen (Cisco ACI Add-on for Splunk Enterprise Version 4.0.1)
Minor bug fixes
Updated Help Desk>'System Faults' dashboard
Updated Fabric>'Authentication' dashboard
Version: 4.0 features
The features developed in this release include: • Support for multiple APIC's • Syslog Integration with ACI • Multi-Pod and Micro-segmentation view • Get to the root cause better and faster • Increased performance of dashboards • New and better User Interface and drill-down capabilities
The features developed in this release include: • Support for multiple APIC's • Syslog Integration with ACI • Multi-Pod and Micro-segmentation view • Get to the root cause better and faster • Increased performance of dashboards • New and better User Interface and drill-down capabilities
The features developed in this release include:
• Support for multiple APIC's
• Threshold setting for KPI's (i.e. no of tenants, end point groups, contracts, filters, bridge domains and l3out networks) • Generate Alters when threshold levels exceed. • Fault tracking with state transition. • Tenant Utilization, Top TCAM and Port Utilization.
The features developed in this release include: • Threshold setting for KPI's (i.e. no of tenants, end point groups, contracts, filters, bridge domains and l3out networks) • Generate Alters when threshold levels exceed. • Fault tracking with state transition. • Tenant Utilization, Top TCAM and Port Utilization. • Updated the Splunk Landing page/home page to display the Number of EPGs, Number of contracts, Number of filters, Number of BDs and Number of L3OutNetworks. Drill down on each component to display tenant-wise details.
The features developed in this release include:
• Threshold setting for KPI's (i.e. no of tenants, end point groups, contracts, filters, bridge domains and l3out networks)
• Generate Alters when threshold levels exceed.
• Fault tracking with state transition.
• Tenant Utilization, Top TCAM and Port Utilization.
• Updated the Splunk Landing page/home page to display the Number of EPGs, Number of contracts, Number of filters, Number of BDs and Number of L3OutNetworks. Drill down on each component to display tenant-wise details.
Release Features
The features developed in this release include:
• Threshold setting for KPI's (i.e. no of tenants, end point groups, contracts, filters, bridge domains and l3out networks)
• Generate Alters when threshold levels exceed.
• Fault tracking with state transition.
• Tenant Utilization.
• TCAM and Port Utilization.
• Updated the Splunk Landing page/home page to display the Number of EPGs, Number of contracts, Number of filters, Number of BDs and Number of L3OutNetworks. Drill down on each component to display tenant-wise details.
Release Features
The features developed in this release include:
• Threshold setting for KPI's (i.e. no of tenants, end point groups, contracts, filters, bridge domains and l3out networks)
• Generate Alters when threshold levels exceed.
• Fault tracking with state transition.
• Tenant Utilization.
• TCAM and Port Utilization.
• Updated the Splunk Landing page/home page to display the Number of EPGs, Number of contracts, Number of filters, Number of BDs and Number of L3OutNetworks. Drill down on each component to display tenant-wise details.
Release Features
The features developed in this release include:
• Threshold setting for KPI's (i.e. no of tenants, end point groups, contracts, filters, bridge domains and l3out networks)
• Generate Alters when threshold levels exceed.
• Fault tracking with state transition.
• Tenant Utilization.
• TCAM and Port Utilization.
• Updated the Splunk Landing page/home page to display the Number of EPGs, Number of contracts, Number of filters, Number of BDs and Number of L3OutNetworks. Drill down on each component to display tenant-wise details.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.