Wednesday, March 2, 2022

Splunk and Sterling Integrator Integration

 Splunk Installation

rpm -i --prefix=/mnt/splunk2 splunk-8.2.2-87344edfcdb4-linux-2.6-x86_64.rpm

./splunk start --accept-license

Create the admin user - splunkadmin


Splunk DB Connect Manual Configuration

 

You can also install DB Connect by copying its directory into your Splunk Enterprise apps directory:

Download Splunk DB Connect and save it to a temporary location that you can access from your Splunk Enterprise instance.

Un-tar the download.

Move the splunk_app_db_connect directory into $SPLUNK_HOME/etc/apps.

Restart Splunk Enterprise (./mnt/splunk2/splunk/bin/splunk stop and then ./mnt/splunk2/splunk/bin/splunk start)


After you navigate to the Splunk DB Connect app, You may get "Cannot communicate with task server, please check your settings"

Setup the JRE Installation Path(JAVA_HOME) in the UI - 

Check If java is install by issuing java -version command. If not installed, download the latest tar.gz (jdk-8u202-linux-i586.tar.gz) package from Oracle java.

tar zxvf jdk-8u202-linux-i586.tar.gz

Change the permissions if required - chown -R root:root jdk1.8.0_202

Navigate to the JRE, notedown the path and enter it in the UI - /mnt/jdk1.8.0_202/jre


Download the corresponding driver. Here it is DB2.

Untar the file to see the folder - jdbc_sqlj

Copy or move the db2jcc4.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory


Uninstall Splunk

rpm -qa | grep -i splunk

Then put the command rpm -e above_command_result

Example : rpm -e splunkforwarder-6.3.2-aaff59bb082c.x86_64


Splunk Data Retreival from database

Create a read only user on the database and record the identity credentials.

Navigate to Splunk UI->apps->splunk_app_db_connect->Configuration->Identities. Create the identity using the identity credentails of the read only user

Create the Connection

On the Data Lab -> Retrieve the data. Use cron expressions for Execution Frequency like for every 2 minutes polling  - */2 * * * *


Splunk Reports and Dashboards

To get the users created

index="edi" source="YFS_PERSON_INFO" sourcetype="database"  | transaction LAST_NAME, CREATETS, MODIFYTS  |  table FIRSTNAME, LAST_NAME, EMAILID, DEPARTMENT, CREATETS, MODIFYTS |   sort by CREATETS desc




Posted by at No comments:
Subscribe to: Posts (Atom)