Thanks For Downloading!
Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:
Unix/Linux: Decompress the downloaded file using a tool like
Get visibility into your NetApp storage system with Splunk!
The Splunk App for NetApp ONTAP uses the NetApp Manageability SDK (http://www.netapp.com/us/products/management-software/open-management.html) combined with read-only API access to one or more FAS controllers to provide realtime and historical visibility into the performance and configuration of your NetApp storage infrastructure.
Included with this version of the Splunk App for NetApp ONTAP are:
In addition to Splunk (version 4.3 or later), you will need:
Due to API changes, Data ONTAP Cluster Mode, sometimes referred to as Clustered ONTAP, is not supported at this time. C-mode support is in development.
Step 1: Create a user account on the storage controller(s) with the following permissions:
You can use the following commands to create the role, group, and user:
Step 2: Enable HTTPD on your filers:
In the filer CLI, you can check "options httpd" to see the status of your HTTPD service. To enable it and administration via the service, enter the following commands (on every filer to be managed by this app):
Step 3: Install the app
Single Server Deployment
For a single server deployment, copy all three apps: SplunkAppForNetAppONTAP, Splunk_TA_ONTAP7, Splunk_SA_ONTAP_KB, to $SPLUNK_HOME/etc/apps on your Splunk server and continue to Step 4.
Step 4: Configure the app
Step 5: Restart Splunk!
When configured correctly, data should start to be indexed within several minutes following a restart. To validate that an installation is successful, run the following search:
There should be at minimum, three sourcetypes:
The storage controller system logs (mounted via NFS) are auto-assigned a sourcetype based on their content, for example "syslog".
NOTES ABOUT THE DATA
The data for this app comes into Splunk via two ways: SNap.py, and NFS mount.
SNap.py is a multi-threaded script which writes the data it collects to the "OUT" folder inside of the app folder. Each storage controller's data is written to a unique file, and the contents of these files are read into Splunk by the tailing processor (a file monitor). This data includes both performance and configuration data sourcetypes as mentioned above.
NFS mounts are used to access the system logs on the system partition of a 7-mode filer. These logs contain alerts and messages from various subsystems within ONTAP.
About Performance Data
Many of the performance-related values returned from the SDK are "raw". In other words, various equations must be performed on these values before the data matches what one would expect to see based on looking at tools such as perfstat, Data Fabric Manager, or OnCommand Operations Manager. For this reason, we are including several macros with the app which help to perform some of these equations.
NOTES ABOUT THE DASHBOARDS
The dashboards in this app are samples which you can use as-is, or customize to suit your needs. They are not intended to be a complete monitoring solution for NetApp storage controllers. The power and potential of this app revolve more around taking the data and making it a part of full stack, of which storage is one piece. For an applied example, see the Splunk App for Citrix XenApp (http://splunk-base.splunk.com/apps/48390/splunk-app-for-citrix-xenapp).
Feedback welcome! You can contact us by emailing <firstname.lastname@example.org>.
Versions and Release Notes
Version 1.0.1 (current version - updated May 01, 2013)
This is the first public release. There are no major changes to the dashboards from the private beta. Most of the development work has focused on bugfixes and stability.
FYI - googling splunk spl file: "It's simply a tarred and gziped file renamed with a .spl extension for Splunkbase purposes. Rename it to .tar.gz and either install it through your Splunk Manager interface or untar it in your $SPLUNK_HOME/etc/apps directory and restart splunk. It should then be there."
reviewed 02 May, 08:56
accept rate: 0%