DX Unified Infrastructure Management

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Integrate / send alarm and QoS data to analytics tool (ie Splunk)

  • 1.  Integrate / send alarm and QoS data to analytics tool (ie Splunk)

    Posted Jul 07, 2016 09:00 AM


    Hello,

     

    We're trying to connect UIM to Splunk. We're starting with alarms but would eventually like to get QoS over there as well.

     

    Has anyone tried doing this lately?

     

    So far we've followed the documentation found within the sysloggtw documentation for shipping out alarms. This is working...  kind of. It will post out the message with the proper SYSLOG-OUT subject so the sysloggtw then ships it over to Splunk. The problem is that because this method uses logmon to generate a new alarm, we're losing details from the original alarm such as; severity, hostname, probe, subsystem...

     

    Here are the links we've referenced so far:

    v 1.4 sysloggtw IM Configuration - CA Unified Infrastructure Management Probes - CA Technologies Documentation

    Integration with Splunk?

    SYSLOG OUT possible? 



  • 2.  Re: Integrate / send alarm and QoS data to analytics tool (ie Splunk)

    Broadcom Employee
    Posted Sep 23, 2016 11:37 AM

    Dear Jason,

     

    at this moment there is no official integration with Splunk, and indeed one of the options that we are aware of as being implemented is using the syslogggtw.  

     

    I do not know how exactly Splunk works, but we also offer a rest API that you can use to extract alarm data from UIM and then consume this on your side, please see here:

    RESTful Web Services - CA Unified Infrastructure Management Probes - CA Technologies Documentation 

     

     

    Kind Regards,

     

    Martin Fink

    CA Tech Support