We're trying to connect UIM to Splunk. We're starting with alarms but would eventually like to get QoS over there as well.
Has anyone tried doing this lately?
So far we've followed the documentation found within the sysloggtw documentation for shipping out alarms. This is working... kind of. It will post out the message with the proper SYSLOG-OUT subject so the sysloggtw then ships it over to Splunk. The problem is that because this method uses logmon to generate a new alarm, we're losing details from the original alarm such as; severity, hostname, probe, subsystem...
Here are the links we've referenced so far:
v 1.4 sysloggtw IM Configuration - CA Unified Infrastructure Management Probes - CA Technologies Documentation
Integration with Splunk?
SYSLOG OUT possible?
at this moment there is no official integration with Splunk, and indeed one of the options that we are aware of as being implemented is using the syslogggtw.
I do not know how exactly Splunk works, but we also offer a rest API that you can use to extract alarm data from UIM and then consume this on your side, please see here:
RESTful Web Services - CA Unified Infrastructure Management Probes - CA Technologies Documentation
CA Tech Support