Appendix E Splunk Integration Support
N2WS Backup & Recovery Instance is now supporting the monitoring of backups, DR, copy to S3, alerts, and more by Splunk. The N2WS add-on features:
- Ability to define data input from N2WS via a Technology Add-on (TA)
- Ability to monitor resources and instances
- An N2WS app with 2 dashboards for displaying operational insights:
- N2WS activity monitor - Information about the data
- N2WS Alerts
- No support for Microsoft Azure
- No support for multiple CPMs
- Supported with Splunk Enterprise only
Integration consists of installing Splunk and configuring the TA for N2WS.
To configure the N2WS Server:
- 1.Edit the N2WS configuration file as follows:
>> su cpmuser
>> vi /cpmdata/conf/cpmserver.cfg
2. Restart apache:
>> sudo service apache2 restart
3. To check the status of the Splunk integration, in N2WS, go to Help > About and verify that 'External monitoring (Datadog / Splunk) enabled' is Yes.
Splunk can work with a proxy for reaching N2WS APIs.
- 1.Log on to your Splunk Web and in the Enterprise Apps screen, select Settings.
The Manage Apps page opens.
2. In the upper right, select Install app from file.
3. For an initial installation: a. Browse for the
N2WS_app_for_splunk.splfile. Select Upload.
b. Browse for
ta_N2WS_for_splunk.spl. Select Upload.
4. For updates, browse for the current file and select Upgrade app.
Two configurations are required:
- TA of the REST API
- Data inputs from N2WS for Alerts and Dashboard information
To configure the TA:
- 1.Go to splunk > App N2WS Add-on > Configuration.
- 2.If needed, select the Proxy tab, complete the settings, and select Save.
3. In the Logging tab, select the TA Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL.
4. In the Add-on Settings tab, set the API Url of the target server and the API Key. You can copy and paste the API URL and API Key, or both can be left empty for the customer to fill in.
- The API Url is the address of your N2WS server.
- You can generate an API Key in N2WS at User > Settings > API Access.
5. Select Save.
To configure data Inputs:
- 1.In the App menu, select Inputs.
- 2.In the Create New Input menu, select N2WS Dashboard information or N2WS Alerts.
- 3.Enter the relevant data input information:
- 1.Name - Unique name of the input.
- 2.Interval - Time interval for fetching the data from N2WS in seconds. 300 is recommended.
- 3.Index - The Splunk index (silo) to store the data in:
- For Alerts, n2ws_alerts
- For Dashboard information, n2ws_di
- 4.Last alert ID - Leave blank.
- 4.Select Update.
When finished, the Inputs should look like this:
To manage the Inputs, in the Actions column, select from the Action menu: Edit, Delete, Disable, or Clone.
To configure default data indexes:
- 1.Select Settings on the upper right corner and then select Indexes.
2. Verify that the following indexes exist under the N2WS app. If not, select New Index to add indexes of the CPM information.
3. In the file system, copy
macros.conffrom the default folder to the local folder. For example, Source:
4. Edit the
macros.conffile under '
local' and change the default index to the new indexes that were created.
3. Restart the Splunkd service from Windows Services.
Go to Splunk Apps and find N2WS app for splunk. The N2WS app contains tabs for N2WS activity monitor and N2WS Alerts. Edit and Export options are available in the upper right corner of each dashboard.
- Filter for Time Range (defaults to last 24 hours) and Users, including root and delegates.
- Displays All Accounts, Policies, Protected Resources, Managed Snapshots, Backups DR, S3 Backups, Volume Usage, and other requested data.
For Protected Resources and Managed Snapshots, select the displayed number to drill down and view a table of the resources and the number of items for each resource type for the selected users, or managed snapshots, count of each type, and a total.
The Alerts dashboard includes filters for:
- Time range - Last 24 hours (default)
- User - All (default) or username
- Severity - All or Info or Warning
- Category - All or Tag Scan, volume usage limit exceeded
The list defaults to descending sort order. Select any column to change sort order.
- Time - Date, time, event ID