Good morning everyone!
Hope all is well.
Todays post is going to cover an issue I faced recently in needing to monitor our Isilon storage system. Took a look around Splunkbase and found a set of apps that can do this, fairly easily, with a little customization.
So first we need to download the app set: Dell EMC Isilon Add-on for Splunk Enterprise and Dell EMC Isilon App for Splunk Enterprise
You can find the installation directions and the requirements on the apps page.
Install the apps on the search head cluster deployer and push it out.
Create the index for the new data, we used the default, isilon. Created the index on the Indexer Cluster Master and push it out.
For us, we have no ability to install the app on the forwarding system so we setup the connection from the search head cluster.
Make sure you have an admin login account for the new connection to Isilon from the search head cluster.
After you install the apps on the search head cluster, go to the "Apps" > "Manage Apps" > "Set up" for the TA_EMC-Isilon app. A new set up screen will open, which will ask for Isilon node credentials. It can be credentials for any of the nodes in the Isilon cluster.
Here enter the credentials you created for the new connection to Isilon. Enter the index you want the data to go to but remember the default is isilon and if you change it you will need to tweak the app and macros.
Once the connection is successful it will start populating the dashboards in the Dell EMC Isilon App for Splunk Enterprise, some of these dashboards use lookups that will be created once the base search runs, its not immediate. For me the "Cluster_Name" field was just called "name" so I had to updated the macro for cluster_list to use that field instead of "Cluster_Name" as well as tweak the dropdown from "Cluster" in the dashboards.
After that all the dashboards started building:
As you can see we get pretty decent data with minimal customization, it took maybe an hour to get it all customized.
Hope this helps, maybe someone has the same need and isn't sure how to get there.
Have great day/week!
-Cheers!
Todd