jason.eckelstafer

Integrate / send alarm and QoS data to analytics tool (ie Splunk)

Discussion created by jason.eckelstafer on Jul 7, 2016
Latest reply on Sep 23, 2016 by Martin.Fink


Hello,

 

We're trying to connect UIM to Splunk. We're starting with alarms but would eventually like to get QoS over there as well.

 

Has anyone tried doing this lately?

 

So far we've followed the documentation found within the sysloggtw documentation for shipping out alarms. This is working...  kind of. It will post out the message with the proper SYSLOG-OUT subject so the sysloggtw then ships it over to Splunk. The problem is that because this method uses logmon to generate a new alarm, we're losing details from the original alarm such as; severity, hostname, probe, subsystem...

 

Here are the links we've referenced so far:

v 1.4 sysloggtw IM Configuration - CA Unified Infrastructure Management Probes - CA Technologies Documentation

Integration with Splunk?

SYSLOG OUT possible? 

Outcomes