Re: Splunk
Thanks Phil, LJ, and Rick for the input on Splunk. I appreciate the info. :) From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Murnane, Phil Sent: Friday, January 27, 2017 1:12 PM To: arslist@ARSLIST.ORG Subject: Re: Splunk ** Hi Randy, Splunk can also be very nice for correlating anomalies. We've had customers e.g. explain why their mid-tiers are running slowly by correlating heavy load on the virtual compute hardware that was not observable in the mid-tier virtual server OS, much less tomcat. As Rick mentioned, it's all about what outcome you're trying to produce. Fault detection isn't really Splunk's forte, but it could do the job. HTH, --Phil From: Action Request System discussion list(ARSList) <arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>> on behalf of LJ LongWing <lj.longw...@gmail.com<mailto:lj.longw...@gmail.com>> Sent: Friday, January 27, 2017 12:24 PM To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Re: Splunk ** Randy, When I was working at a company that had Splunk I was able to use it to monitor all of my important log files (of course), but also wrote some tools that generated specific data from Remedy such as transaction volumes and such and displayed all of that information in charts in SplunkI had logs for concurrent users both in Remedy and Mid-Tier, response times between various components of the environments, used it to alert when interfaces went down...all sorts of stuff. Nothing that couldn't be done in other tools, but it was the first tool I did that stuff in and I really enjoyed the interfaces and the query capabilities...I liked it. On Fri, Jan 27, 2017 at 10:02 AM, Mckinnish, Randy <randy.mckinn...@compass-usa.com<mailto:randy.mckinn...@compass-usa.com>> wrote: ** Hey Listers, Anyone using Splunk for monitoring mid tiers or your AR Servers? If so what are your thoughts on any value that it adds? Our shop uses several tools already in place and we now have Splunk for some of the other applications. Just wondering if it's a better option and wanted to see what others think. Thanks RandyMckinnish | senior remedy developer | compass group, nad | o: 704.328.1970<tel:(704)%20328-1970> This email is subject to certain disclaimers, which may be reviewed via the following link. http://www.compass-usa.com/disclaimer _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ This email is subject to certain disclaimers, which may be reviewed via the following link. http://www.compass-usa.com/disclaimer ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Splunk
Hi Randy, Splunk can also be very nice for correlating anomalies. We've had customers e.g. explain why their mid-tiers are running slowly by correlating heavy load on the virtual compute hardware that was not observable in the mid-tier virtual server OS, much less tomcat. As Rick mentioned, it's all about what outcome you're trying to produce. Fault detection isn't really Splunk's forte, but it could do the job. HTH, --Phil From: Action Request System discussion list(ARSList) <arslist@ARSLIST.ORG> on behalf of LJ LongWing <lj.longw...@gmail.com> Sent: Friday, January 27, 2017 12:24 PM To: arslist@ARSLIST.ORG Subject: Re: Splunk ** Randy, When I was working at a company that had Splunk I was able to use it to monitor all of my important log files (of course), but also wrote some tools that generated specific data from Remedy such as transaction volumes and such and displayed all of that information in charts in SplunkI had logs for concurrent users both in Remedy and Mid-Tier, response times between various components of the environments, used it to alert when interfaces went down...all sorts of stuff. Nothing that couldn't be done in other tools, but it was the first tool I did that stuff in and I really enjoyed the interfaces and the query capabilities...I liked it. On Fri, Jan 27, 2017 at 10:02 AM, Mckinnish, Randy <randy.mckinn...@compass-usa.com<mailto:randy.mckinn...@compass-usa.com>> wrote: ** Hey Listers, Anyone using Splunk for monitoring mid tiers or your AR Servers? If so what are your thoughts on any value that it adds? Our shop uses several tools already in place and we now have Splunk for some of the other applications. Just wondering if it's a better option and wanted to see what others think. Thanks RandyMckinnish | senior remedy developer | compass group, nad | o: 704.328.1970<tel:(704)%20328-1970> This email is subject to certain disclaimers, which may be reviewed via the following link. http://www.compass-usa.com/disclaimer _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Splunk
Randy, When I was working at a company that had Splunk I was able to use it to monitor all of my important log files (of course), but also wrote some tools that generated specific data from Remedy such as transaction volumes and such and displayed all of that information in charts in SplunkI had logs for concurrent users both in Remedy and Mid-Tier, response times between various components of the environments, used it to alert when interfaces went down...all sorts of stuff. Nothing that couldn't be done in other tools, but it was the first tool I did that stuff in and I really enjoyed the interfaces and the query capabilities...I liked it. On Fri, Jan 27, 2017 at 10:02 AM, Mckinnish, Randy < randy.mckinn...@compass-usa.com> wrote: > ** > > Hey Listers, > > Anyone using Splunk for monitoring mid tiers or your AR Servers? If so > what are your thoughts on any value that it adds? Our shop uses several > tools already in place and we now have Splunk for some of the other > applications. Just wondering if it’s a better option and wanted to see what > others think. > > > > Thanks > > > > *Randy*Mckinnish | senior remedy developer | compass group, nad | o: > 704.328.1970 <(704)%20328-1970> > > > > > > > > > This email is subject to certain disclaimers, which may be reviewed via > the following link. http://www.compass-usa.com/disclaimer > _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Splunk
As with any monitoring tool, it's all in the configuration and support. Our experience doesn't show it to be all that helpful, but I think that's less he tool and more the experience level of those running it. Rick On Jan 27, 2017 09:13, "Mckinnish, Randy" <randy.mckinn...@compass-usa.com> wrote: > ** > > Hey Listers, > > Anyone using Splunk for monitoring mid tiers or your AR Servers? If so > what are your thoughts on any value that it adds? Our shop uses several > tools already in place and we now have Splunk for some of the other > applications. Just wondering if it’s a better option and wanted to see what > others think. > > > > Thanks > > > > *Randy*Mckinnish | senior remedy developer | compass group, nad | o: > 704.328.1970 <(704)%20328-1970> > > > > > > > > > This email is subject to certain disclaimers, which may be reviewed via > the following link. http://www.compass-usa.com/disclaimer > _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Splunk
Hey Listers, Anyone using Splunk for monitoring mid tiers or your AR Servers? If so what are your thoughts on any value that it adds? Our shop uses several tools already in place and we now have Splunk for some of the other applications. Just wondering if it's a better option and wanted to see what others think. Thanks RandyMckinnish | senior remedy developer | compass group, nad | o: 704.328.1970 This email is subject to certain disclaimers, which may be reviewed via the following link. http://www.compass-usa.com/disclaimer ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Splunk
SNMP is better than nothing. I have seen some examples of people using Splunk; not only to keep an eye on up/down but also for keeping an eye on errors and proactively looking for performance problems (api response time/trends, sql response time/trends, etc.). Without knowing what the initial goal was I was picturing what I had seen in the past. With Mark's last update it looks like I have the opposite situation... We use Splunk quite a bit in our IT org and I submitted a request back in November to start using it to monitor Remedy (similar to what was shown to me). Still waiting... I considered setting up a Splunk instance for my team but the size limits on the free edition are too small to realistically track a Remedy system how I would like. I am always interested in other monitoring options and how other people are doing it. Jason On Mon, Feb 15, 2016 at 1:32 PM David Charters < da...@charterstechnologies.com> wrote: > ** > > Unless I have miss-understood, why couldn’t you setup SNMP track. That > would cover the database, application and mid-tier servers. > > > > *From:* Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] *On Behalf Of *Jason Miller > *Sent:* Monday, February 15, 2016 3:49 PM > *To:* arslist@ARSLIST.ORG > *Subject:* Re: Splunk > > > > ** > > Curious, what do you have in mind for a much smaller system? > > On Mon, Feb 15, 2016 at 9:27 AM David Charters < > da...@charterstechnologies.com> wrote: > > ** > > Just my opinion, but that’s a really big system that a much smaller system > can do. > > > > *From:* Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] *On Behalf Of *Brittain, Mark > *Sent:* Monday, February 15, 2016 9:20 AM > *To:* arslist@ARSLIST.ORG > *Subject:* Splunk > > > > ** > > HI All > > > > My management is looking to leverage Splunk to monitor our ITSM > environment. Has anyone used Splunk with AR System/ITSM? If so, is your > Splunk application home grown or acquired? > > > > ARS 7.6.04 > > ITSM 7.6.04 > > > > Thanks > > Mark > > > > *Mark Brittain* > > Sr. OSD Systems Engineer > > ITILv3 Foundation, Continual Service Improvement > > *NaviSite, Inc. – A Time Warner Cable Company* > > mbritt...@navisite.com > > Office: 315.634.9337 > > Mobile: 315.882.5360 > > [image: image001.gif] > > > > > -- > > > This E-mail and any of its attachments may contain Time Warner Cable > proprietary information, which is privileged, confidential, or subject to > copyright belonging to Time Warner Cable. This E-mail is intended solely > for the use of the individual or entity to which it is addressed. If you > are not the intended recipient of this E-mail, you are hereby notified that > any dissemination, distribution, copying, or action taken in relation to > the contents of and attachments to this E-mail is strictly prohibited and > may be unlawful. If you have received this E-mail in error, please notify > the sender immediately and permanently delete the original and any copy of > this E-mail and any printout. > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Splunk
OK, maybe I didn’t quite explain this correctly. We’re not setting up splunk just to use with ITSM. We use splunk for a lot of things and I was approached by our splunk admin to see if we could use splunk to monitor stuff generated out of ARS. If you know of any ready made splunk apps or have suggestions on creating our own, that would be greate. Thanks Mark From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of David Charters Sent: Monday, February 15, 2016 4:03 PM To: arslist@ARSLIST.ORG Subject: Re: Splunk ** Unless I have miss-understood, why couldn’t you setup SNMP track. That would cover the database, application and mid-tier servers. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Monday, February 15, 2016 3:49 PM To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Re: Splunk ** Curious, what do you have in mind for a much smaller system? On Mon, Feb 15, 2016 at 9:27 AM David Charters <da...@charterstechnologies.com<mailto:da...@charterstechnologies.com>> wrote: ** Just my opinion, but that’s a really big system that a much smaller system can do. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of Brittain, Mark Sent: Monday, February 15, 2016 9:20 AM To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Splunk ** HI All My management is looking to leverage Splunk to monitor our ITSM environment. Has anyone used Splunk with AR System/ITSM? If so, is your Splunk application home grown or acquired? ARS 7.6.04 ITSM 7.6.04 Thanks Mark Mark Brittain Sr. OSD Systems Engineer ITILv3 Foundation, Continual Service Improvement NaviSite, Inc. – A Time Warner Cable Company mbritt...@navisite.com<mailto:mbritt...@navisite.com> Office: 315.634.9337 Mobile: 315.882.5360 [image001.gif] This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Splunk
Unless I have miss-understood, why couldn’t you setup SNMP track. That would cover the database, application and mid-tier servers. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Monday, February 15, 2016 3:49 PM To: arslist@ARSLIST.ORG Subject: Re: Splunk ** Curious, what do you have in mind for a much smaller system? On Mon, Feb 15, 2016 at 9:27 AM David Charters <da...@charterstechnologies.com<mailto:da...@charterstechnologies.com>> wrote: ** Just my opinion, but that’s a really big system that a much smaller system can do. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of Brittain, Mark Sent: Monday, February 15, 2016 9:20 AM To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Splunk ** HI All My management is looking to leverage Splunk to monitor our ITSM environment. Has anyone used Splunk with AR System/ITSM? If so, is your Splunk application home grown or acquired? ARS 7.6.04 ITSM 7.6.04 Thanks Mark Mark Brittain Sr. OSD Systems Engineer ITILv3 Foundation, Continual Service Improvement NaviSite, Inc. – A Time Warner Cable Company mbritt...@navisite.com<mailto:mbritt...@navisite.com> Office: 315.634.9337 Mobile: 315.882.5360 [image001.gif] This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Splunk
Curious, what do you have in mind for a much smaller system? On Mon, Feb 15, 2016 at 9:27 AM David Charters < da...@charterstechnologies.com> wrote: > ** > > Just my opinion, but that’s a really big system that a much smaller system > can do. > > > > *From:* Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] *On Behalf Of *Brittain, Mark > *Sent:* Monday, February 15, 2016 9:20 AM > *To:* arslist@ARSLIST.ORG > *Subject:* Splunk > > > > ** > > HI All > > > > My management is looking to leverage Splunk to monitor our ITSM > environment. Has anyone used Splunk with AR System/ITSM? If so, is your > Splunk application home grown or acquired? > > > > ARS 7.6.04 > > ITSM 7.6.04 > > > > Thanks > > Mark > > > > *Mark Brittain* > > Sr. OSD Systems Engineer > > ITILv3 Foundation, Continual Service Improvement > > *NaviSite, Inc. – A Time Warner Cable Company* > > mbritt...@navisite.com > > Office: 315.634.9337 > > Mobile: 315.882.5360 > > [image: image001.gif] > > > > > -- > > > This E-mail and any of its attachments may contain Time Warner Cable > proprietary information, which is privileged, confidential, or subject to > copyright belonging to Time Warner Cable. This E-mail is intended solely > for the use of the individual or entity to which it is addressed. If you > are not the intended recipient of this E-mail, you are hereby notified that > any dissemination, distribution, copying, or action taken in relation to > the contents of and attachments to this E-mail is strictly prohibited and > may be unlawful. If you have received this E-mail in error, please notify > the sender immediately and permanently delete the original and any copy of > this E-mail and any printout. > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Splunk
Paul Buffington is your go-to person for all things Splunk and Remedy. He was with Effect-Tech. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Brittain, Mark Sent: Monday, February 15, 2016 8:20 AM To: arslist@ARSLIST.ORG Subject: Splunk ** HI All My management is looking to leverage Splunk to monitor our ITSM environment. Has anyone used Splunk with AR System/ITSM? If so, is your Splunk application home grown or acquired? ARS 7.6.04 ITSM 7.6.04 Thanks Mark Mark Brittain Sr. OSD Systems Engineer ITILv3 Foundation, Continual Service Improvement NaviSite, Inc. - A Time Warner Cable Company mbritt...@navisite.com<mailto:mbritt...@navisite.com> Office: 315.634.9337 Mobile: 315.882.5360 [navsig] This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Splunk
Just my opinion, but that's a really big system that a much smaller system can do. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Brittain, Mark Sent: Monday, February 15, 2016 9:20 AM To: arslist@ARSLIST.ORG Subject: Splunk ** HI All My management is looking to leverage Splunk to monitor our ITSM environment. Has anyone used Splunk with AR System/ITSM? If so, is your Splunk application home grown or acquired? ARS 7.6.04 ITSM 7.6.04 Thanks Mark Mark Brittain Sr. OSD Systems Engineer ITILv3 Foundation, Continual Service Improvement NaviSite, Inc. - A Time Warner Cable Company mbritt...@navisite.com<mailto:mbritt...@navisite.com> Office: 315.634.9337 Mobile: 315.882.5360 [navsig] This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Splunk
Mark, We use Splunk to monitor various aspects of our system and even use Splunk to open alerts in our monitoring system to send out pages and such. If I ever move somewhere without Splunk, I'm really going to miss the dashboards that I have created for it :) On Mon, Feb 15, 2016 at 7:20 AM, Brittain, Mark <mbritt...@navisite.com> wrote: > ** > > HI All > > > > My management is looking to leverage Splunk to monitor our ITSM > environment. Has anyone used Splunk with AR System/ITSM? If so, is your > Splunk application home grown or acquired? > > > > ARS 7.6.04 > > ITSM 7.6.04 > > > > Thanks > > Mark > > > > *Mark Brittain* > > Sr. OSD Systems Engineer > > ITILv3 Foundation, Continual Service Improvement > > *NaviSite, Inc. – A Time Warner Cable Company* > > mbritt...@navisite.com > > Office: 315.634.9337 > > Mobile: 315.882.5360 > > [image: navsig] > > > > -- > > This E-mail and any of its attachments may contain Time Warner Cable > proprietary information, which is privileged, confidential, or subject to > copyright belonging to Time Warner Cable. This E-mail is intended solely > for the use of the individual or entity to which it is addressed. If you > are not the intended recipient of this E-mail, you are hereby notified that > any dissemination, distribution, copying, or action taken in relation to > the contents of and attachments to this E-mail is strictly prohibited and > may be unlawful. If you have received this E-mail in error, please notify > the sender immediately and permanently delete the original and any copy of > this E-mail and any printout. > _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Splunk
Hi Mark, We are using Splunk to monitor our AR Servers. We are manually setting up few parameters to look out for in our servers. Thanks, Bala From: Action Request System discussion list(ARSList) <arslist@ARSLIST.ORG> on behalf of Brittain, Mark <mbritt...@navisite.com> Sent: Monday, February 15, 2016 2:20 PM To: arslist@ARSLIST.ORG Subject: Splunk ** HI All My management is looking to leverage Splunk to monitor our ITSM environment. Has anyone used Splunk with AR System/ITSM? If so, is your Splunk application home grown or acquired? ARS 7.6.04 ITSM 7.6.04 Thanks Mark Mark Brittain Sr. OSD Systems Engineer ITILv3 Foundation, Continual Service Improvement NaviSite, Inc. - A Time Warner Cable Company mbritt...@navisite.com<mailto:mbritt...@navisite.com> Office: 315.634.9337 Mobile: 315.882.5360 [navsig] This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Splunk
HI All My management is looking to leverage Splunk to monitor our ITSM environment. Has anyone used Splunk with AR System/ITSM? If so, is your Splunk application home grown or acquired? ARS 7.6.04 ITSM 7.6.04 Thanks Mark Mark Brittain Sr. OSD Systems Engineer ITILv3 Foundation, Continual Service Improvement NaviSite, Inc. - A Time Warner Cable Company mbritt...@navisite.com<mailto:mbritt...@navisite.com> Office: 315.634.9337 Mobile: 315.882.5360 [navsig] This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Splunk - Remedy Integration
Hi, The issue is related to integrate Splunk with ARS7.6.04. Splunk is implemented to monitor some network devices and generate an alert if there is any issue. We have: -the java program ready with in-turn able to consume remedy web-services to create an incident in remedy. -We have also created a batch file which embedded the commands to execute this java script. -this batch file is successfully called up from Splunk alert as 'Run as Script option' using the static/hardcoded values as input parameters to batch file. Now the issue is: how to to pass/push each splunk alert information (dynamically) to the batch file as input parameters to create an incident for real alert generated? Splunk - Call Batch file by passing static input values (need a solution for dynamic splunk alert values)-execute java script to consume remedy web-services to create an incident. Regards, Sachin This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. __ www.accenture.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Splunk - Remedy Integration
Hi, The batch file can take command line parameters which can be set via splunk dynamically. The batch file can send the input parameters for the Java code calling web service. This is a solution at a very layman's terms. Hope it helps you. Vikrant On 21-Oct-2013 12:48 PM, Sachin Verma sachin.ve...@accenture.com wrote: ** Hi, ** ** The issue is related to integrate Splunk with ARS7.6.04. Splunk is implemented to monitor some network devices and generate an alert if there is any issue. We have: ** ** -the java program ready with in-turn able to consume remedy web-services to create an incident in remedy. -We have also created a batch file which embedded the commands to execute this java script. -this batch file is successfully called up from Splunk alert as ‘Run as Script option’ using the static/hardcoded values as input parameters to batch file. ** ** Now the issue is: how to to pass/push each splunk alert information (dynamically) to the batch file as input parameters to create an incident for real alert generated? ** ** Splunk - Call Batch file by passing static input values (*need a solution for dynamic splunk alert values*)-execute java script to consume remedy web-services to create an incident. ** ** Regards, Sachin -- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. __ www.accenture.com _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Splunk - Remedy Integration
Thanks Vikrant, actually I am looking for the solution: how to pass the alert values generated from Splunk to the batch file. How to dynamically set those at Splunk while calling the batch file? Regards, Sachin From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Vikrant Kulkarni Sent: Monday, October 21, 2013 12:52 PM To: arslist@ARSLIST.ORG Subject: Re: Splunk - Remedy Integration ** Hi, The batch file can take command line parameters which can be set via splunk dynamically. The batch file can send the input parameters for the Java code calling web service. This is a solution at a very layman's terms. Hope it helps you. Vikrant On 21-Oct-2013 12:48 PM, Sachin Verma sachin.ve...@accenture.commailto:sachin.ve...@accenture.com wrote: ** Hi, The issue is related to integrate Splunk with ARS7.6.04. Splunk is implemented to monitor some network devices and generate an alert if there is any issue. We have: -the java program ready with in-turn able to consume remedy web-services to create an incident in remedy. -We have also created a batch file which embedded the commands to execute this java script. -this batch file is successfully called up from Splunk alert as 'Run as Script option' using the static/hardcoded values as input parameters to batch file. Now the issue is: how to to pass/push each splunk alert information (dynamically) to the batch file as input parameters to create an incident for real alert generated? Splunk - Call Batch file by passing static input values (need a solution for dynamic splunk alert values)-execute java script to consume remedy web-services to create an incident. Regards, Sachin This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. __ www.accenture.comhttp://www.accenture.com _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Splunk - Remedy Integration
A quick search on http://answers.splunk.com shows the question comes up regularly, so have a look at the following to see if they point you in the right direction: http://answers.splunk.com/search/?q=alert+script+parameterSubmit=Search http://answers.splunk.com/answers/749/how-do-i-pass-event-arguments-to-scripts-run-in-response-to-splunk-alerts http://answers.splunk.com/answers/3019/scripted-alert-question http://answers.splunk.com/answers/40843/alerting-send-ipuser-to-script-as-a-parameter http://answers.splunk.com/answers/88934/pass-variable-to-a-scripted-alert From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Sachin Verma Sent: Monday, 21 October 2013 5:40 PM To: arslist@ARSLIST.ORG Subject: Re: Splunk - Remedy Integration ** Thanks Vikrant, actually I am looking for the solution: how to pass the alert values generated from Splunk to the batch file. How to dynamically set those at Splunk while calling the batch file? Regards, Sachin From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG]mailto:[mailto:arslist@ARSLIST.ORG] On Behalf Of Vikrant Kulkarni Sent: Monday, October 21, 2013 12:52 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: Splunk - Remedy Integration ** Hi, The batch file can take command line parameters which can be set via splunk dynamically. The batch file can send the input parameters for the Java code calling web service. This is a solution at a very layman's terms. Hope it helps you. Vikrant On 21-Oct-2013 12:48 PM, Sachin Verma sachin.ve...@accenture.commailto:sachin.ve...@accenture.com wrote: ** Hi, The issue is related to integrate Splunk with ARS7.6.04. Splunk is implemented to monitor some network devices and generate an alert if there is any issue. We have: -the java program ready with in-turn able to consume remedy web-services to create an incident in remedy. -We have also created a batch file which embedded the commands to execute this java script. -this batch file is successfully called up from Splunk alert as 'Run as Script option' using the static/hardcoded values as input parameters to batch file. Now the issue is: how to to pass/push each splunk alert information (dynamically) to the batch file as input parameters to create an incident for real alert generated? Splunk - Call Batch file by passing static input values (need a solution for dynamic splunk alert values)-execute java script to consume remedy web-services to create an incident. Regards, Sachin This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. __ www.accenture.comhttp://www.accenture.com _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years