Skip to main content

Forwarding inventory and events to Splunk

You can configure Lenovo XClarity Orchestrator to forward inventory and events in a predefined format to a Splunk application. You can then use Splunk to create graphs and charts based on that data to help analyze conditions and predict problems in your environment.

Before you begin

Attention
A secure connection is not established when forwarding data to this service. Data is sent over a clear text protocol.

About this task

Splunk is a tool for data-center operators to track and analyze event logs and other data. Lenovo provides an XClarity Orchestrator app for Splunk that analyzes events that are forwarded by XClarity Orchestrator and presents the analysis in a set of dashboards. You can monitor the dashboards in this app as an aid to find potential problems in your environment so that you can react before serious issues occur. For more information, see XClarity Orchestrator app for Splunk User’s Guide.

You can define multiple Splunk configurations; however, XClarity Orchestrator can forward events to only one Splunk instance. Therefore, only one Splunk configuration can be enabled at a time.

If resource-based access control is enabled, data is forwarded for only those resources that you can access using access-control lists. If you are not a member of a group to which the predefined Supervisor role is assigned, you must assign one or more access-control lists to the forwarders that you create. If you want to send data for all resources that you can access, select all access-control lists that are associated that are available to you. If you are a member of a group to which the predefined Supervisor role is assigned, you can choose to send data for all resources, or you can choose to assign access control lists to limit the resources.

You cannot filter data that is forwarded to Splunk applications.

Procedure

To forward inventory and event data to a Splunk application, complete the following steps.

  1. From the XClarity Orchestrator menu bar, click Monitoring (Monitoring icon) > Forwarding, and then click Data Forwarders in the left navigation to display the Data Forwarders card.
  2. Click the Create icon (Add icon) to display the Create Data Forwarder dialog.
  3. Specify the forwarder name and optional description.
  4. Choose to enable or disable the forwarder by clicking the State toggle.
  5. Select Splunk as the forwarder type.
  6. Click Configuration, and fill in the protocol-specific information.
    • Enter the hostname or IP address of the Splunk application.
    • Specify the user account and password to use to log in to the Splunk service.
    • Specify the REST API and data port numbers to use to connect to the Splunk service.
    • Specify one or more HTTP event-collector indices. The default index is lxco.
    • Enter the time-out period (in seconds) for the request. Default is 30 seconds.
  7. Click Access Control Lists, and select one or more access-control lists that you want to associated with this forwarder.

    If resource-based access is enabled, you must select at least one access-control list.

    Tip
    Users that are members of a group to which the predefined Supervisor role is assigned can optionally select Match Everything instead of selecting an access control lists so that forwarded data is not restricted.
  8. Click Create to create the forwarder.

After you finish

You can perform the following actions from the Data Forwarders card.

  • Enable or disable a selected forwarder by selecting the toggle in the State column
  • Modify a selected forwarder by clicking the Edit icon (Edit icon).
  • Remove a selected forwarder by clicking the Delete icon (Delete icon).