Map Your Own IT Ecosystem
See how Zenoss fits into your IT ecosystem.
Start MAPPING NOW
Huntington Success Story
Learn how Huntington consolidated from 37 tools to a single monitoring solution.
Customer Support Portal
Zenoss Learning Center
Zenoss & Cisco: Changing IT with service assurance for hybrid data centers.
Zenoss Partner Portal
Become a Partner
BBC Success Story
The BBC chose Zenoss for three key reasons: scalability, flexibility and value for money.
Hybrid IT Monitoring
Zenoss provides complete visibility into physical, virtual, cloud and converged environments.
Request A Demo
This ZenPack is included with commercial versions of Zenoss and enterprise support for this ZenPack is provided to Zenoss customers with an active subscription.
Splunk is a search engine for IT data. It lets you search and analyze all the data your IT infrastructure generates from a single location in real time. More information on Splunk can be found at http://www.splunk.com/.
The Splunk ZenPack allows you to monitor the results of a Splunk search. The total count returned by a search can be recorded, thresholded and graphed as well as additional tabular data contained within the results of more advanced searches that make use of Splunk's top filter. The value of monitoring Splunk searches is that it adds an easy and flexible way to monitor log data at aggregate level instead of on a log-by-log basis.
The Splunk ZenPack provides:
The Splunk ZenPack adds the new Splunk data source type to your Resource Manager system. This data source can be used to monitor the results of Splunk searches.
The Splunk data source type has the following fields in common with many other Resource Manager data source types.
In the event that the Splunk search fails to execute successfully an event will be generated. The following fields control key fields in the generated event. It is important to note that these fields only apply when the Splunk search fails to execute, and not when a threshold on the data point is breached.
The following fields are specific to Splunk type data sources.
Note: Username and password should be left blank when using the free version of Splunk. See the following Splunk documentation for configuring your free Splunk server for remote administration.
The easiest way to get started monitoring your Splunk searches is with a simple search. The following steps will illustrate a simple way to build dynamic Splunk search monitoring.
This example demonstrates how to detect brute-force password cracking attempts on all Linux servers.
Now you will have a Failed Passwords graph on all of your Linux servers that visualizes how many failed password attempts have occurred over the last 5 minutes. You will also get a warning severity event anytime more than 10 failed password attempts are made within a 5 minute period.
Monitoring additional data points within a top search builds on monitoring a simple search. You can extract numeric data from the tabular results returned from a top search using the following steps.
This example demonstrates how you can monitor the logs by source type for all Linux devices.
You will now have a graph for all Linux devices that shows what percentage of logs are coming from the audit and secure logs respectively. This ability to track multiple results from a single Splunk search has many other possible uses. Experiment with the top and stats filters in Splunk to see what other useful data you can extract.
$ sudo su - zenoss
$ zenpack --install ZenPacks.zenoss.Splunk-*.egg
$ zenoss restart
View the discussion thread.
This ZenPack is developed and supported by Zenoss Inc. Commercial ZenPacks are available to Zenoss commercial customers only. Contact Zenoss to request more information regarding this or any other ZenPacks. Click here to view all available Zenoss Commercial ZenPacks.