«

»

Mar 31 2016

Welcome New Nutanix App for Splunk!

 

 

 

 

This week Nutanix is made available a Splunk PRISM App that enables administrators to centralize Nutanix log files into a single place for search, monitoring and analysis. The Splunk Web Framework is the perfect app framework to create custom dashboards – and the Splunk PRISM App already comes with pre-created default dashboard.

The mechanism used to ship logs from Nutanix to Splunk is Syslog. Syslog is a way for devices to send event messages to a logging server – usually known as Syslog server – and in this case it is Splunk. Syslog is a standard for computer message logging. It permits separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. In Nutanix each log in /home/nutanix/data/logs/ is prefixed with the name of the module (for example, cassandra) generating the information. The REST API is also used to collect few metrics.

 

You can download and use Splunk for Free 

Splunk Enterprise is the leading platform for real-time operational intelligence. When you download Splunk Enterprise for free, you get a Splunk Enterprise license for 60 days that lets you index up to 500 megabytes of data per day. When the free trial ends, you can convert to a perpetual Free license or purchase an Enterprise license to continue using the expanded functionality designed for multi-user deployments. Download Splunk here.

 

As part of the release there are two packages to be known.

  • TA for Nutanix Prism – The Nutanix Prism TA for Splunk Enterprise allows Nutanix Prism customers to ingest data from Nutanix Prism’s Rest API providing customers insight into their virtual environments managed by Nutanix Prism.
  • Nutanix Prism Dashboard for Splunk – The Nutanix App for Splunk allows customers of Splunk® Enterprise and Nutanix to visualize and view the state of their cluster from Splunk. In addition, the app allows users to view log events surrounding all Nutanix processes and search specific Nutanix syslog data within the app.

 

[Nutanix Prism Dashboard for Splunk] [Click to see full screen]

 

Both packages can be download from the link here.

 

Nutanix Syslog forward logs for multiple components, namely Stargate | Cassandra | Genesis | Cerebro | Curator | Zookeeper | Prism. To understand each one of the Nutanix components I recommend checking out the NutanixBible here.

[Click to see full screen]

 

For the collected logs the Nutanix Splunk App will automatically identify specific core source types:

nutanix_arch – system data that relates all things VMs (vmName, vmId, vmDisks etc..), Protection Domains, Guest Tools, diskStatus, Controller stats; basically all types of individual stats and settings for every object in a cluster.

nutanix_cluster – events related to clusters, such as cluster_time, controller_avg_io_latency_usecs and controller_io_bandwidth_kBps across entire cluster.

nutanix_health – events related to overall system health generated by health_check_summary.

nutanis_events and nutanix_alerts – all system generate alerts to administrators.

[Click to see full screen]

 

nutanix_arch is the source for nutanix:vms |  nutanix:disks | nutanix:hosts | nutanix:resiliency and many more entities from the Nutanix architecture and clusters.

[Click to see full screen]

 

Here is Robert Corradini (@netwtach) video on how to install and use the app.

 

 

This article was first published by Andre Leibovici (@andreleibovici) at myvirtualcloud.net.

1 comment

1 ping

  1. Peter

    Any change that we will get a pack for Log Insight as well?

  1. Newsletter: April 2, 2016 | Notes from MWhite

    […] New Nutanix App for Splunk! You can see Andre’s article about the new Nutanix App for Splunk.  Looks quite […]

Leave a Reply