Source types for the Splunk Add-on for EMC VNX
The Splunk Add-on for EMC VNX provides the index-time and search-time knowledge for inventory, performance metrics and alert events. By default, all VNX data is indexed into the
There are two classes of VNX hardware producing data, VNX File and VNX Block. The sourcetype of each event indicates which class of hardware produced the event. Sourcetypes beginning with
vnx:file: are for VNX File. Sourcetypes beginning with
vnx:block: are for VNX Block.
All events are in key=value pair formats. Related events can be traced in searches using
transaction by group ID's, device ID's, serial numbers, and more. For instance, a block device (A.K.A. LUN) may have a RAID group ID which shows which RAID group it comes from. All events have a combined unique key. For example, an event for a block device has an device ID and array serial number. These two fields uniquely identify the device globally for drill down and event correlation.
The add-on collects many different kinds of events for VNX File and VNX Block, including performance, inventory, and status metrics. Depending on the setup in VNX File and Block, there may be events missing because the corresponding storage object is not created. For example, if “checkpoint” has not been created in VNX File, there will be no such events. This is a VNX configuration issue that needs to be corrected before VNX can log data.
For detailed information and examples for each of the event types, refer to:
About the Splunk Add-on for EMC VNX
Release notes for the Splunk Add-on for EMC VNX
This documentation applies to the following versions of Splunk® Supported Add-ons: released