Splunk® Supported Add-ons

Splunk Add-on for EMC VNX

Source types for the Splunk Add-on for EMC VNX

The Splunk Add-on for EMC VNX provides the index-time and search-time knowledge for inventory, performance metrics and alert events. By default, all VNX data is indexed into the main index.

There are two classes of VNX hardware producing data, VNX File and VNX Block. The sourcetype of each event indicates which class of hardware produced the event. Sourcetypes beginning with vnx:file: are for VNX File. Sourcetypes beginning with vnx:block: are for VNX Block.

All events are in key=value pair formats. Related events can be traced in searches using transaction by group ID's, device ID's, serial numbers, and more. For instance, a block device (A.K.A. LUN) may have a RAID group ID which shows which RAID group it comes from. All events have a combined unique key. For example, an event for a block device has an device ID and array serial number. These two fields uniquely identify the device globally for drill down and event correlation.

The add-on collects many different kinds of events for VNX File and VNX Block, including performance, inventory, and status metrics. Depending on the setup in VNX File and Block, there may be events missing because the corresponding storage object is not created. For example, if "checkpoint" has not been created in VNX File, there will be no such events. This is a VNX configuration issue that needs to be corrected before VNX can log data.

For detailed information and examples for each of the event types, refer to:

Last modified on 21 July, 2021
About the Splunk Add-on for EMC VNX   Release notes for the Splunk Add-on for EMC VNX

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters