Splunk® Supported Add-ons

Splunk Add-on for NetApp Data ONTAP

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Install the Splunk Add-on for NetApp Data ONTAP

Install the Splunk Add-on for NetApp Data ONTAP for use with the Splunk App for NetApp Data ONTAP and the Storage Module for Splunk IT Service Intelligence. See the installation sections for the Splunk App for NetApp Data ONTAP and Splunk IT Service Intelligence for more information.

Deployment Compatibility

This table provides information about the Splunk Add-on for NetApp ONTAP compatibility with Splunk distributed deployment features.

Distributed Deployment Feature Supported Notes
Search Head Clusters Yes Install the TA-ONTAP-FieldExtractions package to get the search-time field extractions on your Search Head. Install the Splunk Add-on for NetApp Data ONTAP Extractions package on your deployer before pushing the package from the deployer to Search Head. You do not need to install components Splunk_TA_ontap and SA-ONTAPIndex on your deployer.
Indexer Clusters Yes Install the SA-ONTAPIndex package to define the indexes used by Splunk Add-on for NetApp Data ONTAP. Install the component SA-ONTAPIndex from the Splunk Add-on for NetApp Data ONTAP Indexes package onto your cluster manager to deploy the Splunk Add-on for NetApp Data ONTAP packages.
Deployment Server Yes If you use a deployment server, install the Splunk Add-on for NetApp Data ONTAP onto your deployment servers. See About deployment server and forwarder management to learn more about managing your deployment servers.

Follow the installation steps that suit your deployment type.

Single-instance deployment

A single-instance deployment of the Splunk platform contains indexers and search heads on a single host. Here's how to install the add-on for a single-instance deployment.

  1. Download the below add-ons from Splunkbase.
    1. Splunk Add-on for NetApp Data ONTAP
    2. Splunk Add-on for NetApp Data ONTAP Indexes
    3. Splunk Add-on for NetApp Data ONTAP Extractions
  2. Extract the packages in the .tgz file in downloaded add-on builds to $SPLUNK_HOME/etc/apps.
  3. Verify that all of the installation components exist in the $SPLUNK_HOME/etc/apps folder.
  4. Restart your Splunk platform instance.

Search head cluster environment

Versions 2.1.5 and later of the Splunk Add-on for NetApp Data ONTAP supports search head clustering environments. Perform the following steps to set up the add-on in a search head cluster deployment. This configuration improves the overall performance of the Splunk Add-on for NetApp Data ONTAP in a search head cluster environment.

For an overview of search head clustering, see Search head clustering architecture in the Splunk Enterprise Distributed Search manual.

Prerequisites

The following are prerequisites for installing the add-on in a search head cluster environment:

  • You have a minimum of 3 Splunk Enterprise instances to serve as search head cluster members and one additional instance that serves as a deployer which you use to distribute apps and updated configurations to the cluster members.
  • The scheduler must be deployed on a dedicated search head and not on any individual search head in the search head cluster.
  • Each search head cluster member must be fresh install of Splunk Enterprise and not re-purposed instance.
  • You have migrated your settings from a search head pool to a search head cluster. For more information, see Migrate from a search head pool to a search head cluster in the Splunk Enterprise Distributed Search manual.
  • You have a licensed version of Splunk Enterprise installed and running in your environment.

Install your search head cluster

Splunk Add-on for NetApp Data ONTAP version 2.1.5 and higher supports search head clustering .

See Deploy a search head cluster in the Splunk Enterprise Distributed Search manual for more information on how to install, configure, and deploy a search head cluster.

Install and deploy the Splunk Add-on for NetApp Data ONTAP on your search head cluster

Complete the following steps to download, install, and deploy the Splunk Add-on for NetApp Data ONTAP on the tiers of your search head cluster.

You must use the search head cluster deployer to distribute your configurations across your set of search head cluster members. See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual.

Install on the scheduler and data collection nodes

  1. Download the Splunk Add-on for NetApp Data ONTAP from Splunkbase.
  2. Extract the packages present in the downloaded build to the $SPLUNK_HOME/etc/apps directory on the forwarder.
  3. Restart the Splunk services.

Install on Indexers

  1. Download the Splunk Add-on for NetApp Data ONTAP Indexes from Splunkbase.
  2. Extract the packages present in the downloaded build to the $SPLUNK_HOME/etc/master-apps directory on the cluster master.
  3. Apply the changes to the indexers from the cluster master using the following command:
./splunk apply cluster-bundle -auth <username>:<password>

Install on search heads

  1. Download the Splunk Add-on for NetApp Data ONTAP Extractions from Splunkbase.
  2. Extract the packages present in the downloaded build to the $SPLUNK_HOME/etc/shcluster/apps directory on the deployer.
  3. Apply the changes to the search heads from the deployer using the following command:
./splunk apply shcluster-bundle -target <URI>:<management_port> -auth <username>:<password>

Distributed installation

For larger environments where data originates from many machines and where many users need to search the data, you can separate the indexing and searching functions. In this type of distributed search deployment, each indexer indexes data and performs searches across its own indexes. A Splunk Enterprise instance dedicated to search management, called the search head, coordinates searches across the set of indexers, consolidating the results and presenting them to the user. For more information about distributed search, see About distributed search in the Distributed search manual.

Complete the following steps for the specific components:

Install on DCN

  1. Download the Splunk Add-on for NetApp Data ONTAP from Splunkbase.
  2. Extract the packages present in the downloaded build to the $SPLUNK_HOME/etc/apps directory on the DCN.
  3. Apply the changes to the DCN by restarting the Splunk services on the DCN.

Install on scheduler

  1. Download the Splunk Add-on for NetApp Data ONTAP from Splunkbase.
  2. Extract the package present in the downloaded build to the SPLUNK_HOME/etc/apps directory on the DCS.

Apply the changes to the DCS by restarting the Splunk services on the DCS.

Install on indexers

  1. Download the Splunk Add-on for NetApp Data ONTAP Indexes from Splunkbase.
  2. Extract the packages present in the downloaded build to the SPLUNK_HOME/etc/apps directory on the indexers.
  3. Apply the changes to the indexers by restarting the Splunk services on the indexers.

Install on search heads

  1. Download the Splunk Add-on for NetApp Data ONTAP Extractions from Splunkbase.
  2. Extract the package present in the downloaded build to the SPLUNK_HOME/etc/apps directory on the search heads.
  3. Apply the changes to the search heads by restarting the Splunk services on the search heads.

Cloud environment

Complete the following steps to install the add-on in a cloud environment. See the NetApp Data ONTAP Installation overview and review the deployment diagram if you haven't yet.

The scheduler and data collection node (DCN) instances for the add-on must be on-premise. The indexer and search tead tier can be part of the cloud environment. See the previous section to set up the add-on on the scheduler and data collection node.

Complete the following steps to install the required add-on packages on the indexer and search heads present in the cloud environment:

  1. Login to your search head.
  2. On the Splunk Web home page, click "Find More Apps".
  3. Search for the following add-ons:.
    1. Splunk Add-on for NetApp Data ONTAP Indexes
    2. Splunk Add-on for NetApp Data ONTAP Extractions
  4. Click Install.
  5. Review the confirmation message.
  6. Click Continue.
  7. Enter your Splunk.com login credentials.
  8. Read and accept the login disclaimer
  9. Click Login and Download.
  10. On the App Management page, review the installed apps.

Install and configure data collection nodes

You must have at least one data collection node installed and running in your environment to collect ONTAP API data. You can build a data collection node and configure it as a physical machine or as a VM image to deploy specifically for your environment.

install a Splunk heavy forwarder or light forwarder, version 7.3.0 to 8.2.0 on the host that will be your data collection node. You cannot use a Splunk Universal Forwarder for it because Python is required. This is a minimum Splunk requirement for the Splunk App for NetApp Data ONTAP. A data collection node requires that you have a Splunk supported version of CentOS or RedHat Enterprise Linux (RHEL) that is supported by Splunk version 6.3.1 or later. For search head cluster environments, data collection nodes must still be dedicated to a separate search head for scheduling.

Follow the steps below to build a physical data collection node or a VM data collection node. To build a data collection node VM, follow the guidelines set by your specific virtualization solution to create the virtual machine and deploy it in your environment.

Build a data collection node

  1. Install a CentOS or RedHat Enterprise Linux version that is supported by Splunk Enterprise version 7.3.0 to 8.2.0.
    1. For system compatibility information, see Splunk data collection node resource requirements in this manual.
  2. Install Splunk Enterprise version 7.3.0 to 8.2.0 configured as light or heavy forwarder (Python is required). Note: you cannot use a Splunk universal forwarder.
  3. Install the app components. Get the file splunk_add_on_for_netapp-<number>.tgz and put it in $SPLUNK_HOME/etc/apps.
  4. Extract this file. It automatically extracts into the $SPLUNK_HOME/etc/apps directory.
  5. On the data collection node you need the following components: SA-Hydra and Splunk_TA_ontap in $SPLUNK_HOME/etc/apps. Do not install splunk_app_netapp in a data collection node.
  6. Check that firewall ports are enabled. The data collection node communicates, by default, with splunkd on port 8089. It communicates with the scheduling node, by default on port 8008. These are the default ports. For more information on configuring firewall ports, see Network settings in this manual.
  7. Set up forwarding to the port on which the Splunk indexer(s) is configured to receive data. See Enable a receiver in the Forwarding Data manual.
  8. Change the default password using the CLI for this forwarder. The default password for Splunk's admin user is changeme. Be sure to change the value of the password to something other than changeme.
    ./splunk edit user admin -password 'newpassword' -role admin -auth admin:changeme
  9. Restart Splunk.
  10. After deploying the collection components, add the forwarder to your scheduler's configuration. To do this, see Collect data from your environment in this manual.

Set static IP addresses

While not required, setting a static IP address for the data collection node is recommended. The data collection node's IP address can vary over time when using DHCP (dynamic addressing), causing unexpected results. Connecting to a specific collection node can be difficult (especially if DNS is down). You can connect to the data collection node to perform maintenance or to determine which collection node is sending data.

Change the NTP server pool list

The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. Most *Nix systems give you the ability to set up or change time synchronization. You can change the NTP servers that your data collection node uses by editing the /etc/ntp.conf file.

The default values for the servers in /etc/ntp.conf are: 

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org

To use different NTP servers, replace the default values in the file with your specific values. Restart ntpd for the changes to take effect. 

sudo service ntpd restart

Disable NTP on the data collection node

If you do not have access to the internet ( for example, you operate behind a firewall that precludes access to the Internet) you can disable NTP on the data collection node.

Upgrade from the Splunk App NetApp Data ONTAP versions 2.1.4 and earlier

To upgrade your deployment from a versions 2.1.4 and earlier of the Splunk App NetApp Data ONTAP, see the Upgrade to Splunk App for NetApp Data ONTAP 2.1.5 section of the Splunk App for NetApp Data ONTAP manual.

Last modified on 13 September, 2023
PREVIOUS
Installation overview 		  NEXT
Configure inputs

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters