Splunk® App for NetApp Data ONTAP (Legacy)

Deploy and Use the Splunk App for NetApp Data ONTAP

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® App for NetApp Data ONTAP (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Configure a cluster deployment

A cluster is a group of of Splunk Enterprise nodes (indexers) configured to replicate each others' data, so that the system keeps multiple copies of all of the data. This process is known as index replication. By maintaining multiple, identical copies of the data, clusters prevent data loss while promoting data availability for searching.

An overview of clusters

A cluster contains the following nodes:

  • A single master node to manage the cluster. The master node is a specialized type of indexer.
  • Several peer nodes that handle the indexing function for the cluster, indexing and maintaining multiple copies of the data and running searches across the data.
  • One or more search heads to coordinate searches across all the peer nodes.

There are additional configuration steps, beyond what's needed for a stand-alone indexer, for setting up a cluster. For more information, see "About clusters and index replication" in the "Managing Indexers and Clusters" manual.

Before you set up a cluster, read the topic "Key differences between clustered and non-clustered deployments" in the Splunk Enterprise documentation to set up a cluster.

Configure a cluster for the Splunk App for NetApp Data ONTAP

The Splunk App for NetApp Data ONTAP requires a stable and supportable Splunk installation.

To set up a cluster environment for the Splunk App for NetApp Data ONTAP:

This topic discusses the specific requirements for the Splunk App for NetApp Data ONTAP in a clustered environment.

  1. Determine the nodes you want to set up as the master node, peer nodes and search head nodes. Also decide what replication factor you want to implement. The replication factor is the number of copies of raw data that the cluster maintains. It should be less than or equal to the number of search peers (slave nodes).
  2. Install the Splunk App for NetApp Data ONTAP on the search head, master nodes, and search peers under the $SPLUNK_HOME/etc/apps directory.
  3. Follow the instructions in Deploy a cluster to enable the master node, the peer nodes, and the search head for a clustered environment.
  4. Delete SA-Utils from the master-apps directory before issuing the 'apply cluster-bundle' command. If SA-Utils is deployed, it will prevent the UI on any indexers from starting up.)
  5. To configure indexes across cluster peers, read "Configure the peer indexes". The Splunk App for NetApp Data ONTAP uses the "ontap" index. On the master node, add the new "ontap" index to the $SPLUNK_HOME/etc/master-apps/_cluster/local/indexes.conf file to make the ONTAP data available. When you add a new index stanza, set the repFactor attribute to auto. This causes the index's data to be replicated to other peers in the cluster. Note: To add a new index to a cluster, directly edit indexes.conf. You cannot add an index via Splunk Web or the CLI. This step makes the NetApp data available to the cluster.
    [ontap]
    repFactor=auto
  6. On the master node, to distribute the configuration bundle to the search peers, log in to Splunk Web or use the CLI. Distribute the bundle in the $SPLUNK_HOME/etc/master-apps directory.
  7. $SPLUNK_HOME/etc/slave-apps/_cluster/local/indexes.conf is updated on all the search peers with the index configuration added on the master node.
  8. This step is optional.To distribute apps to all peers and share them across the cluster:
    1. Read the topic How to distribute apps to all peers. Add each app under $SPLUNK_HOME/etc/master-apps/<app-name>. Distribute the following Splunk App for NetApp Data ONTAP components to all search peers:
      /SA-Hydra
      /SA-Utils
      /splunk_app_netapp
      /Splunk_TA_ontap
    2. On the search peers, check that the app files exist under $SPLUNK_HOME/etc/slave-apps/<app_name>.
  9. When you have installed the app on the search head node, master node, and search peers and you have set up the cluster, follow the instruction in "Create a data collection node" described in this manual to get your data collection nodes.
  10. Data collection nodes are managed by the scheduler, on the master node. Log in to Splunk Web and navigate to the Collection Configuration dashboard. Register all new data collection nodes individually with the scheduler, specify the associated filers, and have them forward data to the indexers, then start the scheduler. See the "Add a data collection node" topic in this manual for instructions.
  11. Log in to the data collection nodes and check that data is being forwarded to the indexers in the cluster.
  12. When you have installed and configured the app in your environment, you can log in to Splunk Web on the search head to view the Splunk App for NetApp Data ONTAP dashboards and use the app.

Sharing apps in a cluster

The master node distributes new or edited configuration files or apps across all the peers. Follow the instructions in the topic "Update common peer configurations and apps" to share apps in a cluster.

For example, to share a saved search across the peer nodes, add the saved search to $SPLUNK_HOME/etc/master-apps/<app-name>/.

Update the savedsearches.conf file. Log in to Splunk Web on the cluster master and push the configuration bundle. You can see the apps in $SPLUNK_HOME/etc/slave-apps/<app-name>/.

Managing configuration changes

Once the Splunk App for NetApp Data ONTAP has been distributed to the set of peers, you launch and manage it on each peer with Splunk Web. See "Managing app configurations and properties" in the Admin Manual.

Last modified on 25 August, 2015
PREVIOUS
Configure search head pooling
  NEXT
Configure data models

This documentation applies to the following versions of Splunk® App for NetApp Data ONTAP (Legacy): 2.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2, 2.1.3


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters