Splunk® App for NetApp Data ONTAP (Legacy)

Deploy and Use the Splunk App for NetApp Data ONTAP

This documentation does not apply to the most recent version of Splunk® App for NetApp Data ONTAP (Legacy). For documentation on the most recent version, go to the latest release.

What a Splunk App for NetApp Data ONTAP deployment looks like

A Splunk App for NetApp Data ONTAP deployment

The Splunk App for NetApp Data ONTAP works with NetApp® Data ONTAP to collect granular performance, log, and event data about the storage layer and bring it into Splunk. You can then use this data and correlate it with other data in your environment.

Solution Architecture (updated VCS) - ONTAP.png

A Splunk App for NetApp Data ONTAP deployment is made up of Splunk Enterprise components installed on multiple machines with the specific app components installed onto the Splunk platform. Your deployment contains the following components:

  • A search head with Splunk version 6.2.0 or later installed on it. Install the Splunk App for NetApp Data ONTAP onto this instance and use Splunk Web to navigate the dashboards. The app contains the UI components, searches, and indexing definitions for your NetApp filer data. This system receives the data from the other components. The scheduled searches that ship with the app are run from the search head to the indexers. The data retrieved is returned to the search head, and either stored there for later use, or displayed in the app. The scheduler is run on the search head orchestrating API data collection with the data collection nodes.
  • Indexers with Splunk version 6.2.0 or later installed. Install the Splunk App for NetApp Data ONTAP onto this instance .
  • One or more data collection nodes with network access to your NetApp filers and clusters, and access to the search head on which the scheduler is installed. Install Splunk_TA_ontap here.
  • NetApp filers sending logs to Splunk intermediate forwarders and then forwarding that data to your indexers.

App component distribution

Use the following table when installing the app into your environment. It shows what apps are required and where to install them.


Component Search head Indexer data collection node
Splunk_TA_ontap Y Y Y
splunk_app_netapp Y
SA-Hydra Y Y Y
SA-Utils Y Y Y

Component Distribution Notes

Component name Description
Search head If you have a dedicated search head, install all of the app components on it. SA-Hydra must be installed as you can not schedule jobs without it.
Indexer Install all of the add-ons on an indexer.
data collection node The data collection node needs the API data collection component installed on it, Splunk_TA_ontap (the python based collection engine). Due to the requirement of Python, Universal Forwarder cannot be used.
NetApp filers NetApp Data ONTAP uses the syslogd daemon to log system messages for the filers (and uses the configuration file /etc/syslog.conf). Forward syslog to the Splunk indexer.

App components

Component name Description
Splunk App for NetApp Data ONTAP This component contains the UI components and knowledge objects of the App. Install it on the indexers and search heads in your environment. It contains the following components in etc/apps:
  • SA-Utils
  • SA-Hydra
  • splunk_app_netapp
  • Splunk_TA_ontap
Splunk TA for NetApp (Splunk_TA_ontap) Use this app component to create your own data collection node (DCN). Install it on a Splunk light forwarder or heavy forwarder on your data collection node. This is the component of the app that makes API calls to your NetApp filers to collect API data and forwards that data to your Splunk indexer/search head. This data includes performance, inventory, options, and EMS event data. The data collection node does not collect system log data.
Last modified on 02 February, 2016
Other deployment considerations   Requirements for Installing with other apps

This documentation applies to the following versions of Splunk® App for NetApp Data ONTAP (Legacy): 2.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters