Splunk Infrastructure Monitoring Solution: Windows Platform Integration (Part-II)
We are back with the second blog of the Splunk Infrastructure Monitoring series. In the previous blog of this series Splunk Infrastructure Monitoring Solution: Google Cloud Platform Integration (Part-I), we had discussed the set up of Splunk Infrastructure Monitoring and integration of GCP for better business analytics and insight.
Today we will demonstrate the integration of the Windows Platform with Splunk Infrastructure Monitoring.
So let’s start.
Step 1:
First of all, go to the windows host which you want to integrate with IMM. Make sure that you are logged in with admin credentials in the windows host. Now open Powershell and choose Run as administrator action
Then run this query in the PowerShell,
& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "h8RvyxcxlhQb8i8w42D8ag"; realm = "us1"; mode = "agent"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}
The above command will run a script “splunk-otel-collector.ps1” and later it will install “Splunk OpenTelemetry Collector” from the given URL provided in the command “https://dl.signalfx.com/splunk-otel-collector.ps1”. This open telemetry will generate the metrics data of windows hosts and then will forward it to the respective IMM.
To verify that the collector is installed or not go to the following path,
“C:\ProgramData\Splunk\OpenTelemetry Collector” and verify these two files are there or not.
Step 2:
Now open the “Registry Editor” app using the “Run as administrator” action.
And then navigate to this following path,
“Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment”
And verify these following entries as mentioned below.
● SPLUNK_ACCESS_TOKEN: The Splunk access token to authenticate requests
● SPLUNK_API_URL: The Splunk API URL, e.g. https://api.us1.signalfx.com
● SPLUNK_CONFIG: The path to the collector config file, e.g. C:\ProgramData\Splunk\OpenTelemetryCollector\agent_config.yaml
● SPLUNK_HEC_TOKEN: The Splunk HEC authentication token (if log collection is enabled)
● SPLUNK_HEC_URL: The Splunk HEC endpoint URL, e.g. https://ingest.us1.signalfx.com/v1/log (if log collection is enabled)
● SPLUNK_INGEST_URL: The Splunk ingest URL, e.g. https://ingest.us1.signalfx.com
● SPLUNK_MEMORY_TOTAL_MIB: Total memory in MiB allocated to the collector, e.g. 512
● SPLUNK_REALM: The Splunk realm to send the data to, e.g. us1
● SPLUNK_TRACE_URL: The Splunk trace endpoint URL, e.g. https://ingest.us1.signalfx.com/v2/trace
If these variables are not matching then edit those variables and do a restart of the system using Powershell.
$ Stop-Service splunk-otel-collector
$ Start-Service splunk-otel-collector
Step 3:
Now go to your Splunk IMM instance and log in with your credentials.
Now in the homage click on “+” and then choose “Integration”.
And select “Windows”
And verify the list of supported windows versions and click on “Add Connection”
After that, choose all inputs as shown below and click on “Next”
NOTE: Mode determines whether the collector runs in agent or collector mode.
On the next page, you can see the log is coming,
Select the host and you can see the monitoring dashboard.
I hope all of you enjoyed this blog, see you all on to the next one.
Happy Splunking!!
