![]() ![]() Verify that the SNMP traps are being received using the search: index=snmptrap sourcetype=snmptrapĦ) Optional: Install the Splunk Add-on for ServiceNowĬonfigure a ServiceNow user in Splunk called thousandeyesĮnable the incidents input (frequency: 30 seconds)ħ) Configure the lookup files to map the ThousandEyes testIds to user defined test groups and to apply weighting and root cause information to ThousandEyes ruleIds.Ĩ) Optional: Configure the SNMP trap lookup files to map source/destination IP addresses to test groups and to apply weighting and root cause information. ![]() Verify that alerts are being received using the search: index=thousandeyes sourcetype=thousandeyes:alertsĥ) Optional: Configure a SNMP trap receiver with a Splunk Universal Forwarder and forward the SNMP traps. Post installation documentation and guidelines on configuring the lookup files to define the groupings for ThousandEyes alerts and SNMP traps are available from the author.Ĭontact the author: and Setting up Splunk Environmentġ) Install the main app (Cisco ThousandEyes Alerting App for Splunk).ģ) Configure a HTTP Event Collector (HEC) token on your Forwarder:Ĥ) Configure the ThousandEyes console to send the ThousandEyes alerts to your Forwarder using the HEC token you created in Step 3. If ServiceNow integration is required, then the Splunk Add-on for ServiceNow must also be installed and configured. The app also supports creating ServiceNow incidents and populating them with correlated alerts and SNMP traps, as well as the root cause (that is determined by the entries made to the lookup files). Using the same group name for ThousandEyes alerts and SNMP traps allows them to be correlated, and the root cause determined by both the ThousandEyes alerts and SNMP traps (based on weighting). ![]() SNMP traps can also be grouped together and weighting applied to identify the root cause of the issue based on the SNMP trap. These lookup files allow you to group alerts together and apply different weighting to each ThousandEyes test rule in order to identify the root cause of the issue that has triggered the alerts. The Cisco ThousandEyes Alerting App for Splunk app contains four lookup files that are customer specific. The correlated alerts and root cause information can be used to automatically populate ServiceNow incidents. The Cisco ThousandEyes Alerting App for Splunk app includes dashboards and logic for correlating ThousandEyes alerts and SNMP traps and identifying the root cause. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |