Monitoring Delphix with Splunk

By Shailendra Upadhyay posted 06-19-2019 10:51:46 AM

  

Starting with the 5.3 release, Delphix has built an integration with Splunk, the leading application monitoring tool, to allow Splunk Enterprise customers to monitor and understand their Delphix application status.


Delphix enables self-monitoring/diagnosability of Delphix engines by providing native integration with Splunk Enterprise. Once configured, the Delphix engine or engines automatically send structured JSON logs to Splunk capturing the following engine activity:


  • Delphix events (Actions, Job Events, Faults, and Alerts)
  • Performance metrics (CPU, Disk, Network, TCP, dataset, nfs, iSCSI)
  • Capacity metrics (total space, used space, etc.)

Delphix Splunk Architecture



To achieve this, we leverage Splunk’s HTTP Event Collector (HEC) as a reliable, secure, and straightforward way to ensure applications logs are sent to your Splunk instances. Without the need to run any agents on the Delphix platform, we can configure Delphix to periodically send data to a specific Splunk instance, designated by you. Utilizing Splunk’s native HEC functionality, Delphix events and metrics appear in the Splunk instance.


Delphix - Splunk Architecture

Splunk Prerequisites


  • The Splunk Host IP address.
  • Enable the HEC Port number on your Splunk instance (default 8088)
  • Enable SSL (this is optional but recommended)
  • Enable the HTTP Event Collector on Splunk, and create a new HEC token with a new Splunk index set as an allowed index for the token. Make sure Enable Indexer Acknowledgement is unchecked for the token.

Delphix configuration


  • Log in to the Delphix Server Setup UI as the sysadmin.
  • From the Preferences menu, select Splunk Configuration.
  • In the Splunk Configuration window, enter your Splunk values. To reduce the volume of data that will be sent to Splunk, you can optionally uncheck Enable Metrics.
  • Click Send Test Data to verify your provided values. This will send a test event to the provided token and indexes.
  • Click Save to enable the Splunk configuration and begin sending all new Actions, Job Events, Faults, Alerts, and Metrics to your Splunk instance.


Delphix side configuration


Configuration2.png
Delphix Dashboard in Splunk

The Delphix Engine and Splunk integration enabled the development of a Delphix application that is available through Splunkbase (a Splunk application marketplace). The customizable default Delphix dashboard provides a single place to view the data of all your Delphix Engines.


Download Delphix Dashboard:


https://splunkbase.splunk.com/app/4373/


The dashboard has the following default tabs:

  • Events
  • Performance
  • Dxtoolkit - Additional capabilities with Dxtoolkit integration (e.g. Total dSources, VDBs.)

Default Dashboard:

Dashboard1.png
Performance Dashboard:

Dashboard2.png

Configure Dxtoolkit for the dashboard:

https://community.delphix.com/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=f50b47d4-028e-a8b5-f29a-1781e7f0b902&forceDialog=1



Dxtoolkit Dashboard:
dashboard3.png

#Virtualization
#dxToolkit
#Splunk
#monitoring
#SIEM
0 comments
14 views

Permalink