Skip to content

Example on connect NSO Observability Exporter and CollectD with Splunk through a Collector

License

Notifications You must be signed in to change notification settings

NSO-developer/splunk-integration-native-install

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Splunk NSO Integration Example - Native Install

This repository provide a Splunk integration setup example for NSO.

Dependency

opentelemetry-collector - https://github.com/open-telemetry/opentelemetry-collector/tree/main This example is based on the example in the Splunk Exporter in opentelemetry-collector - exporter/splunkhecexporter

Requirment

sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt update
sudo apt install python3.11
rm /usr/bin/python3
ln -s /usr/bin/python3.11 /usr/bin/python3
sudo apt-get install python3.11-dev python3.11-distutils
sudo apt-get install collectd

Before Start

Modify the "token" and "endpoint" address in "run/otel-collector-config.yml" under various "exporters"

  • endpoint address - Splunk address
  • token - HEC token

The connection between NSO and HEC Collector is setup automatically.
However, download the observability-exporter than put the the observability-exporter inside nso/packages. If you have any other package that want to run together with the example, please also copy to the same folder nso/packages.

Usage

Setup the enviorment

make deps
make clean all

Start up the repo(Collector + NSO) with the collector in the background

make start

Start up the repo(Collector + NSO) with the collector in the frontend

make start_frontend

Stop the repo(Collector + NSO)

make stop

Clean Up NSO enviorment

make clean

Setup CollectD for NSO Process(ncs.smp) Monitoring

CollectD Agent

  • Install CollectD via the following command or run the collectd/install.sh via sudo
sudo apt-get install collectd
  • Configure the CollectD in /etc/collectd/collectd.conf. Sample collectd.conf file can be found in collectd/collectd.conf. Detail can be found in Splunk Guide - https://docs.splunk.com/Documentation/AddOns/released/Linux/Configure

    • Configure processes section to lock down the process that is going to monitor as ncs.smp
     LoadPlugin processes
     <Plugin processes>
         	Process "ncs.smp"
     </Plugin>
    
    • Configure write_http to send the data to Splunk
     LoadPlugin write_http
     <Plugin write_http>
         	<Node "splunk">
                 	URL "http://<Splunk IP>:8088/services/collector/raw?channel=ebbdca9e-29c1-433b-9398-170b693cddd9"
                 	Header "Authorization: Splunk ebbdca9e-29c1-433b-9398-170b693cddd9"
                 	Format "JSON"
                 	Metrics true
                 	StoreRates true
         	</Node>
     </Plugin>
    
    
    • Restart CollectD
     systemctl restart collectd.service
     systemctl status collectd.service
    

Splunk Add-on for Linux and HEC

Good to Know

Before Push, reset everything

make reset

What this Example do

  • NSO side
    • Setup the NSO running directory in nso folder
    • When NSO startup, load the observerbility exporter config from nso/ncs-cdb/export_config.xml while 10.5.0.5 is the collector address and 4318 is the HTTP port ont the collector side
     admin@ncs# unhide debug
     admin@ncs# show running-config progress 
     progress export enabled
     progress export otlp host 10.5.0.5
     progress export otlp port 4318
     progress export otlp transport http
     progress export otlp metrics host 10.5.0.5
     progress export otlp metrics port 4318
    
    
  • Collector Side
  • CollectD
    • Manual setup is required based on the "Setup CollectD for NSO Process(ncs.smp) Monitoring" chapter above. However example config file and installation script is provided

Overview Diagram

┌─────────────────┐                    ┌────────┬─────────────────┌────────┐                         ┌─────────────────┐
│                 │                    │        │                 │        │                         │                 │
│                 │                    │        │                 │        │        4317-grpc        │                 │
│    Splunk       ◄────────8088────────┤Exporter│   Collector     │Receiver│◄───────4318-http────────┼      NSO        │
│                 │                    │        │                 │        │                         │                 │
│                 │                    │        │                 │        │                         │                 │
│                 │                    │        │                 │        │                         │                 │
└─────────────────┘                    └────────┴─────────────────└────────┘                         └─────────────────┘

Sample Splunk Filter

Use the filter blow in a bar chart will give you the time consumption per commit phase on transection ID

index="events" attributes.tid=<TID> | eval diff=end_time-start_time  | chart values(diff) over name

Compare the time consumption between two transection( AND ) and each transection are from a different NSO version(<NSO_VER1> AND <NSO_VER1>)

(index="events" attributes.tid=<TID1>) OR (index="events" attributes.tid=<TID2>)  | eval diff=end_time-start_time  | chart values(diff) over name by attributes.tid | rename "<TID1>" as "<NSO_VER1>" | rename "<TID2>" as  >

The filter above will create the diagram like the one below for time consumption per step in transection and memory utilization for ncs.smp sample dashboard

Copyright and License Notice

Copyright (c) 2024 Cisco and/or its affiliates.

This software is licensed to you under the terms of the Cisco Sample
Code License, Version 1.1 (the "License"). You may obtain a copy of the
License at

               https://developer.cisco.com/docs/licenses

All use of the material herein must be in accordance with the terms of
the License. All rights not expressly granted by the License are
reserved. Unless required by applicable law or agreed to separately in
writing, software distributed under the License is distributed on an "AS
IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
or implied.

About

Example on connect NSO Observability Exporter and CollectD with Splunk through a Collector

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published