Verify that alerts are being received using the search: index=thousandeyes sourcetype=thousandeyes:alertsĥ) Optional: Configure a SNMP trap receiver with a Splunk Universal Forwarder and forward the SNMP traps. Post installation documentation and guidelines on configuring the lookup files to define the groupings for ThousandEyes alerts and SNMP traps are available from the author.Ĭontact the author: and Setting up Splunk Environmentġ) Install the main app (Cisco ThousandEyes Alerting App for Splunk).ģ) Configure a HTTP Event Collector (HEC) token on your Forwarder:Ĥ) Configure the ThousandEyes console to send the ThousandEyes alerts to your Forwarder using the HEC token you created in Step 3. If ServiceNow integration is required, then the Splunk Add-on for ServiceNow must also be installed and configured. The app also supports creating ServiceNow incidents and populating them with correlated alerts and SNMP traps, as well as the root cause (that is determined by the entries made to the lookup files). Using the same group name for ThousandEyes alerts and SNMP traps allows them to be correlated, and the root cause determined by both the ThousandEyes alerts and SNMP traps (based on weighting). SNMP traps can also be grouped together and weighting applied to identify the root cause of the issue based on the SNMP trap. These lookup files allow you to group alerts together and apply different weighting to each ThousandEyes test rule in order to identify the root cause of the issue that has triggered the alerts. The Cisco ThousandEyes Alerting App for Splunk app contains four lookup files that are customer specific. The correlated alerts and root cause information can be used to automatically populate ServiceNow incidents. Router(config)#snmp-server host 172.25.1.The Cisco ThousandEyes Alerting App for Splunk app includes dashboards and logic for correlating ThousandEyes alerts and SNMP traps and identifying the root cause. Router(config)#snmp-server enable informs To forward syslog messages as SNMP informs, use the following configuration commands:
Router(config)#snmp-server host 172.25.1.1 ORATRAP syslog
Router(config)#snmp-server enable traps syslog Router(config)#logging history informational You can configure the router to forward syslog messages to your network management server as SNMP traps instead of syslog packets with the following configuration commands:Įnter configuration commands, one per line. You want to send syslog messages as SNMP traps or informs. I haven't tested this or tried it before but this looks similar to what your asking maybe ?
0 kommentar(er)
