Guide
Reference
Getting Started
Introduction
Authentication
Scopes
Rate Limits
Error Handling
Support
Overview
Jobs
Entities
Reports
Trends
Integrations
Splunk

Splunk Integration Guide

Overview

SysCloud's integration with Splunk provides users with a comprehensive view of their backup, restore, and export activities, offering insights into their data landscape.

SysCloud App for Splunk

The SysCloud App for Splunk presents visualizations of backup, restore, and export trends, showcasing data insights over specified timeframes.

image

SysCloud Add-On for Splunk

The SysCloud Add-On for Splunk facilitates the collection of events within Splunk, enabling the importing of data into the SysCloud app for visualization and analysis. This data is queried by the SysCloud Splunk App for visualization of backup, restore, and export trends and storage consumption.

image

Installation

You can install directly from the "Find More Apps" section in the Splunk Home Dashboard. Alternatively, follow these steps to install the add-on from the bundle:

  • Download the app package.
  • From the Splunk UI, navigate to Apps -> Manage Apps.
  • In the top right corner, select "Install app from file."
  • Choose the file and upload the app package. Follow the prompts to complete the installation (you may need to restart your Splunk instance to complete the installation of the add-on).

Add-On Configuration

  1. Access the SysCloud Add-On app.
  2. Navigate to the Configuration tab and select "Addon settings."
  3. Input your ClientId and ClientSecret provided by the SysCloud app. For more details on how to obtain the client credentials, please check the Authentication section of this guide.
  4. Configure settings, then go to "input" to add a new input.

Data Inputs

There are three data inputs provided:

  • syscloud_trends: Ingests the backup, restore, and export trends data over a period of time.
  • syscloud_entities: Ingests the entities data.
  • syscloud_trendutils: For internal purpose

To add these data inputs, click on the "Create New Input" button and provide the following details.

  • Provide Name and interval for data population (recommended interval: "1 day", i.e., 86400 seconds for all these data inputs).
  • Select clouds for which data needs to be populated. (Visualizations for multi-cloud accounts will be supported in the future).
  • Add the index as "main".

image

Verify Your Installation

To verify your installation, go to "Search & Reporting" and execute the following SPL search query:

source="syscloud*"

Data population might take some time.

Searching

For searching the events, utilize the "Search & Reporting" and input the relevant search queries. The search queries could be done based on the data input for the selected sources:

  • syscloud_trends
  • syscloud_entities
  • syscloud_trendutils

image

Support

In case of any queries or issues, reach out to our support team at support@syscloud.com or create a support ticket here.