This repo contains a FreeNAS app for Splunk®
FreeNAS is a powerful, flexible home storage system – configured by you, for your needs.
Note - This should also work for a vanilla FreeBSD host, and but only basic testing done
The Z File System, or ZFS , is an advanced file system designed to overcome many of the major problems found in previous designs.
Splunk Enterprise is the leading platform for real-time operational intelligence. When you download Splunk Enterprise for free, you get a Splunk Enterprise license for 60 days that lets you index up to 500 megabytes of data per day.
When the free trial ends, you can convert to a perpetual Free license or purchase an Enterprise license to continue using the expanded functionality designed for multi-user deployments.
Source data is gathered via the /TA-SH_files_for_freenas/cpu_uptime_version_drives.sh file
This Dashboard contains information on the FreeNAS system(s)
Source data is gathered via the FreeNAS rest API
Source data is gathered via the /TA-SH_files_for_freenas/zpoolinfo.sh file
Source data is gathered via the /TA-SH_files_for_freenas/nics.sh file
Source data is gathered via the /TA-SH_files_for_freenas/cpu_uptime_version_drives.sh file
For this app to work completely the REST API Modular Input is required, install the REST app first (thanks to the awesome Damien Dallimore)
http://api.freenas.org/index.html
This app utilises the FreeNAS api for some data.
Check either inputs.conf, or if you are a novice you can just change the details in the “data inputs” section of Splunk.
You will need to configure for your environment;
- Your FreeNAS IP address or host name
- Your FreeNAS ROOT password (currently the FreeNAS API only allows the root user)
There are several .sh scripts in /TA-SH_files_for_FreeNAS directory that need to be placed on a persistent dataset on the FreeNAS server with a cron job associated with them, set to run every few minutes.
https://doc.freenas.org/9.3/freenas_tasks.html
these scripts output to “logger” - which is the syslog output
Also once copied over this command may be your friend :)
chmod 777 foo.shYou need to configure FreeNAS to log to a central server (Splunk®) for the data to be ingested, point to port 1514 e.g.
192.168.1.2:1514
https://doc.freenas.org/9.3/freenas_system.html#general
To compare local temps with system temps I added a json API input via openweathermap
Its free to signup - edit inputs.conf with your location information and appid (API key)
This app is work in progress
Please submit issues, improvements patches to github - http://j-c-b.github.io/freenas_splunk/
App is available directly on Splunkbase https://splunkbase.splunk.com/app/2940/#/overview
- Snapshot script and dashboard for success / fail
- ZFS related goodness for pools and datasets
- Improve dashboard search efficiency
- Use ipmiOutput for host data input