KB 143 - Send Individual Dataset(s) to Different Splunk Index
KB 143 (ABAP): Send Individual Dataset(s) to Different Splunk Index
Category: Information | Priority: Normal |
|---|---|
Platform: ABAP/Splunk | Version: 1 from 23.03.2021 |
Description
There may be business requirements to send specific datasets collected by the PowerConnect application to separate Splunk indexes. In such scenarios, it is possible to send individual datasets to a different Splunk index, but it must be on the same Splunk server cluster.
Here are the steps that need to be followed to make this configuration possible:
Create Separate Index in Splunk
Follow the instructions in the following document to create a Splunk index: Create Splunk Indexes for SAP data . Ensure the index name is distinct from the other index that will be used to store the SAP data.
Update the HTTP Event Collector
Log into Splunk and click on Settings → Data → Data Inputs. Then click HTTP Event Collector. Click edit on the sap specific endpoint, and add the newly created index and save.
Create Separate Splunk Access Role
Create a new access role in Splunk using the following document: Create a Splunk Role. Ensure the role name is distinct from the other Splunk role that was created during the initial setup process. Ensure the index created in the first step of this document is added to the role.
Update the PowerConnect Upload Scheme
Log into the SAP system where the PowerConnect application is installed and execute the /n/bnwvs/main transaction. Stop the PowerConnect batch jobs.
Confirm the PowerConnect batch jobs are stopped.
Go to the main screen of the PowerConnect administrative console and click on Administrator → Setup Group Def
For each dataset that you would like to send to the designated index, input the value of the index in the Splunk Index field. Please note that a null value in the Splunk Index column means that the dataset will be sent to the main index defined in the endpoint settings: https://powerconnect.atlassian.net/wiki/spaces/POW/pages/2972319575 .
Save the configuration and return to the main screen of the PowerConnect administrative console.
Restart the PowerConnect batch jobs, ensuring that the batch user responsible for executing the jobs is added to the Batch User dialog box.
Confirm the batch jobs have restarted.
The dataset(s) specified in the Group Def configuration should now only be sent to the index specified.