PC_README.md
Below is a complete copy of our PC_README.md file, as Splunk’s app limitations prevent us from providing the full readme file on the Splunkbase page.
CODE
SAP PowerConnect for Splunk
======================================================================
OVERVIEW
------------------------------
This Splunk application helps in visualizing and monitoring SAP systems with PowerConnect for Splunk ABAP based application for SAP. This application is standalone and does not depend on any other technology add-ons.
* Author - SoftwareONE
* Version - 8.2.0
* Build - 375
* Creates Index - False
* Source type - sap_abap, sap:abap, jmx, sap:java, sap:cloud
* Compatible with:
* Splunk Enterprise version: 9.0.x, 9.1.x, 9.2.x
* PowerConnect for Splunk using ABAP: 7.01 - 8.0x
* OS: Platform independent
RELEASE NOTES
------------------------------
* Version 8.2.0 (July 2024)
* Added the following new dashboards:
* "Change Audit" under the "SAP Cloud" > "SuccessFactors" menu.
* "SAP FieldGlass Overview" under the "SAP Cloud" > "FieldGlass" menu.
* "PowerConnect Cloud Agent Health" under the "SAP Cloud" menu.
* "PowerConnect Dashboard Checker" under the "Help" menu.
* Updated/fixed the following dashboards:
* "Application Servers Overview"
* Fixed app server drilldown.
* "Event type, Dashboard, Menu Mapping"
* Removed erroneous grouping of STAD in sankey diagram.
* "HANA: Alert Details (Current)"
* Category input now accepts partial strings.
* "ICM Monitoring Dashboard"
* Added timechart span token to panels missing this token.
* "IDOC Degments Overview"
* Basic type and Message type inputs now accept partial strings.
* "Monitor for Processed XML Messages (SXMB_MONI)"
* Re-labeled "Component" input to "Target System"
* "Oracle: Expensive Statements (raw)"
* SAP System input should now only show systems with an Oracle DB.
* "PI/PO Messages"
* Fixed drilldown for error message count.
* "PI/PO Performance Monitoring"
* Removed broken drilldown for Measuring Points panel.
* "PowerConnect Resource Utilization"
* Summary metrics at top of dashboard have been fixed (corrected token references).
* "qRFC Monitor"
* Fixed qRFC counts (using distinct count of FIRSTTID instead of normal count).
* "SAP Cloud - Audit Logs"
* Queries rewritten for message searching.
* "SAP Cloud - CPI Message Monitoring"
* Log query rewritten.
* "Audited Logins"
* Fixed panel title for "Successful Logins."
* "SAP CCMS"
* Added wildcard default for path input.
* "SAP Security Scorecard"
* All panels using the newer USER_AUTH event type no longer reference previous event types.
* Drilldowns for USER_AUTH panels now match summaries shown in dashboard.
* "Work Processes Overview"
* Backend fixes allow dashboard to accept drilldowns that specify a work process type.
* "SAP Landscape Analysis"
* Drilldown references to legacy system overview now direct to new system overview.
* "Landscape Overview"
* Drilldown reference to legacy qRFC monitoring now directs to new qRFC monitoring.
* Java landscape overview now using optimized search from JVM overview.
* "SAP Logs Search"
* Fixed path searching.
* "Security Monitoring" (SuccessFactors)
* Rewritten with new content and tabbed interface.
* "System Overview"
* qRFC count drilldown now directs to newer qRFC Monitor dashboard.
* "Weekly Usage Statistics"
* Fixed query syntax for background jobs panel.
* "Spool Information"
* Fixed misspellings of "Unknown."
* "SAP Read Access Login (SRAL)"
* SAP System input now shows all ABAP systems.
* "HTTP Client Profile"
* SAP System input now shows all ABAP systems.
* "HTTP Server Profile"
* SAP System input now shows all ABAP systems.
* "RFC Client Profile"
* SAP System input now shows all ABAP systems.
* "RFC Server Profile"
* SAP System input now shows all ABAP systems.
* "ST03 - User Profile"
* SAP System input now shows all ABAP systems.
* "ST05 Performance Metrics"
* SAP System input now shows all ABAP systems.
* "STATS Details"
* User, transaction, and program name inputs now accept partial strings.
* "Certificate Status - STRUST"
* Corrected thresholds for certificate expiration categories.
* "System Availability Details"
* User interface fixes.
* CCMS displays no longer show a small amount of downtime by default.
* "Transport Details"
* Corrected fields for transport creator and importer.
* "tRFC Monitor (SM58)"
* Transaction ID input now accepts partial strings.
* "Sensitive User Authorizations"
* Clarified panel labels.
* "Work Proccess Detailed Analysis"
* Fixed SAP Instance input.
* Added a CIM mapping tag for the cp_audit_log event type in the Authentication model.
* Additional app changes:
* The saved search "landscape_overview_lookup_clean" has been fixed to perform its function of cleaning up the kv-store based "landscape_overview_summary_lookup."
* The SAP Systems Lookup Generator saved search no longer creates blank entries for app server instances.
* Version 8.1.1 (May 2024)
* Fixed the following dashboards:
* "Application Servers Overview"
* "Details" panel: Fixed a join subquery on the SM51_QUEUE event type.
* "Monitor for Processed XML Messages (SXMB_MONI)"
* Formatted Logs panel: Added quotes to token references.
* "SAP Cloud - Audit Logs"
* System dropdown query: Removed extra pipe character.
* "SAP Data Intelligence Overview"
* System dropdown query: Adjusted system subtype argument.
* "RFC Connection Status"
* Latest Count panel: Removed drilldown.
* "Web Services Error Log (SRT_LOG)"
* System dropdown query: Removed the system subtype argument.
* "Web Service Message Monitor (SRT_MONI)"
* System dropdown query: Removed the system subtype argument.
* Added CIM Mapping for the "ariba_audit_log" event type to the following data models:
* Authentication
* Changes
* Data Access
* Additional app changes:
* "sap-systems(2)" macro operator XOR replaced with OR. XOR is not supported.
* Version 8.1.0 (March 2024)
* Added the following new dashboards:
* "System Changes Overview" under the "SAP Security" -> "System Security" menu.
* "System Time Monitor" under the "SAP Performance" -> "App Server Monitoring" menu.
* "Web Services Monitor" under the "SAP Interfaces" menu.
* "SAP Table Reader" under the "SAP Business Process" menu.
* "SAP Cloud Foundry Syslog" under the "SAP Cloud" -> "BTP" menu.
* "SAP Analytics Cloud - User Activity" under the "SAP Cloud" -> "Analytics" menu.
* "Java PI - Abap Correlation" under the "SAP Java" -> "PI/PO" menu.
* Updated the following dashboards:
* "System Overview" (formerly "System Overview (7.x)")
* Title has been updated.
* Legacy view is still present, but has been removed from navigation.
* "SAP Landscape Overview"
* Tokens corrected for multiselect.
* "JVM Overview"
* Optimized for better performance.
* "STATS End User Monitoring"
* The dialog step response breakdown bar chart has been swapped with a waterfall panel. No specific ordering is implied by the arrangement of data in the panel.
* "SAP Security Landscape"
* The system role token has been fixed.
* "SAP Ariba - Security Monitoring"
* New panels and navigation have been added.
* "tRFC Monitor (SM58)"
* Fixed the dropdown timerange.
* "PI/PO Messages"
* Fixed the error status for the error count panel.
* "Security Monitoring" under "SAP Cloud" -> "SuccessFactors" menu
* Fixed the base search.
* "SAP Logs Search"
* Fixed the app server and time tokens.
* "Spool Information"
* Fixed aggregation and validated data.
* "Spool Monitoring"
* Fixed aggregation and validated data.
* Clarified titles.
* Additional app changes:
* Dashboards specific to app server performance have been moved to the "App Server Monitoring" menu under "SAP Performance."
* A stanza name error in the tags.conf file for the STRUST_HISTORY event type has been fixed.
* Legacy "System Overview" dashboard has been hidden from the nav.
* Version 8.0.1 (December 2023)
* Bugfix release
* Version 8.0.0 (December 2023)
* Added the following new dashboards:
* "SAP Data Intelligence Overview" under "SAP Cloud" -> "Data Intelligence" menu.
* "Synthetics Monitoring" under "SAP Cloud" menu.
* "SAP Cloud - Estimated Billing" under "SAP Cloud" menu.
* "HANA: Locks" under "Database" -> "HANA" menu.
* "HANA: Blocked Transactions" under "Database" -> "HANA" menu.
* "SAP Security Notes (Solution Manager)" under "SAP Security" -> "System Security" menu.
* "Certificate Change History" under "SAP Security" -> "System Security" menu.
* The following dashboards have been updated:
* All dashboards have received compatibility updates with the new SAP Systems Lookup.
* "Wizard for NEW SAP SIDs and Instances Discovery"
* Overhauled for new SAP Systems Lookup.
* Legacy interface retained.
* "File System"
* Updated aggregation.
* "Monitor for Processed XML Messages (SXMB_MONI)"
* Added drilldown and filtering for parent document.
* "SAP Security Essentials"
* New way of filtering privileged users.
* Privileged account login changed to track dialog logins.
* Open client and namespace panels changed to latest snapshot.
* "System Overview (7.x)"
* Drilldowns improved.
* "System Availability Details"
* Dashboard overhauled to distinguish between availability measures:
* PowerConnect data stream
* CCMS availability
* NIPING availability (requires standalone NIPING tool)
* Additional app updates:
* The Master Inventory Lookup has been replaced with a new SAP Systems Lookup.
* Consolidates all sources across ABAP, JAVA, and SAP Cloud.
* The old lookup remains for legacy compatibility of custom content.
* A new generator search has been added.
* Add dashboards have received compatibility updates.
* CIM Mapping adds STRUST_HISTORY event type under "Change" -> "All Changes" data model.
* Generator search added for SAP Systems Lookup.
* Version 7.3.0 (July 2023)
* Added the following new dashboards:
* "SAP Security Landscape (Concept)" under "SAP Security" menu.
* "SWPR - Workflow After Restart" under "SAP Performance" -> "Workflow" menu.
* "USR009 - Users With Critical Authorizations" under "SAP Security" -> "Authorization" menu.
* "SE16 Table Browser - Change Documents" under "SAP Security" -> "System Security" menu.
* "FRE_UI Analysis" under "SAP Business Process" menu.
* "Security Monitoring" under "SAP Cloud" -> "Ariba" menu.
* "Process Monitoring" under "SAP Cloud" -> "SuccessFactors" menu.
* "Onboarding Process Monitoring" under "SAP Cloud" -> "SuccessFactors" menu.
* "Payroll Monitoring" under "SAP Cloud" -> "SuccessFactors" menu.
* "Security Monitoring" under "SAP Cloud" -> "SuccessFactors" menu.
* "Overview" under "SAP Cloud" -> "CPQ" menu.
* The following dashboards have been updated:
* "SAP Notes Implementation (SNOTE)"
* Filters for Processing Status and Implementation Status have been added.
* Optimized dashboard panels to run from a single search.
* Improved readability.
* "SAP Security Notes"
* Revised color-coding
* "HANA Config (INI) Change"
* Source dropdown fixed to show only HANA-based systems.
* "HANA DB Load History"
* Source dropdown fixed to show only HANA-based systems.
* "SAP Security Scorecard"
* Fixed debug mode count.
* "UME for ABAP"
* Added counter and drilldown panel for potential duplicate accounts.
* "Transport Overview"
* Added Segregation-of-Duty (SOD) violations counter.
* Revised queries for import warning and import error panels.
* "Transport Details"
* Added toggle for showing SOD violations only.
* "SAP Security Essentials"
* Enhanced File Downloads panel with full timestamp, tcode, and report name data.
* Updated panels with USER_AUTH event type.
* "IDoc Status for WE02 Details"
* Added instructions for drilldowns.
* "Fiori Statistics Overview"
* Added in new field names due to extractor changes.
* "Fiori Statistics Details"
* Added in new field names due to extractor changes.
* "qRFC Monitor"
* Added filter for queue name.
* "PowerConnect Data Meter (ABAP)"
* Fixed missing time range tokens.
* "Rule Processing Framework"
* Realigned table columns for readability.
* "System Overview (7.x)"
* Realigned Work Process panel titles.
* "Authorization Data Overview (SU53)"
* Fixed missing fields in drilldown.
* Additional app updates:
* Cleaned up test data.
* Multiple minor bugs fixed.
* Missing library file croniter.py added.
* Source lookups and corresponding generator searches added for SAP Cloud Ariba and CPQ products.
* SuccessFactors nomenclature across the app.
* New CIM Mappings: SM69, SE37, STMS_TPLOG
* Setup page now skips niping setup and redirects to "Wizard for New SAP SIDs and Instances Discovery"
* Extractor Status has been moved slightly, and no longer has scaling glitches when zooming the dashboard.
* Version 7.2.0 (February 2023)
* Added the following new dashboards:
* "SAP ALV Reports Output" under "SAP Business Process" menu.
* "tRFC Monitor (SM58)" under "SAP Interfaces" menu.
* "Dashboard Analysis" under "PowerConnect" -> "Powerconnect Health" menu.
* "SE37 Function Module Execution Log" under "SAP Security" menu.
* "Parameter Changes (TU02)" under "SAP Performance" -> "System Configuration" menu.
* "Transport Details" under "SAP Business Process" menu.
* "Transport Routes Overview" under "SAP Business Process" menu.
* "Security Policy Changes Dashboard" under "SAP Security" -> "System Security" menu.
* "IDOC Status for WE02 Details" under "SAP Business Process" -> "IDOCs" menu.
* "SAP Security Notes" under "SAP Security" -> "System Security" menu.
* "SAP Notes Implementation (SNOTE)" under "SAP Security" -> "System Security" menu.
* "qRFC Monitor" under "SAP Interfaces" menu.
* "Background RFC(BgRFC) Performance Monitor - SBGRFCPERFMON" under "SAP Interfaces" menu.
* "Background RFC(BgRFC) Monitor - SBGRFCMON" under "SAP Interfaces" menu.
* "STATS End User Monitoring" under "SAP Performance" -> "End User Monitoring" menu.
* "Java System Overview" under "Java" menu.
* "PI/PO Performance Monitoring" under "Java" -> "PI/PO" menu.
* The following dashboards have been updated:
* "IDOC Status for WE02 Overview"
* Name changed from "IDOC Status for WE02."
* Some drilldown details have been moved to new "DICO Status for WE02 Details" dashboard.
* "qRFC Monitor for the outbound queue (Legacy)"
* "Legacy" tag added to name; dashboard replaced by new "qRFC Monitor" dashboard.
* "qRFC Monitor for the inbound queue (Legacy)"
* "Legacy" tag added to name; dashboard replaced by new "qRFC Monitor" dashboard.
* "SAP Security Essentials"
* Certificate drilldowns now point to STRUST dashbaord.
* "Certificate Status - STRUST"
* Minor tweaks for improved backend performance.
* "Work Processes Overview"
* Aggregation selection removed; hardcoded to "max."
* "IDOC Segments Overview"
* New filter for "Basic Type."
* Status handling and display updated for accuracy.
* "Transport Overview"
* Detailed transport information extracted into new dashboards "Transport Details" and "Transport Routes Overview."
* "Rule Processing Framework"
* Rule Statistics table removes duplicates.
* Rule attribute table displays all fields with the "X_" prefix.
* "System Overview"
* tRFC Errors panel now points to new "tRFC Monitor (SM58)" dashboard.
* "System Overview (7.x)"
* Some panel names updated.
* Alerting framework integration repaired on broken panels.
* tRFC Errors panel now points to new "tRFC Monitor (SM58)" dashboard.
* "Oracle: Overview"
* Minor panel tweaks; fields updated.
* "JVM Overview"
* Now shows information per instance on various panels.
* "PI/PO Adapter Engine Queues"
* Default timerange updated to last 24 hours.
* Updated timechart aggregation to max from latest.
* "Monitor for Processed XML Messages (SXMB_MONI)"
* Receiver/sender inputs have been combined into joint inputs to reduce clutter. The new inputs will search both the corresponding sender and receiver fields.
* PI Messages
* Tweaks to status panels.
* Associated javascript updated to remove filtering of blank payloads.
* Capacity Management Information Systems
* Fixed the "Total File System Capacity (Latest)" panel.
* Number Range Monitoring
* Updated utilization percentage calculation to include bookending values.
* SAP OS Memory (ST06)
* Fixed field labels in the "Paged In / Paged Out" chart.
* Additional app updates:
* Several entries in the navigation menu (notably "SAP Security" and "SAP Performance") have been moved
* Due to data outputs to lookup exceeding default limits and resulting in missing data, the saved search "Batch Jobs Runtime Threshold - Lookup Gen" now runs at four hour intervals looking at a four hour window.
* Version 7.1.0 (October 2022)
* Added following new dashboards:
* "Availability Management Information System" under "PowerConnect" -> "Landscape" menu.
* "System Availability Details" under "PowerConnect" -> "Landscape" menu.
* "Sensitive User Authorization" under "SAP Security" -> "Users and Logins" menu.
* "Rule Processing Framework" under "SAP Security" -> "System Security" menu.
* "SM69 - External OS Commands Logs" under "SAP Security" -> "System Security" menu.
* "SICF Public Services & Services with Logon Data" under "SAP Security" -> "System Security" menu.
* "ABAP Test Cockpit (ATC) : Results" under "SAP Security" -> "System Security" menu.
* "Application Servers Overview" under "SAP Performance" -> "System Monitoring" menu.
* "Performance measurement of synthetic code (ABAPmeter)" under "SAP Performance" -> "System Monitoring"
* "IDOC Segments Overview" under "SAP Business Process" -> "IDOCs" menu.
* "Web Services Error Log (SRT_LOG)" under "SAP Interfaces" menu.
* "ADS Connection Check" under "SAP Interfaces" menu.
* "Web Service Message Monitor (SRT_MONI)" under "SAP Interfaces" menu.
* "HANA: Alert Details (Current)" under "Database" -> "HANA" menu.
* "HANA Config (INI) Change" under "Database" -> "HANA" menu.
* "HANA DB Load History" under "Database" -> "HANA" menu.
* Improved the following dashboards:
* "Certificate Status - STRUST" under "SAP Security" menu.
* "SAP Security Essentials" under "SAP Security" menu.
* "SAP Security Scorecard" under "SAP Security" menu.
* "Audit Integrity Check" under "SAP Security" -> "Audits" menu.
* "Work Process Detailed Analysis" under "SAP Performance" -> "System Monitoring" menu.
* "SM51 - RFC Communication Block" under "SAP Performance" -> "System Monitoring" menu.
* "SM51 - Request Queue Information" under "SAP Performance" -> "System Monitoring" menu.
* "Work Processes Overview" under "SAP Performance" -> "System Monitoring" menu.
* "STATS Details" under "SAP Performance" -> "Workload Monitoring" menu.
* "SAP Change Documents" under "SAP Business Process" menu.
* "SAP Directories" under "SAP Interfaces" menu.
* "HANA: Alert Details (Historical)" under "Database" -> "HANA" menu.
* "Fiori Statistics Details" under "SAP Fiori" menu.
* Fixed "System Overview" under "PowerConnect" menu.
* Fixed "System Overview (7.x)" under "PowerConnect" menu.
* Fixed "SM12 Locks" under "SAP Performance -> System Monitoring" menu.
* Fixed "SuccessFactors Monitoring Dashboard" under "SAP Cloud" menu.
* Version 7.0.0 (July 2022)
* Added following new dashboards:
* "System Overview (7.x)" under "PowerConnect" menu.
* "PowerConnect Resource Utilization" under "PowerConnect -> Powerconnect Health" menu.
* "Event type, Dashboard, Menu Mapping" under "PowerConnect -> Mapping" menu.
* "Alert Details" under "PowerConnect -> Events and Alerts" menu.
* "Event Analytics" under "PowerConnect -> Events and Alerts" menu.
* "User Change Log" under "SAP Security -> Users and Logins" menu.
* "Login Failure" under "SAP Security -> Users and Logins" menu.
* "Authorization Data Overview (SU53)" under "SAP Security -> Authorization" menu.
* "Sensitive Authorization" under "SAP Security -> Authorization" menu.
* "Audit Integrity Check" under "SAP Security -> Audits" menu.
* "File System" under "SAP Performance -> Operating System Monitoring" menu.
* "Capacity Management Information System" under "SAP Performance -> Operating System monitoring" menu.
* "SMLG Details" under "SAP Performance -> System Monitoring" menu.
* "STATS Details" under "SAP Performance -> Workload Monitoring" menu.
* "STATS Overview" under "SAP Performance -> Workload Monitoring" menu.
* "Spool Information" under "SAP Performance -> Spool" menu.
* "Output Device Status" under "SAP Performance -> Spool" menu.
* "Spool Content" under "SAP Performance -> Spool" menu.
* "Smart Business KPI" under "SAP Business Process -> Business KPIs" menu.
* "PI/PO Adapter Engine Queues" under "Java -> PI/PO" menu.
* "HANA: Backup Overview Dashboard" under "Database -> HANA" menu.
* "HANA: Large Table Details" under "Database -> HANA" menu.
* "HANA: Large Table Overview" under "Database -> HANA" menu.
* "HANA: SQL Plan Statistics" under "Database -> HANA" menu.
* "HANA: Disk Overview" under "Database -> HANA" menu.
* "Fiori Statistics Overview" under "SAP Fiori" menu.
* "Fiori Statistics Details" under "SAP Fiori" menu.
* "SAP Fiori: ODATA Metering Trace" under "SAP Fiori" menu.
* "SAP Fiori: SAP Gateway Statistics" under "SAP Fiori" menu.
* "Weekly Usage Statistics (Dashboard Studio)" under "Dashboard Studio" menu.
* Improved the following dashboards:
* "System Overview" under "PowerConnect" menu.
* "Alert Definition" under "PowerConnect -> Events and Alerts" menu.
* "User Password Status" under "SAP Security -> Users and Logins" menu.
* "Authorization Data Details (SU53)" under "SAP Security -> Authorization" menu.
* "Spool Monitoring" under "SAP Performane -> Spool" menu.
* "IDOC Status for WE02" under "SAP Business Process -> IDOCs" menu.
* "HANA: Alert Details" under "Database -> HANA" menu.
* "PowerConnect Troubleshooting Dashboard" under "Help" menu.
* Fixed "Landscape Overview" under "PowerConnect -> Landscape" menu.
* Fixed "Background Job Analysis by Instance" under "SAP Business Process -> Background Jobs" menu.
* Added CIM Mapping for Security Event Type.
* Improved navigation of the Dashboards.
* Minor updates to "SM20 Audit Logs", "SAP OS Memory (ST06)", "SAP Network", "CPU All Instances", "SAP Landscape Analysis" and "Basis Health Checks".
* Version 6.9.1 (June 2022)
* Added server.conf file to avoid setup page replication issue.
* Version 6.9.0 (March 2022)
* Added following new dashboards:
* "PowerConnect Audit" under "PowerConnect" menu.
* "PowerConnect Extractor Schedule" under "PowerConnect" menu.
* "SAP Change Documents" under "SAP Business Process" menu.
* "AIF Error Monitoring" under "SAP Interfaces" menu.
* Improved the following dashboards:
* "PowerConnect Health" under "PowerConnect" menu.
* "SAP Landscape Analysis" under "PowerConnect" menu.
* "SAP Security Essentials" under "SAP Security" menu.
* "Locks" under "SAP Performance -> System Monitoring" menu.
* "SAP RZ10 Profile Parameters" under "SAP Performance -> System Configuration" menu.
* "IDOC Status for WE02" under "SAP Business Process" menu.
* "Monitor for Processed XML Messages (SXMB_MONI)" under "SAP Interfaces" menu.
* "SAP Cloud - CPI Message Monitoring" under "SAP Cloud" menu.
* "Success Factor Monitoring Dashboard" under "SAP Cloud" menu.
* "SAP Cloud - API Management Monitoring" under "SAP Cloud" menu.
* Fixed "Wizard for System Role" under "PowerConnect" menu.
* Minor updates to "Data Dictionary" and "System Logs" dashboards.
* Version 6.8.0 (December 2021)
* Added following new dashboards:
* "SAP Landscape Analysis" under "PowerConnect" menu.
* "Wizard for System Role" under "PowerConnect" menu.
* "Business Process Monitoring KPIs" under "SAP Business Process" menu.
* "HANA: Active Statements" under "Database -> HANA" menu.
* "SAP Fiori: Summary" under "SAP Fiori" menu.
* "SAP Fiori: Details" under "SAP Fiori" menu.
* "SAP Fiori: Gateway Error Log" under "SAP Fiori" menu.
* "Troubleshooting Dashboard" under "Help" menu.
* Improved the following dashboards:
* "Weekly Usage Statistics" under "PowerConnect" menu.
* "Landscape Overview" under "PowerConnect" menu.
* "Landscape Last Event Received" under "PowerConnect" menu.
* "Extractor Status" under "PowerConnect" menu.
* "SAP Security Scorecard" under "SAP Security" menu.
* "Users Logged In" under "SAP Security" menu.
* "User Password Status" under "SAP Security" menu.
* "Authorization Data (SU53)" under "SAP Security" menu.
* "Audit Logs" under "SAP Security" menu.
* "Disk" under "SAP Performance -> Operating System monitoring" menu.
* "SAP Network" under "SAP Performance -> Operating System monitoring" menu.
* "CPU All Instances" under "SAP Performance -> Operating System monitoring" menu.
* "SAP Buffers" under "SAP Performance -> System Monitoring" menu.
* "SM51 - Request Queue Information" under "SAP Performance -> System Monitoring" menu.
* "ICM Monitoring dashboard" under "SAP Performance -> System Monitoring" menu.
* "Work Processes" under "SAP Performance -> System Monitoring" menu.
* "SAP Global STAD" under "SAP Performance -> Workload Monitoring" menu.
* "SAP Global Transactions" under "SAP Performance -> Workload Monitoring" menu.
* "DIA Steps (Total)" under "SAP Performance -> Workload Monitoring" menu.
* "SAP RZ10 Profile Parameters" under "SAP Performance -> System Configuration" menu.
* "Batch jobs" under "SAP Business Process" menu.
* "Transport Dashboard" under "SAP Business Process" menu.
* "Java Agent Health" under "JAVA" menu.
* "Basis Health Checks" under "Dashboard Studio" menu.
* Improved "NIPING Utility".
* Reformatting of "SAP Performance" menu.
* Fixed "User Experience (Geo)", System Overview Dashboard and sap-index macro.
* Minor updates to "SAP Cloud - CPI Message Monitoring", "SAP Cloud - API Management Monitoring" and "SQL Code Analysis Details" dashboard.
* Renamed "ABAP Dumps" as "ST22 Dump Overview", "SAP Memory by Instance" as "SAP Instance Memory (ST02)" and "SAP Instance Memory" as "SAP OS Memory (ST06)".
* Version 6.7.0 (October 2021)
* Added following new dashboards:
* "Wizard for OOTB Alerts" under "PowerConnect" menu.
* "PowerConnect Change Logs" under "PowerConnect" menu.
* "PowerConnect Data Meter (ABAP)" under "PowerConnect" menu.
* "SQL Code Analysis Overview" under "SAP Performance > SQL Code" menu.
* "SQL Code Analysis Details" under "SAP Performance > SQL Code" menu.
* "ST05 Performance Metrics" under "SAP Performance" menu.
* "Monitor for Processed XML Messages (SXMB_MONI)" under "SAP Interfaces" menu.
* "NetWeaver Java: Message Server" under "JAVA -> NW" menu.
* "NetWeaver Java: Task Monitoring" under "JAVA -> NW" menu.
* "NetWeaver Java: MPI Buffer Stats" under "JAVA -> NW" menu.
* "Java Agent Health" under "JAVA" menu.
* "SAP Cloud - API Management Monitoring" under "SAP Cloud" menu.
* "SAP Cloud Connector" under "SAP Cloud" menu.
* "SAP Cloud - Audit Logs" under "SAP Cloud" menu.
* "Success Factor Monitoring Dashboard" under "SAP Cloud" menu.
* "Basis Health Checks" under "Dashboard Studio" menu.
* Improved the following dashboards:
* "Landscape Overview" under "PowerConnect" menu.
* "PowerConnect Health" under "PowerConnect" menu.
* "Abap Dumps" under "SAP Performance" menu.
* "Batch jobs" under "SAP Business Process" menu.
* "BPM IDOC To Business Object Relationship" under "SAP Business Process" menu.
* "Outbound Delivery Monitor" under "SAP Business Process" menu.
* "NetWeaver Java Web Sessions" under "JAVA -> NW" menu.
* "Setup Page"
* Fixed "NetWeaver Java: Locks" under "JAVA -> NW" menu.
* Minor updates to "SAP Cloud - CPI Message Monitoring" and "Setup NIPING Utility (Optional)".
* Version 6.6.1 (August 2021)
* Improved the following dashboards:
* "Landscape Last Event Received" under "PowerConnect" menu.
* "Mapping : Event Types (SAP Group Definition) with Dashboards" under "PowerConnect" menu.
* "Extractor Status" under "PowerConnect" menu.
* "PI/PO Messages" under "Java > PI/PO" menu.
* Added NIPING Utility.
* Embedded third party JS libraries in the app package.
* Version 6.6.0 (June 2021)
* Added following new dashboards:
* "UME for ABAP" under "SAP Security" menu.
* "SAP Read Access Login (SRAL)" under "SAP Security" menu.
* "Work Process Detailed Analysis" under "SAP Performance" menu.
* "SAP RZ10 Profile Parameters" under "SAP Performance" menu.
* "ST22 Dump Details" under "SAP Performance" menu.
* "BPM IDOC To Business Object Relationship" under "SAP Business Process" menu.
* "Outbound Delivery Monitor" under "SAP Business Process" menu.
* "NetWeaver Java DB Connection Statistics" under "JAVA -> NW" menu.
* "NetWeaver Java Distributed Trace" under "JAVA -> NW" menu.
* "NetWeaver Java Locks" under "JAVA -> NW" menu.
* "NetWeaver Java Process Information" under "JAVA -> NW" menu.
* "NetWeaver Java User Sessions" under "JAVA -> NW" menu.
* "NetWeaver Java Web Sessions" under "JAVA -> NW" menu.
* Improved the following dashboards:
* "System Overview" under "PowerConnect" menu.
* "Landscape Overview" under "PowerConnect" menu.
* "Extractor Status" under "PowerConnect" menu.
* "Time Machine Dashboard" under "SAP Performance" menu.
* "SAP Buffers by Instance" under "SAP Performance -> Instance Specific" menu.
* "Work Processes by Instance" under "SAP Performance -> Instance Specific" menu.
* "CPU vs. Work Processes" under "SAP Performance" menu.
* "Work Processes" under "SAP Performance" menu.
* "SM13 Updates" under "SAP Performance" menu.
* "Abap Dumps" under "SAP Performance" menu.
* "Batch jobs" under "SAP Business Process" menu.
* "Transport Dashboard" under "SAP Business Process" menu.
* "NetWeaver Java UME" under "JAVA -> NW" menu.
* "SAP Cloud - CPI Message Monitoring" under "SAP Cloud" menu.
* "HANA: Configuration Mini-checks" under "Database -> HANA" menu.
* Removed "SM50 Trace by Instance" Dashboard
* Fixed "ICM Monitoring dashboard"
* Minor updates to "SAP logs Search", "SAP RZ10 Comparison", "SAP Directories" and "ST03 - User Profile".
* Reduced the default summarization period from 3 months to 1 month for all the datamodels.
* Version 6.5.0 (March 2021)
* Added following new dashboards:
* "SAP License" under "SAP Security" menu.
* "Audit Logs" under "SAP Security" menu.
* "ICM Monitoring dashboard" under "SAP Performance" menu.
* "SAP Gateway Monitoring" under "SAP Performance" menu.
* "SAP ITS Memory Statistics" under "SAP Performance" menu.
* "Workflow Event Queue" under "SAP Performance" menu.
* "SAP Connect: Send Requests" under "SAP Business Process" menu.
* "HANA: Diagnostic Files" under "Database -> HANA" menu.
* "HANA: Custom Scripts" under "Database -> HANA" menu.
* Added "Wizard for SAP Security Scorecard" to configure SAP Security Essentials dashboard.
* Added support for multiple source selection for extractor Status. (e.g. for Extractor Status, Transport Dashboard, SAP RZ10)
* Introduced lookup-based System dropdown population for all the Database dashboards.
* Improved the following dashboards:
* "Landscape Overview" under "PowerConnect" menu.
* "Wizard for New SAP SIDs and Instances Discovery" under "PowerConnect" menu.
* "SAP Security Essentials" under "SAP Security" menu.
* "SAP Security Scorecard" under "SAP Security" menu.
* "CPU vs. Work Processes" under "SAP Performance" menu.
* "SAP Global Transactions (raw)" under "SAP Performance" menu.
* "SAP Logs Search" under "SAP Performance" menu.
* "Batch Jobs" under "SAP Business Process" menu.
* "Transport Dashboard" under "SAP Business Process" menu.
* "NetWeaver Java UME" under "Java -> NW" menu.
* "PI Messages" under "Java -> PI" menu.
* "HANA: Overview" under "Database -> HANA" menu.
* "HANA: Space" under "Database -> HANA" menu.
* Fixed "System Overview" and "Mapping : Event Types (SAP Group Definition) with Dashboards" dashboards.
* Minor updates to "SAP Network", "SAP Global STAD", "STAD by Instance", "SAP Global Transactions", "SAP Instance Transactions", "SLG1 Dashboard" and "SAP CCMS".
* Version 6.4.0 (December 2020)
* Added following new dashboards:
* "Authorization Data (SU53)" under "SAP Security" menu.
* "SM51 - Request Queue Information" under "SAP Performance -> Instance Specific" menu.
* "SM51 - RFC Communication Block" under "SAP Performance" menu.
* "Transport Dashboard" under "SAP Business Process" menu.
* "NetWeaver Java Config Changes Monitoring" under "Java -> NW" menu.
* "NetWeaver Java Security Audit Logs" under "Java -> NW" menu.
* "NetWeaver Java Security Logs" under "Java -> NW" menu.
* "NetWeaver Java Certificate Monitoring" under "Java -> NW" menu.
* "NetWeaver Java UME" under "Java -> NW" menu.
* "NetWeaver Java Component Information" under "Java -> NW" menu.
* "NetWeaver Java Disk Monitoring" under "Java -> NW" menu.
* "NetWeaver Java Network Monitoring" under "Java -> NW" menu.
* "HANA Trace" under "Database -> HANA" menu.
* "DB/2 Activities" under "Database -> DB/2" menu.
* Added language support for German and Japanese.
* Added version update details and supported language details as a comment in XML file of the dashboard.
* Improved the following dashboards:
* "SAP Security Essentials" under "SAP Security" menu.
* "SAP Security Scorecard" under "SAP Security" menu.
* "Application Trace Logs" under "Java -> NW" menu.
* "Default Trace Logs" under "Java -> NW" menu.
* "PI Messages" under "Java -> PI" menu.
* "SAP Cloud - CPI Message Monitoring" under "SAP Cloud" menu.
* Improved Extractor Status for dashboards using ABAP Systems and having single SAP System/ Instance filter.
* Fixed "HANA Services" dashboard.
* Minor updates to "Wizard for New SAP SIDs and Instances Discovery", "Background Job Analysis by Instance" and "SAP Instance Memory".
* Version 6.3.0 (October 2020)
* Added following new dashboards:
* "Landscape Component Information" under "PowerConnect" menu.
* "Landscape Last Event Received" under "PowerConnect" menu.
* "Wizard for New SAP SIDs and Instances Discovery" under "PowerConnect" menu.
* "HANA Audits" under "Database -> HANA" menu.
* "HANA Memory Usage" under "Database -> HANA" menu.
* "HANA Services" under "Database -> HANA" menu.
* "HANA Threads" under "Database -> HANA" menu.
* "SAP Cloud - CPI Messages" under "SAP Cloud" menu.
* "SAP Process Chain Dashboard" which can be accessed through the following URL - http://<your_splunk_instance_address>/en-US/app/BNW-app-powerconnect/process_chain_dashboard
*(Replace the placeholder in the URL)
* Added Extractor Status for dashboards using ABAP Systems and having single SAP System/ Instance filter.
* Improved the following dashboards:
* "Mapping : Dashboards with Event Types (SAP Group Definition)" under "PowerConnect" menu.
* "Extractor Status" under "PowerConnect" menu.
* "Batch Jobs" under "SAP Business Processes" menu.
* "ABAP Dumps" under "SAP Performance" menu.
* "PI Messages" under "Java -> PI" menu.
* "Channel Monitoring" under "Java -> PI" menu.
* "HANA Alert Details" under "Database -> HANA" menu.
* Fixed "System Overview" and "SAP Security Essentials".
* Added few new security and basis health checks for "SAP Security Essentials" and "SAP Security Scorecard" dashboards.
* Converted all dashboards to dark mode as default.
* Minor updates to "Users Logged In" and "Users by Instance".
* Version 6.2.0 (June 2020)
* Added following new dashboards:
* "SAP Logs Search" under "SAP Performance" menu.
* "Certificate Status - STRUST" under "SAP Security" menu.
* "Extractor Status" under "PowerConnect" menu.
* "Weekly Usage Statistics" under "PowerConnect" menu.
* Improved the following dashboards:
* "SAP Security Essentials" under "SAP Security" menu (now with MLTK).
* "Batch Jobs" under "SAP Business Processes" menu.
* "System Overview" under "PowerConnect" menu.
* "Batch Jobs Analysis by Instance" under "SAP Business Processes" menu.
* "Mapping : Dashboards with Event Types (SAP Group Definition)" under "PowerConnect" menu.
* "ABAP Dumps" under "SAP Performance" menu (now with MLTK).
* "Landscape Overview" under "PowerConnect" menu.
* Fixed "SAP Security Scorecard", "User Experience (Geo)", "Users Logged in", "Audited Logins" and "STAD by Instance".
* Updated PowerConnect help link for the Help -> Knowledge Base.
* Version 6.1.0 (March 2020)
* Added following new dashboards:
* "SLG1 Dashboard" under "SAP Business Process" menu.
* "SAP Directories" under "SAP Interfaces" menu.
* "Data Dictionary" under "PowerConnect" menu.
* "Mapping : Dashboards with Event Types (SAP Group Definition)" under "PowerConnect" menu.
* "ST03 - RFC and Web Services" submenu with a group of dashboards under "SAP Performance" menu.
* "ST03 - User Profile" under "SAP Performance" menu.
* "Oracle: Tablespace Growth" under "Database > Oracle" menu.
* Python2/Python3 Compatibility
* Added few new security and basis health checks for "System Overview", "SAP Security Essentials" and "SAP Security Scorecard dashboards.
* Minor updates to "Time Machine Dashboard", "Batch Jobs", "User Experience (Geo)", "ABAP Dumps" and "CPU vs. Work Processes".
* Version 6.0.0 (September 2019)
* Major changes in App's navigation.
* Renamed "SAP Production Systems" as "Landscape Overview", "Audit and Security Checks" as "SAP Security Scorecard" and minor name changes to few other dashboards.
* Recategorized all dashboard apart from "PowerConnect" category dashboards.
* Added following new dashboards:
* "System Overview" under "PowerConnect" menu.
* "My Layout(Beta)" under "PowerConnect" menu.
* "Data Dictionary" under "PowerConnect" menu.
* "SAP Security Essentials" under "SAP Security" menu.
* "Thread Hotspots" under "JAVA > JVM" menu.
* "Expensive Statements(raw)" dashboards for each databases.
* "Segments" under "Database > Oracle" menu.
* Added dark theme for "System Overview", "Data Dictionary", "Time Machine Dashboard" and "SAP Security Essentials" dashboards.
* Minor fixes to "Number Range Monitoring", "IDOC for WE02", "Landscape Overview" dashboard and few other dashboards.
* Version 5.0.2 (April 2019)
* Renamed macro `jmx` to `sap-java` across all java dashboards for consistency.
* Improved "Page Hit Rate", "Page Response Time", "Channel Monitoring" dashboards.
* Added timerange and source filters in Channel Monitoring dashboard.
* Background Job Analysis dashboard added under SAP Instance.
* Audit and Security Checks dashboard added under SAP Global.
* Used sensitive_tcodes, wide_open_auth_objects, security_parameters_names and ip_subnets lookup in Audit and Security Checks dashboard
* App improvements made for better cloud vetting score.
* Number Range Monitoring dashboard added under SAP Global.
* SAP CCMS dashboard added under SAP Global.
* Time Machine Dashboard added under SAP Global.
* Added "Jobs Runtime", "Job Steps and Logs for JOBNAME", "Runtime for JOBNAME over last 7 days", "SM50 Logs for INSTANCENAME", "Job Log Data for JOBLOG" and "Total number of active jobs" panels under SAP Global > Batch Jobs dashboard.
* Added drilldowns in "Jobs Runtime" and "Active Jobs Runtime" panels under SAP Global > Batch Jobs dashboard.
* Version 5.0.1 (Feb 2019)
* Changed regex in the SAP_Production_Systems data-model to extract AVAIL_PERCET field from both kinds of data, having spaces after colon(:) and without spaces after the colon in the raw events.
* props.conf and tags.conf files added to make the data compatible with CIM Authentication Data-model.
* Channel Monitoring Dashboard added under JAVA > PI.
* App icons updated.
* Resolved issue in Audited Logins dashboard.
* Resolved issue in Memory Pressure panel in SAP Systems dashboard.
* Changed queries for DIA Steps dashboard to utilize time field from raw data.
* "Active job runtime" panel added in SAP Global > Batch Jobs dashboard. Added scheduled savedsearch to populate lookup for the threshold of batch jobs runtime.
* "Active locks duration" panel added in SAP Global > Locks dashboard.
* "Batch Jobs Runtime Alert" - Alert added for Batch Jobs runtime exceeding threshold value for runtime.
* Version 5.0.0 (July 2018)
* Added dynamic database navigation through setup page.
* Added time-range and span default value selection into setup page.
* Added span for timecharts into all dashboards.
Other minor enhancements.
* Version 4.20.0 (Mar 2018)
* Added a panel for Check for "Old" locks inside dashboard Locks and Updates under SAP Global.
* Added a dashboard for System Logs under SAP Global.
* Added a dashboard for Spool Monitoring under SAP Global.
* Added a dashboard for System Settings under SAP Global.
* Added a dashboard for SAP Connect under SAP Global.
* Version 4.19.0 (Feb 2018)
* Added a dashboard for SM50 TRACE within SAP instance.
* Added a dashboard for Maximum memory usage within SAP instance.
* Added a panel, Buffer Free Dir in SAP instance > SAP Buffers.
* Added a dashboard for qRFC Monitor for the outbound queue within SAP Global.
* Added a dashboard for qRFC Monitor for the inbound queue within SAP Global.
* Added a dashboard for JAVA > PI Messages.
* Added a dashboard for JAVA > NW > Default Trace Log.
* Added a dashboard for JAVA > NW > Application Trace Log.
* Added a JAVA View in SAP Production System.
* Version 4.11.2 (Oct 2017)
* Removed transaction_slabs.csv lookup which was not used in app.
* Resolved AppInspect issue of ip_subnets.csv lookup.
* Resolved AppInspect issue of conf files having default or global stanza.
* Resolved AppInspect issue of Data Model acceleration should be disabled by default. Steps to enable acceleration is mentioned in Data Model Configuration section below.
* Version 4.11.1 (Sep 2017)
* Changed timesUTC flag to false for Availability Gantt chart so that the chart populates according to user's browser's timezone.
* Added a new field INSTANCE_NAME for EVENT_TYPE ST03_TIME, SM51, ST06 in Datamodel.
* Added a dropdown of Span varying from 1m to 7d and based on this span selection all the panels will change except event status drilldown chart in SAP Production Systems dashboard.
* Removed DBMT, FNEMT and TOTAL_RESP_TIME from SAP Production Systems Performance Drill down Response Time chart and showed the chart by Instance Name.
* Made JVM dashboard compatible with new event format.
* Added a new SAP Global Transactions (Raw) dashboard.
* Added a Page Response Time (ms) dashboard.
* Added a Page Hit Rate dashboard.
* Added Java View, CPU Load, Free Physical Memory (MB) and Free Swap Memory (MB) panels to JVM Dashboard.
* Version 4.11.0 (Sep 2017)
* Updated SAP_Production_Systems DataModel for "CPU All Instances" Dashboard.
* Added DataModel for SAP_ABAP_SM37 operation.
* Added a job picker and a panel for SM37 jobs' average execution time in "Batch Jobs" Dashboard under SAP Global.
* Added CPU All Instances Dashboard in SAP Global.
* Version 4.10.0-1 (Jul 2017)
* Javascript enhancements. Check the Installation section of this document for more instructions.
* Added "Event Status" column and a drill down chart in "SAP Production System" dashboard.
* Added a new "CPU vs. Work Processes" dashboard.
* Modified regex for Availability in datamodel for "SAP Production System" to support all Splunk versions above 6.2.x.
* Modified "SAP RZ10", "SAP Global Transactions" and "SAP Instance Transactions" dashboards to support Splunk 6.2.x.
* Panel title changes in "Disk" and "HANA" dashboards.
* Bug fix in "DIA Steps (Total)" and "DIA Steps" dashboards which showed negative values in charts.
* Bug fix in "DB/2" dashboard by modified search queries.
* Version 4.0.9-1 (Mar 2017)
* Added HANA DB Reports:
1. Overview
2. Alert Details
3. SQLPL Details
* Added ASE:
1. Log Details
2. Database Details
3. Computation Usage Details
4. DeviceIO Details
5. Resource Details
6. SpinLock/System State Details
7. System Action Details
* Added SAP Global:
1. IDOC Status for WE02
* Added Multiple Sourcetype in Macro: sap_abap, sap:abap, sap:abap:$event_type$
* Changed jmx macro to support both the sourcetype : jmx, sap:java
* Version 4.0.8-2 (Feb 2017)
* Removed unused files.
* Kept lookup file empty. See "LOOKUP FILE MANUAL CONFIGURATION" section for more detail.
* Version 4.0.8-1 (Feb 2017)
* Modified the lookup query that is used to populate SAP system instance dropdown.
* Added new saved searches to run once manually after installing the app to populate lookups from all event data.
* Added a step in the Configuration section below.
* Fixed Availability REGEXP inside Datamodel.
* Minor bug fixes.
* Version 4.0.7-1 (Sep 2016)
* Added a new Dashboard of "SAP Production Systems" as a default dashboard.
* Added a new Dashboard of "SAP CRM BSP Transactions" as a default dashboard.
* Added a new Dashboard of "SAP RZ10" as a default dashboard.
* Resolved issue of Blank TCODEs for Task Type Dialog
Add Drill Downs in all charts of "SAP Global STAD" and "STAD by Instance" dashboards.
* Moved "Errors in PowerConnect Application Log" panel below "PowerConnect Messages received" in PowerConnect Health dashboard.
* Minor bug fixes.
* Version 4.0.6-2 (Jul 2016)
* Removed timezone and timestamp field configuration from props.conf.
* Move field extractions from props.conf to search queries.
* Updated app to use _time field instead of TIMESTAMP field.
* Resolved issue with Task Dropdown default value.
* Resolved issue with Multiselect filters of User and Transaction Code.
* Minor bug fixes.
* Version 4.0.6-1 (Jul 2016)
* Source drop down added in "IDOC Status" dashboard.
"SAP Global STAD", "STAD by Instance" and "Users logged in" (Panel: Number of logged in users (AL08)) dashboards using tstats based search which is work on Data model.
Minor bug fixes.
* Version 4.0.5-2 (May 2016)
* Minor bug fixes.
* Version 4.0.5-1 (May 2016)
* All SAP System and SAP Instance form input dropdown will use Saved Search.
* Added a pre-configured role "pc-admin".
* Added a new dashboard "IDOC Status" under SAP Global Navigation Menu.
* Added description in app.conf.
* Removed usage of deprecated `<seed>` option in Simple XML forms.
* Cleanup of savedsearches.conf and minor fixes.
* Version 4.0.4-3 (May 2016)
* Bug fix in query for "Number of users created" panel in "Users logged in" dashboard.
* Used ip_subnets lookup in User Experience (Geo) dashboard.
* Added missing EVENT_TYPE in queries for form filters in DB/2 dashboard.
* Added a "Total CPU Load" panel in CPU Dashboard.
* Added a new "ABAP Dumps" dashboard in SAP Global.
* Version 4.0.4-2 (May 2016)
* Form Filters will now be reloaded on change of Time Range.
* Improved Dashboard Performance for SAP Instance - Disk.
* Version 4.0.4-1 (May 2016)
* Set default time range selection to "Last 7 days".
* Default value of task type drop down set to "Dialog".
* Default value of user drop down set to "All".
* Default value of transaction code drop down set to "All".
* Default value of System/SAP System/Source drop down unset.
* Changed the Time Range drop down to Time Range Picker for all dashboards.
* Version 4.0.3 (Apr 2016)
* Bug fixes.
* Improved Dashboard Performance.
* Added new Dashboards and Charts.
SUPPORT
------------------------------
* Contact information for reporting an issue:
support@powerconnect.io
DOWNLOAD
------------------------------
* Download the SAP PowerConnect for Splunk application from splunk base - https://splunkbase.splunk.com/app/3153/
INSTALLATION
------------------------------
* This application needs to be installed on Splunk Search Head in the case of Distributed environment.
* For Installation and Setup instructions, refer to the documentation here - http://www.powerconnect4.com/help/
* This app can be installed either through UI from "Manage Apps" or by extracting the compressed file into $SPLUNK_HOME$/etc/apps folder.
* Restart Splunk
* For existing installations, if you are upgrading the app, please check the "UPGRADE STEPS" section of README.
UPGRADE STEPS
------------------------------
* If you upgrade the app to 7.0.0 or above version from any of the lower version(Below 7.0.0) please run the Setup Page so that you can use the panel wise alert functionality.
* Before installing the new version if you have made any custom changes to ip_subnets lookup or app's navigation bar make sure you backup ip_subnets.csv (located at: $SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/lookups/ip_subnets.csv) and app's navigation bar xml file (located at: $SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/local/data/ui/nav/default.xml).
* If you are upgrading PowerConnect app from version 6.2.0 and have followed the first way of updating queries through UI given in the following KB document - https://help.powerconnect.io/powerconnectdocumentation/KB-98---CPU,-Memory-and-Availability-gauges-displaying-0-values-v-6.2.0-bug.3282862081.html, then there would be a copy of the file sap_system_ovw.xml in $SPLUNK_HOME/etc/apps/bnw-app-powerconnect/local/data/ui/views directory. Remove this file from the location and then follow the steps below.
* Install the app through UI from "Manage Apps" > "Install app from file".
* Restart Splunk.
* Please clear browser cache.
* From "Manage Apps" click on "Set Up" link beside BNW-app-powerconnect entry.
* For information on setting up the app please check "SETUP PAGE GUIDE" section of the README.
* Change needful in the setup page and click on "Save" button.
* Warning: Any custom changes in the dashboard from Splunk UI would create a copy of the same file in $SPLUNK_HOME/etc/apps/bnw-app-powerconnect/local/data/ui/views directory. This will prevent you from getting future updates of the app. Therefore, while updating the app to a newer version, remove these files from the local folder and then update the app. Make sure you take a backup of the local copy in case you want to revert back to your custom changes later.
ALERT MECHANISM LIMITATIONS
------------------------------
* If you upgrade the app to 7.0.0 or above version from any of the lower version(Below 7.0.0) please run the Setup Page so that you can use the panel wise alert functionality.
* User will need admin, power, sc_admin (Splunk Cloud) role or any role which inherit that role.
* Private Alert will not work in Alerting mechanism.
* Global Alert (in other app) will not work in Alerting mechanism.
* Duplicate alert name will not work.
* At this time, users can create only one alert per panel. If you click on bell icon and load alert dashboard and if not create alert (alert dashboard still open) and if now click on other bell icon and load alert dashboard and now create a new alert from first opened tab then alert mechanism will not work properly.
APP DEPENDENCY
------------------------------
* The app makes use of a Splunk application "Splunk Machine Learning Toolkit(MLTK)" to incorporate machine learning usecases in certain dashboards, namely "SAP Security Essentials" and "ABAP Dumps"
* The app can be downloaded from splunkbase - https://splunkbase.splunk.com/app/2890/
SETUP PAGE GUIDE
------------------------------
#### Section 1: Setup default values
* In this section default filter values for the timerange and span can be set. These values are set to default across all the dashboards.
* **Note**: This does not apply for "Expensive Statements (raw)" dashboards for databases.
#### Section 2: Database selection
* In this section you can add/remove database menu entry from the navigation bar of the App.
#### Section 3: SAP Cloud selection
* In this section you can add/remove SAP Cloud product menu entry from the navigation bar of the App.
#### Section 4: SAP Fiori selection
* In this section you can add/remove SAP Fiori menu entry from the navigation bar of the App.
CONFIGURATION
------------------------------
* After performing above mentioned installation steps, configure the indexes to be accessible by admin and all other users and roles who will be accessing this application.
* All SAP raw events are configured to provide TIMESTAMPs in UTC timezone. Configure the system and Splunk user timezone accordingly.
* If any new field extraction is required to be done in props.conf for the [sap_abap] stanza, please verify the application is not affected by that change.
* The Lookups need to be populated with the event data. This step is required to be performed only once as there are separate savedsearches scheduled to run every hour for appending new items to existing lookups from new events and for some cases it’s only to populate static data in the lookup for once only. There are two ways to complete this step:
* Open the dashboard “Wizard for New SAP SIDs and Instances Discovery” under PowerConnect menu. Either click the searches to run them, or switch to the legacy view, select the checkbox corresponding to the savedsearches name, and click on the “Run Searches” button. The status of the search would get updated in the Status column of the table and the user can view the search results once the search has completed by clicking in the table cell. The step would be complete when all the searches specified in the table have completed execution successfully with the exception of “Cloud ______ Source - Lookup Gen - Run Once Only” searches. These searches should only be run if the user wants to use the respective SAP Cloud dashboards.
* On Splunk's menu bar, Click on Settings -> “Searches, reports, and alerts” and manually run all the savedsearches with the suffix ” – Run Once Only”. In case of a large number of events, if savedsearch execution does not get completed, try to reduce the time range and populate the lookups.
OPTIONAL CONFIGURATION
------------------------------
* GERMAN OR JAPANESE LANGUAGE SUPPORT
* The app version 6.4.0 supports German and Japanese languages apart from English.
* By default, Splunk automatically uses the language that the user's browser is set to. To switch languages, either the browser's locale setting can be changed or for a given Splunk session it can be changed by modifying the URL that you use to access Splunk. For different languages use the URL as specified:
* German : http://<your_splunk_instance_address>/de-DE/app/BNW-app-powerconnect/
* Japanese: http://<your_splunk_instance_address>/ja-JP/app/BNW-app-powerconnect/
* American English: http://<your_splunk_instance_address>/en-US/app/BNW-app-powerconnect/
* British English: http://<your_splunk_instance_address>/en-GB/app/BNW-app-powerconnect/
* Korean: http://<your_splunk_instance_address>/ko-KR/app/BNW-app-powerconnect/
*(Replace the placeholder in the URL)
Note: In case the dashboard is not getting shown in the expected language after going to the appropriate URL, the user should clear the browser cache and refresh the dashboard.
* The language translation of description ("Wizard for New SAP SIDs and Instances Discovery" dashboard, "Data Dictionary" dashboard and "Searches, Reports, and Alerts" section) is supported for Splunk version 7.3.x and above.
* Reference: https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Userlanguageandlocale
* MACROS:
* On Splunk's menu bar, Click on Settings -> “Advanced search” -> “Search Macros”.
1. "sap-index" macro
* Click on the “sap-index” macro and mention the index name in the Definition where data is incoming. Please see the sample below:
* (index="main" OR index="sample1" OR index="sample2")
* Note: For selecting all value of an entity, "*" (asterisk) can be used. Logical operators like "AND", "OR" should be capitalized when used in Definition.
* Click on the Save Button.
2. "pc_landscape_lookup_delete_days" macro
* Click on the “pc_landscape_lookup_delete_days” macro and mention the number of days, you want to keep the data in the lookup in the Definition. Please see the sample below:
* 30
* Click on the Save Button.
DATA MODEL CONFIGURATION
------------------------------
* Data Model Acceleration is disabled by default. Admin can enable acceleration and set the acceleration period by the following steps:
1. On Splunk's menu bar, Click on Settings -> Data models
2. From the list for Data models, click "Edit" in the "Action" column of the row for the Data model for which acceleration needs to be enabled.
3. From the list of actions select Edit Acceleration. This will display the pop-up menu for Edit Acceleration.
4. Check Accelerate check box to "Enable" data model acceleration.
5. If acceleration is enabled, select the summary range to specify the acceleration period.
6. To save acceleration changes click on the save button.
* For additional details, please refer the following document:
https://help.powerconnect.io/powerconnectdocumentation/KB-96---Splunk-PowerConnect-App-Data-Model-Information.3076489217.html
REBUILDING DATA MODEL
------------------------------
* In case there is no need to use the already indexed accelerated Data Model, the Data Model can be configured to rebuild from scratch for the specified acceleration period. Data Model can be rebuilt by the following steps:
1. On Splunk's menu bar, Click on Settings -> Data models
2. From the list for Data models, expand the row by clicking ">" arrow in the first column of the row for the Data model for which acceleration needs to be rebuild. This will display an extra Data Model information in "Acceleration" section.
3. From the "Acceleration" section click on "Rebuild" link.
4. Monitor the status of the rebuild in the field "Status" of "Acceleration" section. Reload the page to get the latest rebuild status.
SAVEDSEARCHES
------------------------------
* "SAP Systems" saved search generates a formalized replacement for Master Inventory Lookup that encompasses all SAP system types such as ABAP, Java, Cloud, etc.
* "Master Inventory Lookup" saved search generates the Master Inventory Lookup for a system list.
* "System Inventory" saved search is used to populate Time, CPU, Memory, Capacity in dashboards.
* Below savedsearches are accelerated and acceleration might increase storage and processing costs. The user can change the acceleration option by following the steps given at the end of the section.
1. Global STAD - Database Time, Response Time & Network Time
2. SAP_stad_get_userlist
* Below savedsearches are used in Dropdown population in some dashboards.
1. summaryAccountInstance
2. summaryAccountSource
3. summaryTcodeInstance
4. summaryFilenames
5. summaryCloudCPISourceId
6. summaryCloudAPISourceId
7. summaryCloudSuccessFactorSourceId
8. summarySystemRole
* Below lookups are used in Dropdown population in some dashboards.
1. pc_sap_systems
2. master_inventory_lookup
3. source_instance_task_tcode_lookup
4. jmx_lookup
* "landscape_overview_summary" saved search is used to populate lookups for the Landscape Overview Dashboard.
* "landscape_overview_lookup_clean" saved search is used to Remove lookups data which is used in Landscape Overview Dashboard.
* The following saved searches are used to populate lookups for the Process Chain Dashboard. These are disabled by default. Users need to manually enable these to use the dashboard.
1. Sap_Subchain_Hour_Relation
2. sap_state_step_chain - Lookup Gen
3. sap_state_step_chain - Lookup Gen (Month Reset)
4. Avg_Process_Chain
5. Avg_Process_Chain2
6. Next_Start_Process_Chain
7. Sap_Process_Chain_Status_Duration
8. sub_subchain_hour_relation_lookup - Lookup Gen
* The steps to enable the savedsearches are:
1. On Splunk's menu bar, Click on Settings -> Searches, reports, and alerts.
2. Select App context="SAP PowerConnect for Splunk (BNW-app-powerconnect)" and mark check "Show only objects created in this app context".
3. Click on "Edit" dropdown under "Actions" and click on "Enable".
* The following saved searches are used to improve the search performance for the MLTK panels by acceleration. By default this feature is disabled. Users need to manually enable the acceleration.
1. "mltk_sap_security_essentials_anomaly_tcode" - For the "Anomaly Detection: T-Code Executions" panel present in SAP Security Essentials dashboard.
2. "mltk_sap_security_essentials_forecast_logins" - For the "Forecasting: User Logins" panel present in SAP Security Essentials dashboard.
3. "mltk_abap_dumps_forecast_dumps" - For the "Forecasting: ABAP dumps" panel present in ABAP Dumps dashboard.
4. "mltk_st22_anomaly" - For the "ABAP Dumps Outlier" panel present in ABAP Dumps dashboard.
5. "mltk_sm37_anomaly" - For the "SAP Batch Jobs Anomaly" panel present in Batch Jobs dashboard.
* Users can change the acceleration option by following the below steps:
1. On Splunk's menu bar, Click on Settings -> Searches, reports, and alerts.
2. Select App context="SAP PowerConnect for Splunk (BNW-app-powerconnect)" and mark check "Show only objects created in this app context".
3. Click on "Edit" dropdown under "Actions" and click on "Edit Acceleration" for the savedsearch you want to enable acceleration for.
4. Under the Acceleration label, you will find "Accelerate this search" check box.
5. By making a check / uncheck "Accelerate Report" check box, the acceleration option of savedsearch will be enabled/disabled.
6. Click on "Save".
KNOWN ISSUES
------------------------------
* In Splunk 8.2.x, In Basis Health Checks Dashboard, language translation wouldn't happen as it is created using Splunk Dashboard Studio. This is a Splunk issue as it works properly in Splunk classic dashboards.
* SHC replication for the setup page wouldn’t happen in distributed Splunk environment and users need to configure the setup page on each SH. This is a known issue in Splunk.
* If you face "[subsearch]: Search auto-finalized after time limit (60 seconds) reached" error then add below stanza in $SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/local/limits.conf file. if limits.conf is not available at that location then please create limits.conf file and restart splunk server.
[subsearch]
maxout = 50000
maxtime = 3600
[join]
subsearch_maxtime = 3600
subsearch_timeout = 360
* In Splunk Cloud, If you see the "Potential Security Risk" popup during the use of the SAP PowerConnect app for Splunk then you can click on the “Run Query Anyway” button to accept the risk and if you are not able to click on the button then please refer https://help.powerconnect.io/powerconnectdocumentation/KB-145---Guide-to-resolve-the-%E2%80%9CPotential-Security-Risk%22-popup-in-wizards.3278995457.html
SEND DATA TO SPLUNK
------------------------------
* HTTP Event Collector(HEC) is a fast and efficient way to send data to Splunk Enterprise and Splunk Cloud. Notably, HEC enables you to send data over HTTP (or HTTPS) directly to Splunk Enterprise or Splunk Cloud from your application. Also, HEC is token-based, so you never need to hard-code your Splunk Enterprise or Splunk Cloud credentials in your app or supporting files like the way it is required in data collection using REST API.
* So it is recommended to use HEC instead of REST API to send data to Splunk.
OPEN SOURCE COMPONENTS AND LICENSES
------------------------------
* Some of the components included in "SAP PowerConnect for Splunk" are licensed under free or open source licenses. We wish to thank the contributors to those projects.
* jQuery version 3.5.0 http://jquery.com/
(LICENSE https://github.com/jquery/jquery/blob/master/LICENSE.txt)
* Underscore JS version 1.6.0 http://underscorejs.org
(LICENSE https://github.com/jashkenas/underscore/blob/master/LICENSE)
* Require JS version 2.3.6 http://github.com/jrburke/requirejs
(LICENSE https://github.com/requirejs/requirejs/blob/master/LICENSE)
* jQuery UI version 1.12.1 https://jqueryui.com/
(LICENSE https://github.com/jquery/jquery-ui/blob/main/LICENSE.txt)
* bootstrap-tab.min.js version 2.3.1 https://github.com/twbs/bootstrap (LICENSE https://github.com/twbs/bootstrap/blob/main/LICENSE)
* i18n.min.js version 2.0.6 https://github.com/requirejs/i18n
(LICENSE https://github.com/requirejs/i18n/blob/master/LICENSE)
* D3 JS version 3.3.5 https://github.com/d3/d3/releases
(LICENSE appserver/static/components/d3/LICENSE)
* Gantt Chart components from Splunk app "Gantt Chart visualization" 1.3.5 https://splunkbase.splunk.com/app/1741/
(LICENSE http://www.gnu.org/licenses/gpl-3.0.txt)
* Plotly JS version 1.49.4 https://github.com/plotly/plotly.js/releases (LICENSE appserver/static/components/scatterplot/LICENSE.txt)
* Golden Layout version 1.5.9 https://github.com/golden-layout/golden-layout/releases
(LICENSE appserver/static/components/goldenlayout/LICENSE.txt)
* Font Awesome Free 5.2.0 by @fontawesome - https://fontawesome.com/ (LICENSE appserver/static/icons/LICENSE.txt)
LOOKUP FILE MANUAL CONFIGURATION
------------------------------
* In "SAP Performance->User Experience (Geo)" dashboard, ip_subnets lookup file is used for fetching predefined subnet, lat, long and text fields. On the basis of these fields, the panel will display bubbles on Geo Map.
* To make "SAP Global->User Experience (Geo)" dashboard working properly, the user needs to manually insert subnet values in ip_subnets lookup file ($SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/lookups/ip_subnets.csv).
For example:
subnet,lat,long,text // this line is already in ip_subnets.csv file.
XXX.XXX.XXX,-10.000,20.000,"Text Value" //Sample value in ip_subnets.csv file.
.
.
.
where,
- "XXX.XXX.XXX" is subnet value.
- "-10.000" is latitude.
- "20.000" is longitude.
- "Text Value" is identical city/state/state name.
* In "SAP Security->SAP Security Scorecard" and "SAP Security->SAP Security Essentials" dashboards, security_parameters_names lookup file is used for one of the security use case "Password policy parameters". On the basis of this lookup "Password policy parameters" security use case is defined.
* To modify this security use case, user need to manually add/modify security_parameters_names lookup file ($SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/lookups/security_parameters_names.csv).
For example:
PAR_NAME,RECOMMENDED_VALUE,CONDITION // this line is already in ip_subnets.csv file.
login/min_password_lng,6,> //Sample value in security_parameters_names.csv file.
.
.
.
where,
- "login/min_password_lng" is parameter name.
- "6" is recommended value.
- ">" is one of the three possible conditions i.e ">" OR "<" OR "=".
* In "SAP Security->SAP Security Scorecard" and "SAP Security->SAP Security Essentials" dashboards, sensitive_tcodes lookup file is used for one of the security use case "Execution of sensitive transactions". On the basis of this lookup "Execution of sensitive transactions" security use case is defined.
* To modify this security use case, user need to manually add/modify sensitive_tcodes lookup file ($SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/lookups/sensitive_tcodes.csv).
For example:
TCODE // this line is already in sensitive_tcodes.csv file.
SE16 //Sample value in sensitive_tcodes.csv file.
.
.
.
where,
- "SE16" is sensitive TCODE value.
* In "SAP Security->SAP Security Scorecard" and "SAP Security->SAP Security Essentials" dashboards, wide_open_auth_objects lookup file is used for one of the security use case "Users with sensitive authorization". On the basis of this lookup "Users with sensitive authorization" security use case is defined.
* To modify this security use case, user need to manually add/modify wide_open_auth_objects lookup file ($SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/lookups/wide_open_auth_objects.csv).
For example:
OBJECT // this line is already in wide_open_auth_objects.csv file.
S_TABU_DIS //Sample value in wide_open_auth_objects.csv file.
.
.
.
where,
- "S_TABU_DIS" is object value.
* In "SAP Security->SAP Security Scorecard" and "SAP Security->SAP Security Essentials" dashboards, sensitive_user_roles lookup file is used for one of the security use case "Users with sensitive role". On the basis of this lookup "Users with sensitive role" security use case is defined.
* To modify this security use case, user need to manually add/modify sensitive_user_roles lookup file ($SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/lookups/sensitive_user_roles.csv).
For example:
AGR_NAME // this line is already in sensitive_user_roles.csv file.
Z_BNWVS_ADMIN_CHANGE //Sample value in sensitive_user_roles.csv file.
.
.
.
where,
- "Z_BNWVS_ADMIN_CHANGE" is rule name.
* In "Java->NW->NetWeaver Java UME" dashboard, sensitive_user_roles_java lookup file is used for one of the security use case "Users with sensitive role". On the basis of this lookup "Users with sensitive role" security use case is defined.
* To modify this security use case, user need to manually add/modify sensitive_user_roles_java lookup file ($SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/lookups/sensitive_user_roles_java.csv).
For example:
role_name // this line is already in sensitive_user_roles.csv file.
Administrator //Sample value in sensitive_user_roles.csv file.
.
.
.
where,
- "Administrator" is rule name.
* In "PowerConnect->Landscape Overview" dashboard, pc_landscape_ovw_source_exclude lookup file is used to exculde the systems from the "ABAP System" and "JAVA System" dropdowns. Thus, the systems added to this lookup file would not be populated in these dropdowns.
* To modify this, user need to manually add/modify pc_landscape_ovw_source_exclude lookup file ($SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/lookups/pc_landscape_ovw_source_exclude.csv).
For example:
source // this line is already in pc_landscape_ovw_source_exclude file.
.
.
.
where,
- "source" is rule name.
RUNNING LOOKUP SAVED SEARCHES
-----------------------------
Lookups can be rebuilt by the following steps:
1. On Splunk's menu bar, Click on Settings -> Searches, reports, and alerts.
2. In "App context" dropdown, select "SAP PowerConnect for Splunk (BNW-app-powerconnect)" from the list.
3. Select the check box of "Show only objects created in this app context".
4. In the top right search box, enter "- Run Once Only" and click on the search icon.
5. Above list of look up saved searches should be filtered out.
6. Now for each saved search from the above list, click on "Actions" -> "Run" one by one in new tabs.
7. The saved searches will run with "All Time" time range. In case, you want to update the time range with some lesser value stop the existing search job, change the time range and run the search again.
NOTE: Run the saved searches one by one to avoid concurrency issue.
Copyright (c) 2024 SoftwareONE. All Rights Reserved.