Skip to main content
Skip table of contents

PowerConnect Splunk App Upgrade


Splunk App Upgrade Guide for SAP PowerConnect App 8.1.0

Upgrade:

Important: Please note that an upgrade to the PowerConnect Splunkbase version 7.0.+ will require a restart of the search head where the existing app is installed. Therefore, the upgrade needs to be scheduled within your organization’s maintenance windows because the search head will temporarily be unavailable.

BEFORE COMPLETING THE UPGRADE: For Splunk Cloud customers running PowerConnect Splunk app versions 7.0.0-7.2.0, please refer to Knowledge Base #173 to address a bug specific to Splunk Cloud that may prevent the Master Inventory Lookup (and potentially other KVstore-based lookups) from generating properly.

  1. Before installing the new version: If you have made any changes to the lookup files (ip_subnets, security_parameters_names, sensitive_tcodes, wide_open_auth_objects, sensitive_user_roles, sensitive_user_roles_java) OR app's navigation bar :
    Make sure you take the backup of the lookup files (located at: $SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/lookups/) AND app's navigation bar XML file (located at: $SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/local/data/ui/nav/default.xml).

  2. If you are upgrading PowerConnect app from version 6.2.0 and have followed the first way of updating queries through UI given in the following KB document - {+}https://www.powerconnect.io/wiki/kb-098-cpu-memory-and-availability-gauges-displaying-0-values-v-6-2-0-bug/+, then there would be a copy of the file sap_system_ovw.xml in $SPLUNK_HOME/etc/apps/bnw-app-powerconnect/local/data/ui/views directory. Remove this file from the location and then follow the steps below.

  3. Install the app through UI from "Manage Apps" > "Install app from file".

  4. Restart Splunk

  5. From "Manage Apps" click on the "Set Up" link beside BNW-app-powerconnect entry. Follow the steps given in the following document to complete the Set up. If you upgrade the app to 7.x or above from any 6.x version or lower, please run the Setup Page again so that you can use the panel-wise alert functionality.

  6. If you have taken a backup of lookup files mentioned in Step 1 of this document; its time to move them back to $SPLUNK_HOME$/etc/apps/BNW-app-powerconnect/lookups/

  7. If you have taken a backup of Navigation bar XML as mentioned in Step 1 of this document; kindly compare both the Nav bar XML (old and new) and make a decision if you want to keep old, keep new, or merge (by manually editing the old XML with the new changes)

Configuration:

  • The Lookup for the Database needs to be populated with the event data. This step is required to be performed only once as there is a separate savedsearch scheduled to run every hour for appending new items to existing lookup from new events and for some cases it's only to populate static data in the lookup for once only. There are two ways to complete this step:

  1. Open the dashboard "Wizard for New SAP SIDs and Instances Discovery" under PowerConnect menu. Click the “Run” button for the corresponding searches. “SAP Systems - Lookup Gen” will create a new source lookup to be used throughout the app. The status of the search would get updated in the Status column of the table and the user can view the search results once the search has completed by clicking in the table cell.

  1. If you want to convert your existing master inventory lookup to the new sap_systems lookup, please run the search below (run without the final outputlookup line to test the output):

    CODE 
    | makeresults count=0
| append
    [inputlookup master_inventory_lookup
    | eval sys_type="abap"
    | rename CPU as core_count "Category Type" as level "Component Version" as comp_version "Database Host" as db_host "Database Name" as db_name "Database System" as db_type "Database Version" as db_version "File System" as file_sys "IP" as ip "Installation Number" as install_id "Instance Name" as instance_name "Kernel Release" as kernel_release "Machine Type" as machine_type "Memory" as memory_gb "Operating System" as os_type "Source" as sys_id "Unicode System" as unicode "User Preference" as user_pref]
| append
    [inputlookup jmx_lookup
    | eval sys_type="java",sys_subtype=""
    | rename source as sys_id]
| append
    [inputlookup cloud_api_source_lookup.csv
    | eval sys_type="cloud",sys_subtype="api-m"
    | rename sid as sys_id]
| append
    [inputlookup cloud_cpi_source_lookup.csv
    | eval sys_type="cloud",sys_subtype="cpi"
    | rename sid as sys_id]
| append
    [inputlookup cloud_ariba_source_lookup.csv
    | eval sys_type="cloud",sys_subtype="ariba"]
| append
    [inputlookup cloud_cp_audit_log_source_lookup.csv
    | eval sys_type="cloud",sys_subtype="btp"]
| append
    [inputlookup cloud_cpq_source_lookup.csv
    | eval sys_type="cloud",sys_subtype="cpq"]
| append
    [inputlookup cloud_success_factor_source_lookup.csv
    | eval sys_type="cloud",sys_subtype="sf"]
| table sys_id level sys_type sys_subtype instance_name ip install_id machine_type core_count os_type comp_version kernel_release file_sys memory_gb db_name db_type db_version db_host unicode user_pref status
| outputlookup append=true pc_sap_systems

Optional Configuration (SAP Cloud product support):

  • If the user wants to use the “SAP Cloud - CPI Message Monitoring”, “SAP Cloud - API
    Management Monitoring” and “Success Factor Monitoring Dashboard” dashboards, the user needs to enable the saved searches “Cloud CPI Source - Lookup Gen”, “Cloud API Source - Lookup Gen - Run Once Only” and “Cloud Success Factor Source - Lookup Gen - Run Once Only”. The steps to enable the savedsearches are:

    1. On Splunk's menu bar, Click on Settings -> Searches, reports, and alerts.

    2. Search for “Cloud CPI Source - Lookup Gen” or “Cloud API Source - Lookup Gen - Run Once Only” or “Cloud Success Factor Source - Lookup Gen - Run Once Only”.

    3. Click on "Edit" dropdown under "Actions" and click on "Enable".

Optional Configuration (multi-language support):

  • The app version 6.4.0 and onwards supports English, German, Japanese, and partial Korean languages. By default, Splunk automatically uses the language that the user's browser is set to. To switch languages, either the browser's locale setting can be changed or for a given Splunk session it can be changed by modifying the URL that you use to access Splunk. For different languages use the URL as specified:

  1. German: http://<your_splunk_instance_address>/de-DE/app/BNW-app-powerconnect/

  2. Japanese: http://<your_splunk_instance_address>/ja-JP/app/BNW-app-powerconnect/

  3. Korean (limited support): http://<your_splunk_instance_address>/ko-KR/app/BNW-app-powerconnect/

  4. American English: http://<your_splunk_instance_address>/en-US/app/BNW-app-powerconnect/

  5. British English: http://<your_splunk_instance_address>/en-GB/app/BNW-app-powerconnect/ *(Replace the placeholder in the URL)

Note: In case the dashboard is not getting shown in the expected language after going to the appropriate URL, the user should clear the browser cache and refresh the dashboard.
Note: Description works for Splunk version 7.3.x and above
Reference: {*}{+}https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Userlanguageandlocale+*

Optional Configuration (Macro):

  1. On Splunk's menu bar, Click on Settings -> “Advanced search” -> “Search Macros”.

  2. Click on the “sap-index” macro and mention the index name in the Definition where data is incoming. Please see the sample below:
                (index="main" OR index="sample1" OR index="sample2")
    Note: For selecting all value of an entity, "*" (asterisk) can be used. Logical operators like "AND", "OR" should be capitalized when used in Definition.

  3. Click on the Save Button.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close