Supplementary Services: Splunk

For more information on the requirements for CVP to manage Splunk extensions on EOS devices, go to https://www.arista.com/en/support/software-download and download the PDF from Extensions > Splunk > AristaTelemetry.pdf.

Requirement

EOS 4.15.2 or later is required.

Installation

You can access the Splunk Telemetry App directly from CVP by completing the following steps. From your browser.

  1. Copy the RPM to and install it on the switch.
    show extensions
    Name Version/Release Status RPMs
  2. Install the Splunk Universal Forwarder RPM on EOS.
    copy <source>/splunkforwarder-6.1.4-233537.i386.rpm extension:
    extension splunkforwarder-6.1.4-233537.i386.rpm
  3. Install the AristaAppForSplunk on EOS.
    copy <source>/AristaAppForSplunk-1.3.2.swix extension:
    extension AristaAppForSplunk-1.3.2.swix
    Note: Extensions must be installed on all supervisors.

    Restart the SuperServer agent.

    (config)# agent SuperServer shutdown
    (config-mgmt-api-http-cmds)# no agent SuperServer shutdown
  4. Verify the extensions are loaded.
    show extensions
    Name Version/Release Status RPMs
    ------------------------------------------ ------------------------- ---
    AristaAppForSplunk-<version>.swix <version>/1.fc14 A, I 3
    splunkforwarder-6.1.4-233537.i386.rpm 6.1.4/233537 A, I 1
    EosSdk-1.7.0-4.15.2F.i686.rpm 1.7.0/2692966.gaevanseoss A, I 1
    A: available | NA: not available | I: installed | NI: not installed | F: f

Quick Start

  1. Use the configuration to enable forwarding to the Splunk indexer. This assumes that a username/password and eAPI have been configured for the AristaAppForSplunk extension previously.
    daemon SplunkForwarder
    	exec /usr/bin/SplunkAgent
    	no shutdown 
  2. Configure and turn on the desired indexes for data collection. The credentials must match 'username <name> secret <passphrase>' configured on the switch.
    option eapi_username value <username>
    	option eapi_password value 7 <encrypted-password>
    	option eapi_protocol value https 
  3. Turn on desired indexes for data collection.
    option index-inventory value on
    	option index-interface-counters value on
    	option index-lanz value on
    	option index-topology value on
    	option index-syslog value on
    	option index-data value <index-name
  4. Configure Splunk server IP and destination port.
    option splunk-server value <Server-IP:Port>
  5. Start Splunk data forwarding.
    option shutdown value off