Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to send Splunk events and alerts to SCOM 2012 without using a script?

smbateman
New Member
‎05-23-2016 10:32 AM

I've reviewed every previous response to here and all are pretty old. The best two being:

  1. docs.splunk [dot] com/Documentation/Splunk/6.2.5/alert/SendingSNMPtrapstoothersystems
  2. answers.splunk [dot] com/answers/68372/generate-snmp-trap-from-splunk.html

There must be a better way than relying on Powershell or Perl to achieve this, yet my research has come up empty. The Splunk Add-on for Microsoft SCOM is for sending SCOM data to Splunk - I need a solution for the opposite: Splunk to SCOM.

Has no one found a viable, non-script, solution for this? I would be happy to use a 3rd party connector/management pack if I could find one.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎03-24-2020 07:41 PM

Hi smbateman,

Greetings from the future.

Recent versions of SCOM allow you to create an email Notification Channel https://docs.microsoft.com/en-us/system-center/scom/manage-notifications-create-email-channel?view=s... that you then have to subscribe to get the alerts send by Splunk using email.

Hope that helps ...

cheers, MuS

0 Karma
Reply

andrewrouch
New Member
‎12-06-2017 08:25 PM

Splunk should write events and alerts into the local Windows log files and the SCOM agent will be monitoring the log file and forward the events to the SCOM server.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-23-2016 10:54 AM

You're looking for an ETL (extract, transform, load) process. You can call it a "connector" all you want, but fact remains it will extract data from splunk, transform it into proper format for SCOM, and then load it into SCOM. This requires code whether if it is in the form of a "connector" or perl, or python, or powershell, etc..

If SCOM can support ODBC DSNs, then you can use the Splunk ODBC.

0 Karma
Reply

smbateman
New Member
‎05-23-2016 11:35 AM

Use ETL tools all the time for data migration and consolidation - mostly analytics use cases - but for my Splunk to SCOM requirement, it would not solve; I need a solution to send real-time events and alerts. The Splunk users/admins are happy but in my enterprise, SCOM (for good or bad) is responsible for enterprise situational awareness, notifying, and ticket creation/management.

Your point - "This requires code whether if it is in the form of a "connector" or perl, or python, or powershell, etc.." - is spot on, no disagreement whatsoever. We are, however, averse to custom scripting and prefer a connector-ish, management pack-ish solution.

If PS/Perl is what I have to use, so be it, but I was hoping for a preferred method.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-23-2016 11:54 AM

😉 I'll convert to comment and who knows, maybe someone else will bring something up.

I think you might be interested in the ODBC deal but real time pretty much means you need to get the data from the original source vs relying on your splunk infrastructure.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-23-2016 11:55 AM

Also splunk likes to say it's easy to pull data out of splunk but they have every interest in keeping it within and do so very cunningly. You'll find issues pulling data out of splunk regardless of how you do it.

Instead, they'd rather you replace scom with splunk's "platform" as it will do all the notifications, alerting, etc. too.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...