All Apps and Add-ons

Is there a Splunk app for Proxmox to troubleshoot Proxmox ?

john_q
Explorer

We have a Proxmox virtual environment and there are some server instances in that Proxmox.
I want to know server instance information whether it is on or off in that Proxmox through logs.

0 Karma

Richfez
SplunkTrust
SplunkTrust

There is no app that I can find for proxmox, nor do there seem to be apps for any of the underlying technologies (QEMU, KVM, or LXC).

Of course that doesn't mean you can't create your own. Some of the surrounding logs and material may be already done for you - for instance the Splunk Add-on and App for Unix and Linux (that's two separate things) may collect all the system-level stuff you'd need from the host. As a start, I'd get that set up.

Depending on the complexity of what you are after, doing the rest may not be real hard. Using QEMU as an example, the basic steps would likely be
a) Create an index for your specific data, perhaps called "qemu"
b) Find the location of log files that could be useful - the Fedora Project's "How to debug Virtualization problems" page may be a good start.
c) Test inputting those logs into your index. This will take some trial and error, depending on how the logs are formatted and written.
d) Build any extractions or knowledge objects you need.
e) Finally, create alerts, reports and dashboards.

There is work involved, but you might find it's rather minimal - often times for these reasonably simple use cases, it's easy enough to start out with basic logs and search for, oh, "ERROR" and things in them.

Anyway, happy Splunking!
-Rich

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...