Use Case

This integration allows collecting events from SolarWinds to create events in OBM. The template name is SolarWinds events to Splink events (OA).

Requirements

Integration Requirements


SolarWinds

Splunk

Authentication

  • Username and Password

  • Username and Password

  • API Token

Permissions

  • Basic Privileges

  • Admin Role

Environment

  • N/A

Network Requirements


Direction (Port)

Communication

  • ZigiOps → SolarWinds (17778)

  • ZigiOps → Splunk (8089)

Actions

Get Events

This action sends HTTP requests at a scheduled interval to collect events from SolarWinds to create events in Splunk.

Data Mapping

Below is the default data mapping for this integration template.

Source Entity

Target Entity Attribute

Target Entity Attribute Details

Events

Affected Entity

The ZigiOps checks the available values in the following order:

  1. {extracthostdns}
    (dynamic value taken from the “DNS” of the affected entity)

  2. {extracthostsysname}
    (dynamic value taken from the “System Name” of the affected entity)

  3. {extracthostnodename}
    (dynamic value taken from the “Name” of the affected entity)

Description

{eventtypeproperties/name}
(the name of the “Event Properties” of the SolarWinds event)

Host

The ZigiOps checks the available values in the following order:

  1. {nodes/dns}
    (dynamic value taken from the “DNS” of the node)

  2. {nodes/sysname}
    (dynamic value taken from the “System Name” of the node)

  3. {nodes/nodename}
    (dynamic value taken from the “Name” of the node)

Index

zigievents
(static value that the integration sends for the “Index” attribute of the Splunk event)

Message

{message}
(the “Message” of the SolarWinds event)

Severity

{eventtypeproperties/icon}
(the “Icon” of the “Event Properties” of the SolarWinds event)

Source

events
(static value that the integration sends for the “Source” attribute of the Splunk event)

Source Type

External Integration (Solarwinds)
(static value that the integration sends for the “Source Type” attribute of the Splunk event)

Time

{eventtime}
(the “Time” when the event has been created in SolarWinds)