Now that PowerConnect agent is installed, security is setup and license is installed, we need to configure the agent.

→ Note: If you’re using a Dual Stack setup, please execute some additional actions, described here.

There are 8 tabs to configure the agent, there are only 3 (three) that need to be configured to ensure agent is operational:

·         User credentials in the General tab

·         Splunk URL and HEC token in the Splunk tab

·         License key License tab (which should already be installed)

For a full reference of each field refer to the full configuration reference.

General

In this tab you need to configure the PowerConnect user and credentials that you created above in Creating security user and role

Enter the user powerconnect and the password you set. Keep the case the same as the user/password created in previous steps.

 

 user: powerconnect

password: as set when you created the user (above).

Both these parameters are case sensitive.

Splunk

 

Splunk HEC Key: This is the HEC token that can be found in Splunk Enterprise → Settings → Data Input → HTTP Event Collector - Enter the HEC token for the HEC endpoint you want to use.

Splunk HEC URL: This is the URL of the Splunk

·         indexer

·         heavyforwarder

That you are sending the data to. It must include http:// or https:// at the start and be a correct URL (example http://server.domainname.com:8088

It also needs to include the HEC ports (default: 8088) and can be found in the HEC settings

Splunk Enterprise → Settings → Data Input → HTTP Event Collector → Global Settings → HTTP Port Number.

If you are using SSL to connect from SAP → Splunk, you must ensure that:

·         The URL you enter here matches the CN in the certificate loaded in to the HEC endpoint, by default this is not true, Splunk comes delivered with a self signed certificate with CN=SplunkDefaultCert. This will not pass validation inside SAP.

·         This URL must be contactable from the SAP application server. You can test this using curl (unix/linux), or Invoke-WebRequest (Windows/PowerShell) to ensure SAP and connect successfully to the HEC endpoint and ensure there are no port blocks in place.

·         Ensure the HEC endpoint certificate (if it is self-signed) or the intermediate & root signed certificates in the HEC endpoint chain are loaded in to SAP.

If you want to send the data to multiple Splunk HEC endpoints, you can specify them comma delimited, however:

·         there must be the same number of HEC endpoints configured as HEC tokens

·         They must all use the same index name, and sourcetype

Example config for multiple HEC endpoints

HEC Url: http://server1.example.com:8088,http://server2.example.com:8088,http://server3.example.com:8088;

HEC Token:HEC-TOKEN1,HEC-TOKEN2,HECTOKEN3

This configuration will load balance the data across all 3 servers

server1.example.com

server2.example.com

server3.example.com

Splunk Index

This is the index in which the agent will store the data. You can specify only 1 (one) index, even if you have multiple HEC endpoints.

Splunk sourcetype

This is the sourcetype the data is tagged with when sent to Splunk, do not change this value.

 

Configuration work is finished now, data should be arrive in Splunk. If this is not the case, please view our PowerConnect Knowledge Base, the installation troubleshooting page or contact PowerConnect support.