Skip to main content

Hi all,

I am trying to send metrics from Centreon to our Splunk instance, but have not had any success.  I followed the steps here: https://docs.centreon.com/docs/integrations/data-analytics/sc-splunk-metrics/.

When I run the curl command at the bottom of that page to test the connection with Splunk, it works and the event shows up in Splunk as expected.  However, none of the actual metrics from Centreon show up.  If I enable curl command logging in the stream connector, I can copy one of the curl commands and run it manually.  The Splunk HTTP Event Collector responds with a 200/OK status, but the event never appears in Splunk.

To simplify things, I tried sending a service_status or host_status event pulled directly from the documentation page above.  That also gives a 200/OK response code, and never arrives in Splunk.  Changing sourcetype, source, index, host, time, etc. does not seem to fix the issue.

Does anyone else have this working, and if so how did you do it? I would be happy to provide any details that are needed to help troubleshoot.  Thanks!

Hello :)

Can you tell me if I well understand your issue :
- curl command provides in documentation works fine and http return code 200
- in your logfile (default value: /var/log/centreon-broker/splunk-metrics.log) you see curl commands and if you copy/paste them it works with http return code 200

Can you show us your broker configuration (Configuration > Pollers > Broker configuration) and also the contain of your logfile to help us to isolate where the sending events function stops? If you can, set the log_level parameter to 2 to have more informations in your logfile.

Reply


Terms & ConditionsCookie settings