Version 1.9.10

- feature: index and search time configuration for the nmon-logger-splunk-hec package

docs/releasenotes.rst

@@ -16,6 +16,22 @@ Requirements
 What has been fixed by release
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
+=======
+V1.9.10:
+=======
+
+**CAUTION: For Splunk 6.5 and later (for prior versions of Splunk, see requirements below)**
+
+This is a major release of the Nmon application and the TA-nmon:
+
+Migration from 1.7.x and prior: http://nmon-for-splunk.readthedocs.io/en/latest/upgrade.html#migrating-from-release-prior-to-version-1-7-x
+
+Migration from 1.8.x: http://nmon-for-splunk.readthedocs.io/en/latest/upgrade.html#migrating-from-release-prior-to-version-1-9-x
+
+For the TA-nmon complete release notes: http://ta-nmon.readthedocs.io/en/latest/releasenotes.html
+
+- feature: index and search time configuration for the nmon-logger-splunk-hec package (agent less package using the Splunk http input)
+
 =======
 V1.9.9:
 =======

nmon/app.manifest

@@ -5,7 +5,7 @@
     "id": {
       "group": null, 
       "name": "nmon", 
-      "version": "1.9.9"
+      "version": "1.9.10"
     }, 
     "author": [
       {
@@ -33,7 +33,7 @@
       "uri": null
     }, 
     "releaseNotes": {
-      "name": "version 1.9.9, please consult online documentation",
+      "name": "version 1.9.10, please consult online documentation",
       "text": "./README.md", 
       "uri": "nmon-for-splunk.readthedocs.io/en/latest/releasenotes.html"
     }

nmon/default/app.conf

@@ -16,4 +16,4 @@ label = NMON Performance by Octamis
 [launcher]
 author = Guilhem Marchand
 description = Splunk for NMON Performance provides an Enterprise class Application to exploit NMON Performance Monitor Data on AIX, Solaris and Linux Systems
-version = 1.9.9
+version = 1.9.10

nmon/default/data/ui/views/Home.xml

@@ -1,6 +1,6 @@
 <dashboard script="autodiscover.js,panel_resize.js" stylesheet="Home.css,hover.css,hide_timeindicator.css" hideEdit="true" isVisible="true">
     <label>NMON Performance Monitor</label>
-    <description>NMON Performance Monitor for Unix and Linux Systems - Version 1.9.9</description>
+    <description>NMON Performance Monitor for Unix and Linux Systems - Version 1.9.10</description>
 
     <!-- Take the tour ! -->
 	<row>

nmon/default/data/ui/views/Home_AIX.xml

@@ -1,6 +1,6 @@
 <dashboard script="autodiscover.js,panel_resize.js" stylesheet="Home.css,hover.css,hide_timeindicator.css" hideEdit="true" hideTitle="false" isVisible="true">
     <label>NMON Performance Monitor for AIX</label>
-    <description>AIX NMON Performance Monitor - Version 1.9.9</description>
+    <description>AIX NMON Performance Monitor - Version 1.9.10</description>
 
     <!-- Take the tour ! -->
 	<row>

nmon/default/data/ui/views/Home_LINUX.xml

@@ -1,6 +1,6 @@
 <dashboard script="autodiscover.js,panel_resize.js" stylesheet="Home.css,hover.css,hide_timeindicator.css" hideEdit="true" hideTitle="false" isVisible="true">
     <label>NMON Performance Monitor for Linux</label>
-    <description>NMON Performance Monitor for Unix and Linux Systems - Version 1.9.9</description>
+    <description>NMON Performance Monitor for Unix and Linux Systems - Version 1.9.10</description>
 
     <!-- Take the tour ! -->
 	<row>

nmon/default/data/ui/views/Home_SOLARIS.xml

@@ -1,6 +1,6 @@
 <dashboard script="autodiscover.js,panel_resize.js" stylesheet="Home.css,hover.css,hide_timeindicator.css" hideEdit="true" hideTitle="false" isVisible="true">
     <label>NMON Performance Monitor for Solaris</label>
-    <description>NMON Performance Monitor for Unix and Linux Systems - Version 1.9.9</description>
+    <description>NMON Performance Monitor for Unix and Linux Systems - Version 1.9.10</description>
 
     <!-- Take the tour ! -->
 	<row>

nmon/default/props.conf

@@ -694,3 +694,58 @@ TRANSFORMS-syslog = syslog-host
 
 # Rewrite sourcetype to standard nmon_clean
 TRANSFORMS-cleandata_fromsyslog = nmon_clean_fromsyslog_rewrite
+
+##############################################
+#			SPLUNK HEC (HTTP INPUT)
+##############################################
+
+# It is possible to forward nmon data over HTTP using the nmon-logger-hec package
+
+# the package is available at: https://github.com/guilhemmarchand/nmon-logger
+
+# In this scenario, the nmon-logger is deployed on servers, it produces the nmon data and stream directly
+# to your indexers using the Splunk HTTP input
+
+# This is "no Universal Forwarder" deployment scenario, which means the package is totally independent
+
+### nmon_data ###
+
+[nmon_data:fromhttp]
+SHOULD_LINEMERGE=false
+NO_BINARY_CHECK=true
+CHARSET=UTF-8
+TIME_FORMAT=%s
+TIME_PREFIX=timestamp="
+MAX_TIMESTAMP_LOOKAHEAD=26
+KV_MODE=auto
+
+# Rewrite host Metadata on a per event basis
+TRANSFORMS-http-host = http-host
+
+# Additional: In full extracted mode, we want 2 basic Nmon extracted at indexed time
+TRANSFORMS-nmon_data_kv_createindexed_time = nmon_data_kv_createindexed_OStype, nmon_data_kv_createindexed_type
+
+# Rewrite the source Metadata to manage search time extraction
+TRANSFORMS-perfdata_rewrite_meta = nmon_data_fromhttp_rewrite_host, nmon_data_fromhttp_rewrite_source, nmon_data_fromhttp_rewrite_sourcetype
+
+# For search heads, activate kvmode to auto for that source
+[source::perfdata:http]
+KV_MODE=auto
+
+### nmon_config ###
+
+[nmon_config:fromhttp]
+BREAK_ONLY_BEFORE=timestamp="
+MAX_EVENTS=100000
+NO_BINARY_CHECK=1
+SHOULD_LINEMERGE=true
+TIME_FORMAT=%s
+TIME_PREFIX=timestamp="
+TRUNCATE=0
+
+# Rewrite the source Metadata to manage search time extraction
+TRANSFORMS-configdata_rewrite_meta = nmon_config_fromhttp_rewrite_host, nmon_config_fromhttp_rewrite_source, nmon_config_fromhttp_rewrite_sourcetype
+
+# For search heads
+[source::configdata:http]
+KV_MODE=none

nmon/default/transforms.conf

@@ -263,3 +263,46 @@ FORMAT = sourcetype::nmon_processing
 DEST_KEY = MetaData:Sourcetype
 REGEX = \snmon_clean:\s
 FORMAT = sourcetype::nmon_clean
+
+##############################################
+#			SPLUNK HEC SPECIAL SECTIONS
+##############################################
+
+### nmon_data ###
+
+# nmon_data host
+[nmon_data_fromhttp_rewrite_host]
+DEST_KEY = MetaData:Host
+REGEX = hostname=\"([^\"]*)\"
+FORMAT = host::$1
+
+# nmon_data source
+[nmon_data_fromhttp_rewrite_source]
+DEST_KEY = MetaData:Source
+REGEX = .*
+FORMAT = source::perfdata:http
+
+# nmon_data sourcetype
+[nmon_data_fromhttp_rewrite_sourcetype]
+DEST_KEY = MetaData:Sourcetype
+REGEX = .*
+FORMAT = sourcetype::nmon_data
+
+### nmon_config ###
+
+[nmon_config_fromhttp_rewrite_host]
+DEST_KEY = MetaData:Host
+REGEX = AAA,host,\"{0,}([a-zA-Z0-9\-\_\.]+)\"{0,}
+FORMAT = host::$1
+
+# nmon_config source
+[nmon_config_fromhttp_rewrite_source]
+DEST_KEY = MetaData:Source
+REGEX = .*
+FORMAT = source::configdata:http
+
+# nmon_config sourcetype
+[nmon_config_fromhttp_rewrite_sourcetype]
+DEST_KEY = MetaData:Sourcetype
+REGEX = .*
+FORMAT = sourcetype::nmon_config