Data Sources

The Data Sources page enables you to configure the datasources.

From the left navigation bar, click Configure and select Data Sources. You are now on Datasource Manager page.

The left-panel provides the list of active datasources available along with its health check. images/dsGreenIcon.png indicates that the datasource is healthy. images/dsRedIcon.png indicates that the datasource is experiencing some issues. It provides the search capability to search for the datasource(s).

Data Source Manager

You may click an active datasource in the left-panel to Modify Selected Datasource. By default, the right-panel provides you an option to Create Datasource.

Modify Selected Datasource

The left-panel provides the list of datasources available. It provides the search capability to search for the datasource you need to modify.

Modify Data Source

If a datasource is selected in the left-panel, the right-panel provides you with the datasource details for the datasource selected. You can view the datasource details or modify the configuration of the selected datasource.

As you modify the fields, real-time health checks are performed.

Buttons

The following buttons are available.

  • Restore - if you have modified an existing datasource and you want to restore the changes, click the Restore button.

  • Add Datasource - click this button to create a new datasource.

  • Save - if any field in the selected datasource has been modified, click the Save button to save your selected datasource configuration.

  • Delete - to delete an existing datasource, select the datasource from the left-panel first. In the upper-right corner, you may click Delete to delete the datasource. You will be asked to confirm the delete action.

    Prior to deleting a datasource, you must make sure that all tenants associated with the datasource are first unassociated.
    If you click OK in the Confirmation pop-up, the datasource will get deleted. This action cannot be undone.
If no datasource is selected in the left-panel datasource list, the buttons are not available. By default, you are on the page to create a new datasource. Please refer to section Create Datasource

Associate Tenants

  1. In the bottom panel, Associated Tenants lists the tenants associated with the selected datasource, if any.
  2. Click Associate tenants button to associate a tenant to the selected datasource. When you click this button, you are navigated to section Tenant Administration page.

Create Datasource

From the drop-down list , select the datasource type from the following options.

  • Elasticsearch

  • NMS

  • Splunk

    Datasources Elasticsearch and Splunk are used by the Logs Widget.
    As you enter the information in the fields, real-time health checks are performed.

Buttons

  • Restore - disabled when creating a datasource.

  • Add Datasource - this button becomes available only after you have entered a name for the datasource you are creating. Click this button to create a new datasource.

    Datasource will only be created if all the fields have valid data and you are able to connect to the server. Please click the Test connection button to ensure that the datasource you are creating is healthy.

  • Save - disabled when creating a datasource.

  • Delete - disabled when creating a datasource.


Elasticsearch

If needed, please contact IBM SevOne Support for details on how to create an Elasticsearch datasource.

Elasticsearch is a third-party datasource used by the Logs Widget. To install and configure elasticsearch, please refer to https://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-elastic-stack.html

Create Data Source - Elasticsearch
  1. Name - enter a unique name of the datasource you want to create for Elasticsearch.
  2. API Server - enter the Elasticsearch URL.
  3. Authentication
    1. Token - enter the API Token from your elasticsearch logging datasource.
    2. Credentials - enter elasticsearch username and password in the following fields.
      • Username - enter the elasticsearch username.
      • Password - enter the elasticsearch password.
    3. None - authentication type is not required.
  4. Column Mappings
    1. Device - enter the field for the host name in elasticsearch. For example, it can be host or reported_hostname.
    2. Severity ID - enter the severity Id. For example, severity_id.
    3. Timestamp - enter the Elasticsearch timestamp. For example, @timestamp.
      This must be an Elasticsearch date type field.
  5. Select Test connection button to confirm you can connect to the server.
  6. Click Add Datasource button in the upper-right corner to add the datasource.

NMS

Create Data Source - NMS
  1. Name - enter a unique name of the datasource you want to create.
  2. API Server - enter the SevOne NMS URL.
  3. Authentication
    1. Token - enter the generated API token from REST API. Please refer to section Generate API Key.
  4. Type - metrics can be METRICS/FLOW or FLOW.
  5. Select Test connection button to confirm you can connect to the server.
  6. Click Add Datasource button in the upper-right corner to add the datasource.

Splunk

Splunk is a third-party datasource used by the Logs Widget.

Prerequisites

To validate Splunk configuration, execute the steps below.

  1. Launch Splunk from your web browser.
    http://<enter Splunk IP address>:8000
  2. From Settings drop-down, under DATA, select Data Inputs.
  3. Under Local inputs, select UDP.
    Splunk Data Inputs
  4. Choose the UDP port to configure. For example, port 514 (for syslog) in the screenshot above.
    Splunk Select UDP
  5. Enter the source name to override in field Source name override. For example, Syslog in screenshot below.
  6. Enable check box More settings.
    Splunk UDP Port
  7. In field Host, validate DNS is selected. If not, please verify that Host can be changed to DNS before continuing with the steps below. Field Host must be DNS.
  8. Click Save.
  9. Run a query in Splunk to verify if the devices are in the host or the reported_host field. Click Search & Reporting in the left navigation bar.
    Splunk Search Reporting
  10. Click Data Summary button.
    Splunk Data Summary
  11. In Data Summary pop-up, click the Sources tab and then, click udp:514 for Syslog.
    Splunk Data Summary Popup

  1. In the left navigation bar under SELECTED FIELDS, click host or reported_hostname to obtain the values. From SevOne Data Insight, when creating a Splunk datasource, under Column Mappings > Device field, use host or reported_hostname.
    Splunk Host

Create Splunk Datasource

Create Data Source - Splunk
  1. Name - enter a unique name of the datasource you want to create for Splunk.
  2. API Server - enter the Splunk URL. For example, example.com/api or /api.
  3. Authentication
    1. Credentials
      • Username - enter the Splunk username.
      • Password - enter the Splunk password.
    2. None - authentication type is not required.
  4. (optional) Port - default port is 8089.
    Column Mappings
    1. Device - enter the field for the host name in SPLUNK. For example, it can be host or reported_hostname. For details on how to obtain this information, please refer to SPLUNK Column Mappings.
    2. Severity ID - enter the severity Id. For example, severity_id.
    3. Timestamp - enter the Splunk timestamp. For example, _time.
  5. Select Test connection button to confirm you can connect to the server.
  6. Click Add Datasource button in the upper-right corner to add the datasource.

Generate API Key

To generate an API Key, please execute the steps below.

  1. From you web browser, enter URL http:///api/v3/docs/. Please replace with the hostname or IP address of your SevOne NMS appliance.
    API Key - 1
  2. Select sevone.api.v3.Users.
  3. Select POST /api/v3/users/signin.
  4. Under Parameters, all the way to the right, locate the Model Schema field. Click on the field to copy its content to the body field.
  5. On the left side of the Parameters section, you will notice that the content now appears in the body field. Perform the following actions in the body field:
    1. After "password":, replace string with SevOne NMS password . Make sure to enter it within the quotes.
    2. After "username":, replace string with SevOne NMS username . Make sure to enter it within the quotes.
      API Key - 2
  6. At the bottom of the POST section, click the Try it out! button.
  7. Scroll down to the Response Body field. You should see a long alphanumeric string after "token". This is the token that you need to sign in. Copy it without the quotes.
    API Key - 3
  8. In the upper-right corner, locate bearer token field. Paste the token into this field. You should now have permissions to perform the operations.
  9. Scroll-up to POST /api/v3/users/apikey and select it.
  10. Under Parameters, all the way to the right, locate the Model Schema field. Click on the field to copy its content to the body field.
  11. On the left side of the Parameters section, you will notice that the content now appears in the body field. Perform the following actions in the body field: * After "application":, replace string with the name of the key. For example, SevOneKey. Make sure to enter it within the quotes.
  12. At the bottom of the POST section, click the Try it out! button.
  13. Scroll down to the Response Body field. You should see a long alphanumeric string after "apiKey". This is the API Key. Copy it without the quotes.
  14. Enter the API key in field API Token.