Skip to content

This add-on will get perforce log files enabling users to have a better overview of the system by analysing provided metrics

License

Notifications You must be signed in to change notification settings

splunk/splunk-addon-for-perforce

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Splunk Add-on for Perforce

Actions Status: test Latest release (latest by date) License

This add-on will get perforce log files enabling users to have a better overview of the system by analysing provided metrics.

Features

  • Get audit and performance data from Perforce Helix Core Server to build metrics
  • Ingested data will have different sourcetypes depending on the event type as depicted in table below
  • CIM compliance to ease integration with other services (best effort)
Eventtype Sourcetype Description
4,5 hx:errors Error events (errors-failed, errors-fatal)
6 hx:audit Audit events (p4 sync, p4 archive, etc)
7 hx:track:usage Performance usage tracking
8 hx:track:rpc Network performance tracking (incl. send/receive errors and duplex stats)
9 hx:track:db Database performance tracking (incl. lock times, peek)
10 hx:user User events; one record every time a user runs p4 logappend
11 hx:triggers Trigger events
12 hx:events Server events (startup, shutdown, checkpoint, journal rotation, etc.)
14 hx:track:networkestimates Network estimates
15 hx:integrity Major events that occur during replica integrity checking
16 hx:auth Login events
17 hx:route Log the full network route of authenticated client connections

Getting Started

Requirements

  • Structured server logs enabled on Helix Core Server. In particular, make sure the server is recording information into the following comma separated value files
    • audit.csv
    • auth.csv
    • errors.csv
    • events.csv
    • integrity.csv
    • route.csv
    • track.csv
    • triggers.csv
    • user.csv
  • Splunk Universal or Heavy Forwarder installed and properly configured

Installation

Splunk System Administrators are requested to:

  • Configure a new index (e.g. helix) which will be populated with events coming from the Helix Core Server
  • Install this app in the Universal / Heavy Forwarder
  • Configure the forwarder inputs.conf
    • make sure monitored log files exist in your Helix Core Server
    • modify index name if different from helix
    • enable data input

Usage

As soon as your data is indexed, build and enjoy your own analytics.

Troubleshooting

Helix Core Server commands

# Add P4AUDIT environment parameter at start
$ vi /etc/perforce/p4dctl.conf.d/master.conf 
    + P4AUDIT   =     ../logs/audit.csv
# Restart the whole server
$ p4dctl restart master
# Check current configuration
$ p4 configure show
# Perform login if p4 commands return nothing
$ p4 login

Check data is flowing in Splunk via SPL index=<YOUR_INDEX> (e.g. index=helix)

References

Contributing

License

Copyright 2022 Splunk Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

About

This add-on will get perforce log files enabling users to have a better overview of the system by analysing provided metrics

Topics

Resources

License

Stars

Watchers

Forks