Splunk® Dashboard Samples

XCOM Data Transport
provides an exit point facility to execute custom scripts at the end of a transfer. For more information about the various exit points and options, refer to  How to Use
XCOM Data Transport
Processing Scripts
.
Users can take advantage of the post-processing capabilities to send XCOM transfer details to Splunk®.  Splunk® dashboards can show the transfer events. Customers can combine the XCOM file transfer events with events of other applications to gain insights on the overall workflow. The Splunk® dashboards can also serve as a centralized monitoring facility for XCOM transfers.
XCOM comes with a sample Java client to demonstrate the process and XCOM sample dashboards can be accessed by installing
XCOM Data Transport
App on Splunk® Enterprise.
Configure Splunk® Enterprise to receive XCOM events
To configure the Splunk® Enterprise to receive transfer events from
XCOM Data Transport
, follow the below steps:
  1. Create a new source type with the name “xcom-source”.
  2. Create a new HTTP Event token with source type as “xcom-source” and index “main”.
  3. Enable the HTTP Event token with SSL.
For further details on how to generate the HEC token in Splunk® with SSL enabled, see the official Splunk® documentation.
How to use the Sample Splunk® Client Program with XCOM?
A sample Java client program and its source code are supplied with XCOM. There is also a Sample
xcomend_splunk
script that triggers the Java client program to create the XCOM transfer event and post the data to Splunk.
To use a sample Java client program and its source code, install XCOM r11.6 SP01 64-Bit + SO13520 (Linux),  SO13521 (AIX), SO13522 (Solaris Sparc), and SO13523 (Solaris x86).
Configure the XENDCMD parameter in xcom.glb to use the
$XCOM_HOME/splunk/xcomend_splunk
script.
The
xcomend_splunk
script is available in $XCOM_HOME/splunk and it has the call to JAR file towards the end.
Linux: $XCOM_HOME/JRE/1.8.0_162/bin/java -jar $XCOM_HOME/splunk/Splunk-client-1.0-SNAPSHOT-jar-with-dependencies.jar "$local_reqno" "$initiator" "$transfer_type" "$direction" "$start_time" "$end_time" "$remote_system" "$status" "$msg" "$status_msg" "$remoteuser" "$remote_reqno" "$file" "$remote_file" "$bytes" "https://server.domain.com:8088" "01234567-89ab-cdef-0123-456789abcdef" "main" "xcom-source" $HOSTNAME AIX: $XCOM_HOME/JRE/1.8.0_SR3_64Bit/bin/java -Djava.ext.dirs=$XCOM_HOME/JRE/1.8.0_SR3_64Bit/lib/ext -Dcom.ibm.jsse2.overrideDefaultTLS=true -jar $XCOM_HOME/splunk/Splunk-client-1.0-SNAPSHOT-jar-with-dependencies.jar "$local_reqno" "$initiator" "$transfer_type" "$direction" "$start_time" "$end_time" "$remote_system" "$status" "$msg" "$status_msg" "$remoteuser" "$remote_reqno" "$file" "$remote_file" "$bytes" "https://server.domain.com:8088" "01234567-89ab-cdef-0123-456789abcdef" "main" "xcom-source" $HOSTNAME Solaris Sparc: $XCOM_JAVA_HOME/bin/sparcv9/java -jar $XCOM_HOME/splunk/Splunk-client-1.0-SNAPSHOT-jar-with-dependencies.jar "$local_reqno" "$initiator" "$transfer_type" "$direction" "$start_time" "$end_time" "$remote_system" "$status" "$msg" "$status_msg" "$remoteuser" "$remote_reqno" "$file" "$remote_file" "$bytes" "https://server.domain.com:8088" "01234567-89ab-cdef-0123-456789abcdef" "main" "xcom-source" $HOSTNAME Solaris x86: $XCOM_JAVA_HOME/bin/amd64/java -jar $XCOM_HOME/splunk/Splunk-client-1.0-SNAPSHOT-jar-with-dependencies.jar "$local_reqno" "$initiator" "$transfer_type" "$direction" "$start_time" "$end_time" "$remote_system" "$status" "$msg" "$status_msg" "$remoteuser" "$remote_reqno" "$file" "$remote_file" "$bytes" "https://server.domain.com:8088" "01234567-89ab-cdef-0123-456789abcdef" "main" "xcom-source" $HOSTNAME
Update the "<Splunk URL>" "<Splunk HEC Token>" to appropriate values.
“<Splunk URL>” is of the form https://server.domain.com:8088
“<Splunk HEC Token>” of the form "12345678-abcd-ef01-2345-1234567890ab"
To avoid any detail to be sent to Splunk, remove the corresponding parameter name, but leave the empty quotes.
For example:
"$remoteuser"
as “”.
Modification of the Sample Client Program
To replace the supplied Java client with your modified source code, compile it by using the “mvn clean package” command. Apache Maven and JRE should be available on the system to compile the program. You can import the source code as a Maven project in any Java IDE and make the changes to the source code.
Installing the XCOM Sample App in Splunk®
To install the
XCOM Data Transport
app in your local Splunk®  Enterprise instance, follow the below steps:
  1. Open Splunk Enterprise home page in a web browser.
  2. On the home page, click on the Gear icon next to Apps to open the Manage Apps page.
  3. Click on “Install App from file”.
  4. Under Upload an app, click on Choose File and select the ca-xcom.spl file and click on Upload.
XCOM Data Transport
App should be installed and ready to use now.
For more details on Installing App using the command line or the GUI, see the official Splunk® documentation.
Restart your Splunk® instance to ensure that the changes are applied.
/opt/splunk/bin/splunk restart
To remove the app:
/opt/splunk/bin/splunk remove app ca-xcom
How to use Sample Dashboards
There are two samples that are supplied with XCOM.
Overall Summary Dashboard
Displays the transfers of all XCOM servers group by transfer status in a pie chart. On selecting any of the transfer statuses in a chart, a new chart will be displayed with details of the selected transfer status type group by the responsible XCOM server in a pie chart format. Clicking on any of the remote systems retrieves the details of transfers matching to the selection and displays it in table format. It also offers the time range filters to modify the time range of transfers to be displayed.
Transfer Activity of Selected XCOM Server
Displays a drop-down list of all XCOM servers along with a time range filter. Once the XCOM server is selected, it displays a summary of the transfer activity of the selected XCOM server group by a remote system in a pie chart. Clicking on any of the remote systems displays a new chart with a summary of transfers between the selected XCOM servers group by status. On selecting any of the transfer statuses in a chart, it retrieves the details of transfers matching to the selection and displays in table format.