Splunk®Dashboard Samples

XCOM Data Transport for Windows
provides an exit point facility to execute custom scripts at the end of a transfer. For more information about the various exit points and options, refer to  How to Use
XCOM Data Transport for Windows
Processing Scripts
.
Users can take advantage of the post-processing capabilities to send XCOM transfer details to Splunk®.  Splunk® dashboards can show the transfer events. Customers can combine the XCOM file transfer events with events of other applications to gain insights on the overall workflow. The Splunk® dashboards can also serve as a centralized monitoring facility for XCOM transfers.
XCOM comes with a sample Java client to demonstrate the process and XCOM sample dashboards can be accessed by installing CA XCOM App on Splunk® Enterprise.
Configure Splunk® Enterprise to receive XCOM events
To configure the Splunk® Enterprise to receive transfer events from
XCOM Data Transport for Windows
, follow the steps:
  1. Create a new source type with the name
    xcom-source
    .
  2. Create a new HTTP Event token with the source type as
    xcom-source
    and index
    main
    .
  3. Enable the HTTP Event token with SSL.
For further details on how to generate the HEC token in Splunk® with SSL enabled, see the official Splunk® documentation.
How to use the Sample Splunk® Client Program with XCOM?
A sample Java client program and its source code are supplied with XCOM. There is also a Sample
xcomend_splunk
script that triggers the Java client program to create the XCOM transfer event and post the data to Splunk.
To use a sample Java client program and its source code, install: XCOM Windows r11.6 SP03 + SO13419
Configure the XENDCMD parameter in xcom.glb to use the
xcomend_splunk
script.
The
xcomend_splunk.bat
script is available in %XCOM_HOME%/Splunk and it has the following line towards the end:
"%XCOM_JAVA_HOME%\bin\java.exe" -jar "%XCOM_HOME%\Splunk\Splunk-client-1.0-SNAPSHOT-jar-with-dependencies.jar" %local_reqno% %initiator% %transfer_type% %direction% %start_time% %end_time% %remote_system% %status% %errmsg% %statusmsg% %remoteuser% %remote_reqno% %file% %remote_file% %bytes% "<Splunk Enterprise URL>" "<Splunk HEC Token>" "main" "xcom-source" %COMPUTERNAME%
Update the "<Splunk URL>" "<Splunk HEC Token>" to appropriate values.
“<Splunk URL>” is of the form https://server.domain.com:8088
“<Splunk HEC Token>” of the form "12345678-abcd-ef01-2345-1234567890ab"
To avoid any detail to be sent to Splunk, remove the corresponding parameter name, but leave the empty quotes. For example:
"$remoteuser"
.
Modification of the Sample Client
To replace the supplied Java client with your modified source code, compile it by using the “mvn clean package” command. Apache Maven and JRE should be available on the system to compile the program. You can import the source code as a Maven project in any Java IDE and change the source code.
Installing the XCOM Sample App in Splunk®
To install the
XCOM Data Transport for Windows
app in your local Splunk® Enterprise instance, follow the below steps:
  1. Open
    Splunk Enterprise
    home page in a web browser.
  2. On the home page, click on the Gear icon next to
    Apps
    to open the
    Manage Apps
    window.
  3. Click
    Install App from file
    .
  4. Under
    Upload an app
    , click
    Choose File
    and select the ca-xcom.spl file from
    %XCOM_HOME%/Splunk
    and click
    Upload
XCOM DataTransport App installation completed successfully and ready to use.
For more details on Installing App using the command line or the GUI, see the official Splunk® documentation.
Restart your Splunk® instance to ensure that the changes are applied.
cd "C:\Program Files\Splunk\bin”
splunk restart
To remove the app:
cd "C:\Program Files\Splunk\bin” splunk remove app ca-xcom
How to use Sample Dashboards
There are two samples that are supplied with XCOM.
Overall Summary Dashboard
Displays the transfers of all XCOM servers group by transfer status in a pie chart. On selecting any of the transfer statuses in a chart, a new chart will be displayed with details of the selected transfer status type group by the responsible XCOM server in a pie chart format. Clicking any of the remote systems retrieves the details of transfers matching to the selection and displays it in the table format. It also offers the time range filters to modify the time range of transfers to be displayed.
Transfer Activity of Selected XCOM Server
Displays a drop-down list of all XCOM servers along with a time range filter. Once the XCOM server is selected, it displays a summary of the transfer activity of the selected XCOM server group by a remote system in a pie chart. Clicking any of the remote systems displays a new chart with a summary of transfers between the selected XCOM servers group by status. On selecting any of the transfer statuses in a chart, it retrieves the details of transfers matching to the selection and displays in the table format.