Upgrading from Splunk Connector to Event Connector
Last updated
Was this helpful?
Version 6.30
Last updated
Was this helpful?
This document provides comprehensive information on the upgrade of the Nexthink Splunk Connector to the Nexthink Event Connector.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
Last Revision: 16/10/2023
The legacy Splunk Connector has been extended to push events to other back-end systems. Since the scope has grown, the Splunk legacy connector has been renamed to the more generic, Event Connector.
The behavior for the Splunk feed has not changed, though the old installable has been renamed and minor modifications are required to upgrade from the Splunk Connector to the Event Connector, as described in the following table.
Service name
nxsplunk
nxeventconnector
Default configuration path
/etc/nxsplunk
/etc/nxeventconnector
Name of target cert. param.
verify_cert_splunk
verify_cert_target
Default log_conf_file path
/etc/nxsplunk/logging.conf
/etc/nxeventconnector/logging.conf
Default log_file path
/var/log/nxsplunk/nxsplunk.log
/var/log/nxeventconnector/nxevent
connector.log
The upgrade process is described in the following sections. It can be completed by either maintaining the previous configuration or starting from scratch with a clean installation.
It is possible to migrate from the previous version of the Splunk Connector to the new version of the Event Connector while keeping the current configuration. This can be achieved with the following steps.
The configuration of the connector service can be found at /etc/nxsplunk/ by default. Navigate to this folder or the one used in the configuration, if different from default. Two different files should be present: config.conf and event.conf. Backup these files and move them to a temporary folder.
Once the configuration files have been backed up, uninstall the former Splunk Connector package by opening a terminal session with a user holding administrative privileges and executing the following command:
$ yum remove nxsplunk
Once the original Splunk Connector has been removed, please install the rpm package for the new Event Connector by executing (the user must have administrative privileges):
$ yum install nxeventconnector-x.x.x-x.el7.noarch.rpm
Please note that x.x.x-x specifies the package version for the connector service rpm to be installed.
A prompt will appear asking which back-end tool the Event Connector should target. Type '1' when prompted in order to select Splunk.
The new configuration folder is /etc/nxeventconnector. Paste the backup of the config.conf and events.conf files into this new folder and edit the config.conf file to perform the following modifications:
Rename the parameter verify_cert_splunk to verify_cert_target.
Change the value of the log_conf_file parameter to the new default path:
log_config_file = /etc/nxeventconnector/logging.conf
Change the value of the log_file parameter to the new default path:
log_file = /var/log/nxeventconnector/nxeventconnector.log
If there is no need to keep the current configuration, please only follow the steps regarding the sections labelled and from the previous section.
Nexthink provides support for the application in accordance with the terms and conditions of the Support and Maintenance Agreement applicable in between the customer and Nexthink. If you have any questions, please contact us via .
