Upgrading from Splunk Connector to Event Connector

Introduction

This document provides comprehensive information on the upgrade of the Nexthink Splunk Connector to the Nexthink Event Connector.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us via Nexthink support portal.

This document is intended for readers with a detailed understanding of Nexthink technology.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

Version: 1.5.0

Last Revision: 16/10/2023

Introduction

The legacy Splunk Connector has been extended to push events to other back-end systems. Since the scope has grown, the Splunk legacy connector has been renamed to the more generic, Event Connector.

The behavior for the Splunk feed has not changed, though the old installable has been renamed and minor modifications are required to upgrade from the Splunk Connector to the Event Connector, as described in the following table.

The upgrade process is described in the following sections. It can be completed by either maintaining the previous configuration or starting from scratch with a clean installation.

Upgrade Process (keeping configuration)

It is possible to migrate from the previous version of the Splunk Connector to the new version of the Event Connector while keeping the current configuration. This can be achieved with the following steps.

Backup configuration

The configuration of the connector service can be found at /etc/nxsplunk/ by default. Navigate to this folder or the one used in the configuration, if different from default. Two different files should be present: config.conf and event.conf. Backup these files and move them to a temporary folder.

Uninstallation of an older version

Once the configuration files have been backed up, uninstall the former Splunk Connector package by opening a terminal session with a user holding administrative privileges and executing the following command:

$  yum  remove  nxsplunk

Installation of new version

Once the original Splunk Connector has been removed, please install the rpm package for the new Event Connector by executing (the user must have administrative privileges):

$  yum  install  nxeventconnector-x.x.x-x.el7.noarch.rpm

Please note that x.x.x-x specifies the package version for the connector service rpm to be installed.

A prompt will appear asking which back-end tool the Event Connector should target. Type '1' when prompted in order to select Splunk.

Restore configuration

The new configuration folder is  /etc/nxeventconnector.  Paste the backup of  the config.conf and events.conf files into this new folder and edit the config.conf file to perform the following modifications:

• Rename the parameter verify_cert_splunk to verify_cert_target.

• Change the value of the log_conf_file parameter to the new default path:

log_config_file  =  /etc/nxeventconnector/logging.conf

• Change the value of the log_file parameter to the new default path:

log_file  =  /var/log/nxeventconnector/nxeventconnector.log

Upgrade Process (without the configuration)

If there is no need to keep the current configuration, please only follow the steps regarding the sections labelled Uninstallation of older version and Installation of new version from the previous section.

Support

Nexthink provides support for the application in accordance with the terms and conditions of the Support and Maintenance Agreement applicable in between the customer and Nexthink. If you have any questions, please contact us via Nexthink support portal.