Upgrading from Splunk Connector to Event Connector
This document provides comprehensive information on the upgrade of the Nexthink Splunk Connector to the Nexthink Event Connector.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us via Nexthink support portal.
This document is intended for readers with a detailed understanding of Nexthink technology.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
Last Revision: 25/03/2021
The legacy Splunk Connector has been extended to push events to other back-end systems. Since the scope has grown, the Splunk legacy connector has been renamed to the more generic, Event Connector.
The behavior for the Splunk feed has not changed, though the old installable has been renamed and minor modifications are required to upgrade from the Splunk Connector to the Event Connector, as described in the following table.
Default configuration path
Name of target cert. param.
Default log_conf_file path
Default log_file path
The upgrade process is described in the following sections. It can be completed by either maintaining the previous configuration or starting from scratch with a clean installation.
Upgrade Process (keeping configuration)
It is possible to migrate from the previous version of the Splunk Connector to the new version of the Event Connector while keeping the current configuration. This can be achieved with the following steps.
The configuration of the connector service can be found at /etc/nxsplunk/ by default. Navigate to this folder or the one used in the configuration, if different from default. Two different files should be present: config.conf and event.conf. Backup these files and move them to a temporary folder.
Uninstallation of an older version
Once the configuration files have been backed up, uninstall the former Splunk Connector package by opening a terminal session with a user holding administrative privileges and executing the following command:
$ yum remove nxsplunk
Installation of new version
Once the original Splunk Connector has been removed, please install the rpm package for the new Event Connector by executing (the user must have administrative privileges):
$ yum install nxeventconnector-x.x.x-x.el7.noarch.rpm
Please note that
x.x.x-x specifies the package version for the connector service rpm to be installed.
A prompt will appear asking which back-end tool the Event Connector should target. Type '1' when prompted in order to select Splunk.
The new configuration folder is /etc/nxeventconnector. Paste the backup of the config.conf and events.conf files into this new folder and edit the config.conf file to perform the following modifications:
Rename the parameter
verify_cert_splunk to verify_cert_target.
Change the value of the
log_conf_fileparameter to the new default path:
log_config_file = /etc/nxeventconnector/logging.conf
Change the value of the
log_fileparameter to the new default path:
log_file = /var/log/nxeventconnector/nxeventconnector.log
Upgrade Process (without the configuration)
If there is no need to keep the current configuration, please only follow the steps regarding the sections labelled Uninstallation of older version and Installation of new version from the previous section.
Nexthink provides support for the application in accordance with the terms and conditions of the Support and Maintenance Agreement applicable in between the customer and Nexthink. If you have any questions, please contact us via Nexthink support portal.