Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to fetch logs for VMware Carbon Black Cloud App for Splunk

Carbon Black Cloud: How to fetch logs for VMware Carbon Black Cloud App for Splunk

Environment

  • Carbon Black Cloud Web Console: All Versions
  • Splunk: 8.x (On-Premise only)
  • VMware Carbon Black Cloud App for Splunk: 1.x

Objective

Retrieve app logs in Splunk 8.x while troubleshooting an issue with VMware Carbon Black Cloud App for Splunk

Resolution

  1. Using a shell prompt on the appropriate Splunk node, go to the folder $SPLUNK_HOME/bin in *nix or %SPLUNK_HOME%\bin in Windows
  2. Run the following command, according to which Splunk node is experiencing the issue:
    1. Main app (single instance or distributed) 
      splunk diag --collect=app:vmware_app_for_splunk
    2. IA/Input Add-on (on Heavy Forwarder; distributed instance only)
      splunk diag --collect=app:IA-vmware_app_for_splunk
    3. TA/Technology Add-on (on Indexer; distributed instance only) 
      splunk diag --collect=app:TA-vmware_app_for_splunk
  3. This will generate a file in the Splunk home directory named: diag-<server name>-<date>.tar.gz

Additional Notes

  • This article is for general reference purposes
  • If any difficulties are encountered while gathering Splunk logs, please contact Splunk for support
  • Customers using Splunk Cloud Platform will need assistance from Splunk support

Related Content


Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Author:
Creation Date:
‎10-20-2021
Views:
716
Contributors