Install Steps | PowerConnect

Overview

Installing PowerConnect for Splunk

1. Installation steps for Splunk app

Installation of Splunk App for PowerConnect at Splunk’s end requires the following steps to be completed in the order listed below.

1.1 Install Splunk Enterprise server (skip if Splunk is already installed)
1.2 Import the PowerConnect app into Splunk
1.3 Create an index for SAP to upload data
1.4 Create HEC Data Input
1.5 Information to pass on to SAP Team for SAP’s configuration for PowerConnect
1.6 Create a Role to control access for PowerConnect index
1.7 Create a user for PowerConnect access and assign the index

1.1 Install Splunk Enterprise server (skip if Splunk is already installed)

Install the Splunk Enterprise server according to the standard instructions. Generic install instructions are below.

Start by downloading and executing the splunk installer.

Click Install

Splunk is now installed

Login for first time

When you finish installing Splunk it will launch a browser and as you to log in and change the Admin password. Login using

user: admin

pw: changeme

And change the password

Splunk is now installed and running

1.2 Import the PowerConnect app into Splunk

Next we need to import the PowerConnect for Splunk application in to the Splunk server. This can be obtained from your local reseller as below OR you can use Find More Apps and download the compatible version directly from Splunkbase (search: PowerConnect)

Click on Apps -> Manage Apps

Click on the Install App from file

Click on browse and select the PowerConnect for Splunk APP .tar.gz file (Kindly make sure you are using the latest app https://splunkbase.splunk.com/app/3153/)

Select the checkbox [ ] Upgrade app. if PowerConnect for Splunk is already installed

Click Upload button

The app is now installed

1.3 Create an index for SAP to upload data

Select Settings -> Indexes

Click on New Index button in the top right corner

Give the index a name (sap) and set the default application to PowerConnect for Splunk

Click on Save

Index now exists

1.4 Create HEC Data Input

If it is a standalone system: HEC Data Input would be created in the systems where app was installed.

Ref Link: https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/UsetheHTTPEventCollector

If there is a distributed env:

Ref Link: https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/ScaleHTTPEventCollector

Select Settings -> Data Inputs

Select HTTP Event Collector

Click on New Token

Make sure token is enabled:

1.5 Information to pass on to SAP Team for SAP’s configuration for PowerConnect

HEC Index name: sap

HEC token value: 05efac0b-a874-434a-9c19-6033aa10f07a

HEC URL: http://splunktest.yourorg.com or https://splunktest.yourorg.com

(provide a fully qualified domain name URL in case of SSL setup)

HTTP Port: 8088 (it’s a default port, please validate if this hasn’t been changed by your organization)

SSL Certificate: Export and Share SSL Certificate .CER file

More information for SSL info and setup (skip if its a non-SSL config):

Validate HEC Port and SSL from below screen:
Click on Global Settings and let SAP team know if SSL is enabled or disabled.
Export SSL Certificate: In case of SSL, kindly provide ROOT CA certificate to SAP team. (or server self-signed certificate by following this KB: https://www.powerconnect.io/wiki/kb-095-splunk-create-self-signed-ssl-certificate-v2/ or refer: https://docs.splunk.com/Documentation/Splunk/8.0.3/Security/Howtoself-signcertificates)

Start by connecting to the Splunk server on port 8089 using HTTPS this will show you the certificate in use.

Open the certificate information

Next click Copy to file to export this certificate

1.6 Create a Role to control access for PowerConnect index

Click on Roles

Click on New

Create role sap and select Default app BNW-app-powerconnect

Multiple roles can be created and you can control access to different indexes by assigning them to different roles.

Click Save

1.7 Create a user for PowerConnect access and assign the index

Create a new user

Enter user name sap_user, and ensure the Default app is set to PowerConnect for Splunk

Add it to the sap group

Set a password

And click save

Assign Indexes to Role

To ensure Splunk searches the new index we have created we need to assign the sap group to the new index.

Click on Roles

Click on sap role

Scroll down to the Indexes Searched by Default and Indexes section

And add the sap index to the list of indexes searched by default and searchable indexes for all users in the role Users

Click Save

Finalizing

Now we have installed Splunk and created a user for SAP to use to upload the data, and an index for the SAP data to go in to. We also have a user to use to connect to Splunk to view the data.

Access User / Role / Index association

2. Installation steps for SAP Add-on

Installation of PowerConnect for Splunk requires the following steps to be completed in the order listed below.

If you wish to use HTTPS / SSL connection between SAP and Splunk please setup the SSL support in the ABAP engine using the steps listed here (link to Setting up HTTPS / SSL support).
Import the agent using TMS / SAINT
Activate BC Sets
Upload PowerConnect Roles
Start the PowerConnect for Splunk control panel in SAP using tcode /BNWVS/MAIN and Configure the connection between SAP and Splunk
Load HDB Scripts (HANA only)

2.1 Setting up HTTPS / SSL support in SAP (only if SSL is enabled at Splunk end)

By default, Splunk REST API listens on port 8089 and HEC on Port 8088 with SSL active. SAP supports SSL however some basic setup is needed to provide SSL functionality to the native HTTP client built in to the ICM to support HTTPS. You can disable SSL support in Splunk and use HTTP without SSL to communicate between SAP and Splunk however it is not recommended for a production environment, especially where Splunk traffic traverses a shared network or in a public or private cloud hosted solution for SAP or Splunk.

If you wish to enable SSL support in SAP ABAP, please follow the steps below.

Please note that the instructions below are for setting up SSL to Splunk with a default configuration that includes a self-signed certificate that is included into Splunk during installation.

Important Note(s):

If your Splunk Enterprise Server has a custom SSL certificate installed, the process is the same,however names you see in the examples will differ from the screen shots below.

If you connect to a Splunk server via a proxy server then you will need to install any certificates that may sign HTTPS requests that flow through it into SAP.

If you are unsure about how to configure SSL, or you get SSL chain-verify or peer verify errors in SAP log a support call. You will need a valid license and support agreement to get email and phone support.

Ensure that System environment variable SECUDIR is set, this normally points to the /usr/sap/<SID>/<Instance>/sec directory.
If further details are required for setting environment variables please refer to SAP OSS Note 1827566 – http://service.sap.com/sap/support/notes/1827566
Download the latest SAP Crypro library from SAP Marketplace and unpack into the instance executable directory
 http://support.sap.com/swdc -> Support Packages and Patches -> My Application Components -> SAPCRYPTOLIB
In transaction RZ10 set the following profile parameters into the Default.pfl profile parameters. A restart of you SAP system is required after saving updated profile.
In transaction STRUSTSSO2 activate the following SSL nodes:
- SSL Server Standard
- SSL Client SSL Client (Anonymous)
- SSL Client SSL Client (Standard)

Activate by right clicking on each node and selecting “Create” – The default entry can be used unless specific security policies must be adhered too.

Change Mode ->

Next we need to ensure the ROOT CA (or server self-signed certificate is installed in the ABAP system).

Start tcode STRUSTSSO2.

Highlight the hostname under node “SSL client SSL Client (Standard).

Click on the import button in the certificate section

Now enter the file path of the SplunkCommonCertificate saved in the previous step

Now the SplunkCommonCA certificate appears in the Certificate section, click on the Add to Certificate List button to add it to the Certificate List.

Click Save in the toolbar to save this change

Repeat this change for the following 2 nodes

SSL server Standard
SSL client SSL Client (Anonymous)

2.2 Import the agent using TMS / SAINT

Ensure Installation and Support Packages are unpacked into \usr\sap\trans\EPS\in directory

Client 000 -> Transaction SAINT

Install add-on

From the main screen in transaction SAINT select “Start”

Highlight the PowerConnect Add-on

Select “Continue”

Please select the highest Target Support Package available for the BNWVS add-on if there was any uploaded into SAINT.

Select “Continue”

You will then see a list all packages being installed.

Select “Continue”

Select “No” for Modification Adjustment transport

Select the “Start Options” button

Change to start in background

Change option to “Start in background immediately”

Select the “tick” to continue

Select the “tick” to start installation

Once installation is complete select “Finish”

The “BNWVS” add-on will now appear in installed add-on list

2.3 Activate BC Sets

BCSET contains the client-dependant data, thus should be activated in the production client.

In the BC Sets Field enter “\BNWVS\BCSET_500”

BC Set -> Activate

Create a transport for the BC Set activation – This transport will be imported into subsequent systems rather than running this transaction again.

Important note!
If the transport was not requested, please check the SCC4 settings for the current client.

The follow line will appear at the bottom of screen on complete.

To confirm successful activation, view the logs by going to Goto -> Activation Logs

2.4 Upload PowerConnect Roles

Add Transport to buffer

Ensure transport files are loaded into the usr\sap\trans\cofiles and \usr\sap\trans\data directories.

Transaction STMS

From the buffer of the system select Extras -> Other Requests -> Add

Select transport “N71K902646”

Select the “tick” and then “yes” to add to buffer

Select transport with the mouse and then from menu select Request -> Import

Ensure “Ignore Invalid Component Version” is selected.

Confirm the import by pressing ‘Yes’.

Upload PowerConnect Roles

Transaction PFCG

From menu Role -> Upload

Navigate to the directory where you have saved the roles and select one.

Confirm the import.

Carry out the same procedure for following roles:

Z_BNWVS_ADMIN_CHANGE.SAP
Z_BNWVS_ADMIN_CONTROL.SAP
Z_BNWVS_ADMIN_DISPLAY.SAP
Z_BNWVS_BATCHUSER.SAP

Generation Roles

From menu select Utilities -> Mass generation

In the role field enter “Z_BNWVS*”

Select Program -> Execute

Edit -> Select All

Roles -> Generate profile

Select “online”

Leave transaction

Assign Roles

Assign role Z_BNWVS_ADMIN_CHANGE to user who will administer PowerConnect and Z_BNWVS_BATCHUSER to user that will run the PowerConnect batch jobs. Z_BNWVS_ADMIN_CONTROL role will grant authorizations to view the config and start/stop PowerConnect jobs (no change access).

2.5 Activate PowerConnect and setup Splunk connection

Transaction /n/bnwvs/main

License definition

Following popup will be given after the first run:

Press Yes to define the license key.

Copy the key and paste it using the button on the toolbar (or put it directly in the text field):

Please ensure the status is OK/Green. Save the config and confirm changes.

Splunk system setup

Following options are available:

Target system – Single Splunk/OMS system, it will receive all collected metrics.
Target group – Can contain few Splunk/OMS systems, all metrics will be load balanced across all of them.

Choose necessary option and press Next.

Define the Splunk system name (free text) to be able to identify the Splunk system among others.

Press Create to proceed.

Enter Splunk/OMS system details according to the chosen option (Splunk HEC, Splunk REST, OMS):

Optional: connection test can be performed if needed to check the Splunk system availability and ensure the index is created. Check button should be pressed in this case.

Important: please ensure that HTTP scheme (http or https) and port are defined in the Host field.

Press Confirm button to save the config.

Press Next to proceed.

On this screen the upload target should be created and added into the distribution scheme.

Set Active flag to activate the Splunk target.

Optional: If the Target group is created beforehand, it is also possible to assign this particular target system to chosen Target Group to be able to load balance metrics (i.e. in case of Splunk several indexers). Add to the Group option should be set in this case:

Press Next to move to the next step.

The Splunk system setup has been completed. Please Confirm the setup or press New Target to create another target system/group.

Start job dialog

Once the Splunk/OMS systems have been setup, following dialog will be given to start collection/uploading jobs:

It is possible to select job class or define the system to run these jobs. This step can be skipped, so jobs are started manually from the Control Panel.

Notification email setup

Please define the Notification Email on the next screen:

This email will be stored in the config and used to send a reminder about license expiration.

Once all these steps are completed, PowerConnect Control Panel will be shown on the screen.

2.6 Load HANA DB Scripts (only for HANA DB)

If your SAP systems run on HANA you will need to upload the scripts to run extended queries.

Administrator -> Setup Metric -> HDB Queries

Select Upload file button

Navigate to where HDB_SCRIPTS.xml or HDB_SCRIPTS.zip file has been saved and select

Once uploaded, select scripts you want to run and then press “Save” from the top menu

Important note!
Please note that some scripts are not valid out of the box and should be adjusted based on your system setup (i.e. the predefined scheme is not valid). It is recommended to activate necessary scripts one by one to avoid potential errors.

3. Knowledge Base and support

For more information:

Kindly visit https://www.powerconnect.io/wiki/ for knowledge base articles.
Email to support@powerconnect.io