My fault, simply forget that there was a script involved 
Updated first post.
Hi Jotne,
Can you please help me setup log analyze for hotspot user.
viewtopic.php?f=2&t=134530
What is wrong with the “MikroTik Hotspot login/logout information” in the app?
Is there something that does not work?
Hello to the whole community.
Jotne thank you very much for all your work, the truth is great.
I was able to make almost everything work. I just can not make the following work:
MikroTik uPnP
MikroTik Firewall data usage
Mikrotik DHCP pool information
The rest works well for me. I created the dsa certificate and I imported it in the mikrotik, but when using the private key to connect to the mikrotik, it always asks for a password. The user created in the mikrotik for the use of ssh has no password and neither the certificate is created with a password. I can not make it work anyway. something similar happened to you, you could solve it. Who can guide me in this. Thank you very much.
You are welcome.
You need to get this to work:
https://wiki.mikrotik.com/wiki/Use_SSH_to_execute_commands_(DSA_key_login)
It shows all steps needed to preform. If the example does not work, then Splunk will neither.
Hello, thanks for answering. Try that tutorial but I can not make it work as indicated in that tutorial.
But after many trials and errors, I managed to make it work using RSA 2048 keys generated with Puttygen. After this I try to use the bash script that is in / opt / splunk / etc / apps / MikroTik / bin and it runs fine but it does not bring me any information for the modules:
MikroTik Firewall data usage
Mikrotik DHCP pool information
MikroTik uPnP
I do not know if I needed to create some rule or something else in the mikrotik because I can not make these modules work. The one that interests me the most is the MikroTik Firewall data usage. Could you guide me a little more ?. Thank you.
Look in this folder:
splunk/etc/apps/MikroTik/bin
There you should have these files:
dsa_mikrotik_private
mikrotik_accounting.sh
mikrotik_dhcp_pool_information.sh
mikrotik_upnp.sh
When in the bin filder run the DHCP script like this:
./mikrotik_dhcp_pool_information.sh
You should no see what is going on. If all is ok, you should see the DHCP information.
It its important that the private dsa key is in this folder, if not script will not connect.
Thanks to this I found that in addition to the files that you mentioned, I had to change the user and execution group to which the splunk application belonged in order to make the connection by ssh. But I still do not work the module that I need the -MikroTik Firewall data usage.
You could show me how the information brings you because I can not find what it could be.
Here I show you a print of how the query is configured according to what the tutorial indicates
each query with the private ip range corresponding to my internal network.
And here is the result of executing the mikrotik_accouting script from the console.
It does not bring anything when executing this script so please check if you had a rule or something else that allows you to collect the metric of this module.
if you can, you can send me an image of what you have to do with the execution of that script to see and orient me. I thank you very much for your time and patience.
keep in mind logging uses CPU resources, if you log very frequent actions you will have significant increase on CPU usage
If I know, but in my case the use of my CPU is more than calm and we’ll see later.
chechito you use this app to monitor your mikrotik or some other?
I do not see your picture in your post, so can not see what is wrong.
But I did find some important thing that i did forget.
After you have copied the files to the splunk, you do need to do this.
NB!! files in folder splunk/etc/apps/MikroTik/bin needs to be executable. Do this:
chmod +x *.sh
Thanks for answering. i can see the picture. but anyway I give you the link of the image.
Here I show you a print of how the query is configured according to what the tutorial indicates
each query with the private ip range corresponding to my internal network.
http://subirimagen.me/uploads/20180627145629.jpg
And here is the result of executing the mikrotik_accouting script from the console.
http://subirimagen.me/uploads/20180627150139.jpg
what you mention of giving him permission to execute with chmod + x to the bash script, had already done it. All scripts are executed correctly. but when I run the mikrotik_accounting script it does not bring me information. That’s why I asked you if you could show me an image of how you bring the information to you so I can have a clearer idea of what I may be missing.
Ups
It looks correct from the foto, so you got communication.
Found one more important setting that needs to be turned on. Accounting.
Web Gui
IP-> Accounting → Enable Accounting → mark - Apply
I have set threshold to 2560 (not sure what is default)
Updated 1st post.
Yeah!!! Only that important configuration was missing. Now, if you show me the traffic in the Firewall data usage module. Thank you very much, really an excellent job. I would like to learn more about the development of dashboard, what do you recommend?
threshold is 256 for default.
You are welcome.
Its not always easy to recreate steps done to get it to work.
I would love if I could these type of data us SNMP instead for script, or Router could send it out as a bulk of data every x second to Syslog.
You should see what data you have and then try to figure how to present it.
Dashboard is some complicated but not to hard.
I always try out things in search to see how it may looks like, then convert it to dashboard.
I am thinking of adding a panel with CPU/memory/uptime etc.
The truth is an excellent work and much more because you publish it that way without more that is much more admirable. I really do not know anything about this world of dashboards but I would love to learn a little more and your dashboard is a great help. If you need to try something more than what you implement, do not hesitate to tell me I think something could help you.
Jotne
Hi, I have a doubt. Is it normal for this graphic to show it that way?
http://subirimagen.me/uploads/20180629155928.jpg
because before he showed it to me like this:
http://subirimagen.me/uploads/20180629155744.jpg
Can you guide me what could be ?. Thank you
It has to do with the time schedule.
You could either sample more often, example every minute insted of every 5 minutes. But this would then load the MikroTik more.
Or you could zoome out showing over a bigger time periode. Example last 4 hour insted of last hour.
Your first graph goes from 5:25 to 5:35, only 30 minutes. it would then not draw line.
Second graph shows last 24 hour,
Thank it work,I do not know what happened. Only i restarting the splunk and it works again.
Hi Jotne:
Summing up, I already managed to make almost all the modules work. The only things that do not work for me are MikroTik uPnP and MikroTik Vol / Temperatur. In both modules he says “No results found.”
For the MikroTik Vol / Temperatur module perform the following:
In the Mikrotik - System - Logging - Topics:! Snmp> Prefix: MikroTik> Action: Remote
In the Mikrotik - Ip - SNMP - Enable: yes - Trap Community: public - Trap version: 1.
In communities Name: public> Address: 192.168.1.237 (My splunk)
In the srv splunk the file inputs.conf was edited as follows:
http://subirimagen.me/uploads/20180706111352.jpg
From the splunk application, install the SNMP-Trap-listner module and it is configured as follows:
http://subirimagen.me/uploads/20180706110247.jpg
I do not know what else to configure, in the general search (* snmp) in splunk it appears:
http://subirimagen.me/uploads/20180706110646.jpg
With regard to the MikroTik uPnP module perform the following:
In the mikrotik the access is configured by ssh and it works ok.
In the mikrotik IP - UPnP - Enable: yes - Interfaces configure both Bridge-WifiLAN networks as internal and WAN1 as external interfaces. Even so, in splunk he says “No results found.”
If it occurs to you that I may be missing, I would appreciate your help again.