Splunk Integration
Was this helpful?
Was this helpful?
Caveat: each of the following integration directions was based on the UI when it was written. The UIs may change by the time you read this, so UI updates are beyond the scope of these articles. Please go to the integration target sites for their latest information on integration directions.
Splunk is an IT infrastructure platform for data collection from multiple online sources to use for, among other things, performance management, monitoring, and data analysis.
Note: To use Splunk with Synthetic Monitoring, you must sign up for a Splunk account.
The Splunk integration should work out of the box, but you may want to look into some customizations of the messages at the Splunk end.
In Splunk, Synthetic Monitoring can be used together to create a customized Dashboard view.
It is then possible to correlate monitoring metrics, such as Response Time and Received Bytes with Apica Synthetic Monitoring metrics from other services on the same dashboard.
In Synthetic Monitoring, Splunk can be used as a target in Synthetic Monitoring, Manage Alerts.
Sample views:
Splunk Dashboard
Alert Target
The Splunk alert targets use the Splunk REST API.
For the alerts to work with Splunk Cloud, this requires you to enter the correct host and user credentials settings.
Overview
More information
Splunk documentation:
For managed deployments, Splunk Support opens port 8089 for REST access. You can specify a range of IP addresses to control who can access the REST API.
For Splunk managed deployments, the target Splunk Host is on the format
<deployment-name>.cloud.splunk.com
You cannot use SAML authentication with the REST API.
The target Splunk Username to use for self-service deployments, the can be any valid Splunk User.
For self-service deployments, Splunk Support defines a dedicated user and sends you credentials that enable that user to access the REST API.
For self-service deployments, the target Splunk Host is on the format
input-<deployment-name>.cloud.splunk.com
Note the input- at the start of the URL.
You cannot use SAML authentication with the REST API.
The target Splunk Host needs to be the dedicated non-SAML user credentials dedicated user provided to you by Splunk Support.
The data collected from Synthetic Monitoring can be used in the usual ways in Splunk.
##
Splunk will pull data from WPM every 5 minutes and index the response:
You can now
Search for the data you want
create reports/dashboards:
With the Splunk Add-On installed, you can create an endpoint.
##
Then you add your headers, content, URL etc for the REST API that you want to pull data from – and you also specify how often you want to poll the data.
The Splunk REST API Modular Input plugin can be used to integrate Synthetic Monitoring with Splunk.
Install Plugin
With the REST API Modular Input you can pull data from a REST API (Synthetic Monitoring in this case) and index the response.
Install the plugin
More advanced data endpoints can be created by adding scripts in Splunk.
View
The Synthetic Monitoring [ASMDOCS: can be accessed from Splunk using the Splunk ] plugin.
Note: For access to Splunk REST API and SDKs for Splunk Cloud deployment, you need to submit a requesting access.
Download the plugin