At the end of a recent blog post on DevOps Splunk integration with Apprenda, I teased an additional Splunk integration targeted at developers, specifically for applications. Today we are pleased to announce that the beta version of this developer-focused integration is now complete.

Why Two Integrations

The first integration I wrote about meets the needs of a number of uses cases we’ve seen in the wild. But that wasn’t enough. We wanted to create an integration with more fine-grained control of the type of information that will be stored in Splunk.

We also wanted to give Splunk administrators a method for separating data by index, versus having Splunk place everything in the main index. This gives operations teams a method for securing access to data in finer-grained groups.

Finally, we wanted to give developers an option to integrate with Splunk by enabling them to better utilize their existing logging investments in log4j and log4net.

Splunk Prerequisites

This new integration will make use of the Splunk REST API in order to create and write to Splunk indexes. Out of the box, the integration supports an index-per-dev-team model, though it could certainly be modified by the Apprenda Client Services team to support other configurations.
With this in mind, a Splunk account will need to be created that has the ability to create indexes and write to the indexes it creates. It will also need to be configured to receive messages from external sources. Outside of Splunk, appropriate ports will need to be open between Apprenda application nodes and the Splunk Enterprise server.

Application Prerequisites

This integration supports applications with existing calls to log4j and log4net. Existing appenders will be swapped out with libraries from the integration package by the application bootstrap policy. If the application doesn’t have log4net/log4j calls, functionality can be added by adding log4net/log4j functionality to your application or by using the Apprenda logging API, which will send log entries to Splunk when the integration is applied to your application.

Configuration

• Contact the Apprenda Client Services Team of Group for the Splunk Integration for Applications package. This will include an application bootstrap and libraries that will log to Splunk indexes in both Java and .NET.
• Set up the Custom Properties and Application Bootstrap Policies as per the provided instructions.
• There are a number of application settings that need to be set within an application in order to use this integration.
  • SplunkHost – The host of the Splunk instance setup to accept messages
  • SplunkPort – The port on which the Splunk instance is listening
  • SplunkUsername – Splunk username setup in Splunk Enterprise to create and modify indexes.
  • SplunkPassword – Password of the aforementioned account.
  • DevTeamAlias – The dev team alias (in Apprenda) for this application. This will be the name of the index to which messages will be sent.
  • ApplicationAlias – The application alias of the application running on the Apprenda platform. (If this is not known at design time it can be set via a conditional app configuration token)

At this point, the platform will use your existing log4net/log4j/Apprenda logging API calls to send data to the dev-team-name index in Splunk.

Conclusion

With this integration, applications will now be able to log to Splunk and fully use your existing investments to better serve your organization’s needs. If you plan to use this integration, we’d advise bookmarking this page, as any updates to the integration will be posted here.