Overview :
In this article, we will walk through the step-by-step procedure for configuring Splunk as a custom destination in the API Gateway to enable the logging of data into Splunk. Splunk is a popular platform for managing massive volumes of machine-generated data and searching for information. In practical scenarios, it’s advisable not to grant access to your API Gateway platform for monitoring transactions. Instead, a more secure approach involves logging essential information into Splunk and granting access to monitor and query in the respective Splunk indexes.
Create Splunk Account :
- Navigate to the Splunk platform by clicking here and create your account.
- Once you create your account, you will receive an email from the Splunk team. Follow the link provided in the email to verify your account.
- After verifying your account, log in to access your account dashboard. You’ll notice a banner prompting you to start your free trial. Simply click the button to begin your trial.
- Once you start your free trial, you will get an email with the Splunk platform address and credentials.
- Click on the Splunk address and log in using your password. You will be prompted to update your password; please proceed to update it.
Create Splunk Index:
- Creating an index is crucial in Splunk to categorize and organize data for effective analysis.
- Click on the ‘Settings‘ dropdown and select the ‘Indexes‘ option to create an index.
- When you are on the Index page, click the ‘New Index‘ button, fill in the details below, and then save it.
- Searchable retention (days): Provide the number of days the data should be available to search or analyze.
Create HTTP Event Collector in Splunk :
Creating an HTTP Event Collector is crucial. We will configure the Splunk index within it and generate a token. This token will then be utilized to configure a custom destination in the API Gateway.
- Click on the ‘Settings‘ dropdown and select the ‘Data Inputs‘ option.
- Once you are on the Data Inputs page, locate ‘HTTP Event Collector‘ and click on the ‘Add New‘ button next to it.
- Give it a name and click on the ‘Next‘ button.
- Choose the index that we’ve created, and click on Review and Submit it.
- Once you submit it, you will be able to see the token. Copy that and save it somewhere.
Create a Custom destination in API Gateway :
- Login to API Gateway and go to the Administration page.
- In the Administration page navigate to the Destination tab.
- At the bottom of the left-side panel, you will find the ‘Custom destinations‘ option. Click on it.
- Click the ‘Add Custom Destinations‘ button, fill in the details below, and create the destination.
- Name: Give a name to the destination.
- Endpoint URI: https://Splunk-platform URL:8088/services/collector/raw.
- Expand Request processing and Headers.
- In the “Header Name” field, select ‘Authorization‘, and in the “Value” field, enter ‘Splunk Token‘ as an example, like ‘Splunk XXXXXX‘.
- Once you fill in the header details click on the ‘Add‘ button on the right.
- In the Events section, choose the events that you want to populate in Splunk and set the Publish interval (minutes) to 1.
- Once you fill everything in, click on the ‘Add‘ button to complete the custom destination creation.
Configure Spunk for Logging in API Policy :
- Open any API and click on the edit button.
- Navigate to the Policy tab and invoke the ‘Log Invocation‘ policy under the ‘Traffic Monitoring‘ policy.
- If you will see the Policy properties of the ‘Log Invocation‘ policy then you will see the Splunk option available.
- Choose the Splunk option, select the data you wish to log into Splunk, and then save the API settings.
- Now call the API from Postman, and navigate to Splunk.
- In the Splunk Search section search with index=”your index name” and search it you will able to see the logs populated in Splunk.
Hope you have enjoyed this article, Cheers!!
Very informative!