Using Metrics Toolkit with Bundled Splunk Dashboards
This document covers steps to setup and integrate Splunk with Metrics-Toolkit (formerly metrics accelerator/framework) in the local Windows environment. To be more specific, we will be installing Splunk to capture and visualize the metrics on dashboards. We’ll be making use of the pre-built dashboards that come bundled with the Metrics-Toolkit.
Now, we can either install and use Splunk directly in the local environment or we can also deploy it in a Docker container. For this guide, we will be using the Docker option.
Also, since the Metrics-Toolkit repository has not been updated in a while, for this guide, we are using version 9.0.3 of Splunk for better compatibility. However, you should be able to use the latest versions just as fine.
Let’s begin...
Pre-requisites
- Installed Docker Desktop - Link
If you are using WSL 2 Based Engine in Docker instead of Hyper-V backend, then make sure that your .wslconfig file (Refer - Link) has an entry for allocating atleast 4 GB memory to WSL 2 VM.
Press Windows + R and type %UserProfile% then hit Enter. If there is no file named .wslconfig here, then create a text file and change its name (and extension) to .wslconfig
Type following in that text file and save it -
memory=4GB
- Imported Metrics-Toolkit Code from GitHub in Anypoint Studio - Link
- Mulesoft Anypoint Platform Account and Connected Apps Credentials set up as mentioned in the Metrics-Toolkit Documentation
- Anypoint Studio and Java (Be sure to verify that AnypointStudio.ini file’s -vm path is pointing to the JDK you are using).
For this demo, I am using JDK 11.0.17 - Link. Alternatively, you can also use Amazon Corretto 11 - Link. But MuleSoft recommends JDK 8 for best compatibility in Anypoint Studio and Cloudhub deployments. I have also correctly configured %JAVA_HOME% and Path system environment variables in Windows.
Anypoint Studio being used is version 7.14 and its AnypointStudio.ini file has following entry -
C:\Program Files\Java\jdk-11.0.17\bin\javaw.exe
Installing Splunk
Open Windows Command Prompt (Admin).
Type this command and hit enter to pull Splunk 9.0.3 image -
After that is done, type the following command to verify that you have successfully downloaded the image in your local environment -
Next, we type the following command to create a docker network named splunk -
Now, type the following command to create Splunk container named spdemo -
In this command, you provide a password for the default account - admin in the SPLUNK_PASSWORD field. The password must adhere to Splunk’s minimum complexity requirements.
Another thing to note is that, -d will make sure that the container setup process happens in the background. It means that you will be able to use or just exit the command prompt window without affecting the setup process.
Click on the spdemo container in Docker Desktop. Under the Logs tab, you will find the startup logs.
As this completes, you should find following messages in the Command Prompt window -
Let’s test our Splunk installation before proceeding further. In your browser go to this address -
It will ask for Username & Password. Type admin as the username and password you used in the previous command. Click Sign In and you should be able to see Splunk>Enterprise Home Page.
This confirms that Splunk is up and running fine. This completes the installation part for Splunk.
Configuration
We can now proceed with the configuration part. Assuming that the Splunk container is up and running, open the Splunk portal -
Login with the same admin credentials as used in the installation steps.
We’ll begin by creating two data indexes. From the top menu, click on Settings and then under the Data heading, click Indexes.
Next, click on the New Index button and in the Index Name field, enter metrics. No need to modify the rest of the fields and just click Save.
Similarly create another index with the name platform_benefits.
Now we will generate a http event collector token. Click on Settings and this time under the Data heading, click Data inputs. Click on HTTP Event Collector.
On the next screen, let’s verify global settings first, so click on the Global Settings button. Make sure that - All Tokens field is set to Enabled; Enable SSL check box is unchecked; and HTTP Port Number is 8088. Click Save.
Now, click on the New Token button. A token configuration wizard will show up on the screen. Give the token a name of your choice in the Name field. For this demo, I am using mtk-token as the name. Click Next.
On this page, under the Index heading, make sure to select the two indexes (metrics, platform_benefits) you just created in the Select Allowed Indexes field. Click Review and in the next screen click Submit.
You will receive a message - Token has been created successfully. Copy the Token Value to a notepad window. We will use it in the next steps.
Now, let’s send data from Metrics-Toolkit and test if we are able to receive something or not.
Load the metrics-toolkit project in your Anypoint Studio and open the following file -
Here, we make changes to specific fields as following -
This configuration change translates as following – Metrics-Toolkit will fetch data from Anypoint Platform every minute (CRON format - Link) using the Connected App credentials and feed that data into Splunk.
Now, go to this path -
Make a copy of _template.yaml file in the same folder and refactor its name to app-dev.yaml
In this newly created file, put down the respective credentials but encrypt them first using Secure Properties Tool - Link
orgId: "![ENCRYPTED_AP_ORGANIZATION_ID]"
clientId: "![ENCRYPTED_AP_CONNECTED_APPS_CLIENT_ID]"
clientSecret: "![ENCRYPTED_AP_CONNECTED_APPS_CLIENT_SECRET]"
splunk:
token: "![ENCRYPTED_HTTP_EVENT_COLLECTOR_TOKEN]"
Don’t forget to provide your encryption key in Run configuration as environment variables – mule.key
Run the application and wait. If all goes well, then the Console View in Anypoint Studio should log this message every minute – Metrics Aggregated Successfully.
Now, we make use of the pre-built dashboards in the Metrics-Toolkit repository.
On the Splunk portal, click on Search & Reporting under the Apps menu. Here, open the Dashboards tab and click on Create New Dashboard button.
A small window will popup but leave it as is for now and go to this path-
You will find a bunch of *.xml files here. These are pre-built dashboards that come bundled with Metrics-Toolkit. Pick any one of them and open it in a text editor like Notepad. Leave this Notepad window open for now as we'll be copying this entire code in upcoming steps.
Now, go back to the Splunk portal’s New Dashboard pop up. Here in the Dashboard Title field, enter the name of the *.xml file you picked (You can give any name you want, I am just trying to be organized). Select the Classic Dashboards option. Do NOT select the Dashboard Studio option because they are based on JSON code while the Classic Dashboards are XML based. Click Create and a blank dashboard will show up on your screen.
We are almost done now, just alongside the Edit Dashboard heading, you’ll see toggle buttons - UI | Source. Click on Source and that will switch the window to XML code view. Delete all existing code lines here.
Now go back to that Notepad window you left open and copy the entire code from it. Paste that code in the Splunk dashboard code view. Click Save.
That’s it. You’ll see the pre-built charts on the dashboard based on the *.xml file code you picked and with live data from Anypoint Platform (you may have to click on the Refresh button manually though).
Troubleshooting Common Issues
Known Issue #1
If you are unable to access the Splunk portal and receiving following error in the Docker container logs -
It is likely due to some other application or unfinished uninstall. Restarting your machine should take care of it. If not, you may need to review if some other application is using port 8000.
Known Issue #2
If you get the following or similar error in Anypoint Studio -
This could mean that you may have not unchecked the Use SSL checkbox in HTTP Event Collector Global Settings or your port 8088 is not mapped with a Splunk container. I would suggest you to read this blog again & use all code snippets carefully to figure out what you missed.
Comments
Post a Comment