Splunk Add‑Ons allow you to import and enrich data from any source, creating a rich data set that is ready for direct analysis or use in a Splunk App. Add-Ons and AppsĪnother important feature of Splunk is the ability to extend its functionality by the way of Add‑Ons and Apps. If you are having trouble deciding on the best method for your environment, see Choosing a Forwarder, or not on the Splunk blog for guidance.Īfter feeding your NGINX Plus log and API data into Splunk Enterprise you can use the powerful Splunk Search Processing Language (SPL) to filter, analyze, report and graph your data in various ways, turning your data into a powerful tool for troubleshooting NGINX, root cause analysis, measuring performance, or tracking business results from your applications. We’re providing instructions for both the Splunk universal forwarder and syslog log‑collection methods so that you can choose the one that works best for you. In this case, you can configure NGINX Plus to transmit log data directly to the indexer by way of syslog. In some deployment scenarios you might not want or be able to deploy the Splunk universal forwarder on each NGINX Plus instance. The forwarder can also make changes to the data before it is sent to the indexer, allowing you to mask sensitive information before it is sent to Splunk. One of the most powerful features of the Splunk universal forwarder is the ability to forward fields from the log events when the data is presented in either key‑value pairs or a structured format such as CSV or JSON. Splunk uses an agent called the Splunk universal forwarder to listen to specific log files on a given server and forward the data to the Splunk indexer. What is Splunk and How Can It Help?īefore we get started with the nitty‑gritty details of setting up the Add‑On to collect data from your NGINX Plus deployment, let’s look at Splunk’s architecture, showcasing the features that make it a powerful tool for turning your NGINX Plus logs and API data into valuable operational intelligence. For brevity, we’ll refer to NGINX Plus only for the rest of the blog, except where there is a difference between the two products. Note: Except as noted, the instructions in this blog apply to both NGINX and NGINX Plus. Using Splunk Search Processing Language to begin analyzing your dataĪfter setting up the Splunk Add‑On for NGINX and NGINX Plus, you’ll have a wide array of valuable statistics to search and report on within your Splunk environment.Enabling the Splunk Add‑On to read in data directly from the the NGINX Plus live activity monitoring API. ![]() Configuring logging for NGINX and NGINX Plus.Installing the Splunk universal forwarder.Installing the Splunk Add‑On for NGINX and NGINX Plus.This blog provides step‑by‑step instructions for downloading and configuring the Add‑On, including the following topics: and Splunk have teamed up to offer the Splunk Add‑On for NGINX and NGINX Plus, which assists with indexing both NGINX log data and NGINX Plus API data, so you can glean valuable information about your NGINX or NGINX Plus deployment and the applications running within your infrastructure. Splunk® Enterprise is data collection and analysis software that makes it simple to act on the untapped value of the big data generated by your technology infrastructure, security systems, and business applications – giving you the insights to drive operational performance and business results.
0 Comments
Leave a Reply. |