Integration with Splunk

For this integration, we will utilize Splunk’s HTTP/HTTPS Event Collector (HEC).

The initial steps involve configuring Splunk to receive JSON data from the Mugnsoft Integrator. This entails creating an index named Mugnsoft in Splunk, enabling the HEC, and generating an access token. Subsequently, we will set up a Mugnsoft integrator component to forward monitor data to the designated Splunk instance.

Configure Mugnsoft’s integration with Splunk

Create the Mugnsoft index

Before you enable Http Event Collector, let’s define the index that will store our Mugnsoft’s monitors’ event.

1. Click Settings > Indexes.
2. Click New Index.
3. Give it the following name Mugnsoft. Please give that exact index name.
4. Save that Index.

Enable HTTP Event Collector

Before you can use Event Collector to receive events through HTTP, you must enable it. For Splunk Enterprise, enable HEC through the Global Settings dialog box.

1. Click Settings > Data Inputs.
2. Click HTTP Event Collector.
3. Click Global Settings.
4. In the All Tokens toggle button, select Enabled.
5. (Optional) Choose a Default Source Type for all HEC tokens. You can also type in the name of the source type in the text field above the drop-down before choosing the source type.
6. (Optional) Choose a Default Index for all HEC tokens.
7. (Optional) Choose a Default Output Group for all HEC tokens.
8. (Optional) To use a deployment server to handle configurations for HEC tokens, click the Use Deployment Server check box.
9. (Optional) To have HEC listen and communicate over HTTPS rather than HTTP, click the Enable SSL checkbox.
10. (Optional) Enter a number in the HTTP Port Number field for HEC to listen on. Note: Confirm that no firewall blocks the port number that you specified in the HTTP Port Number field, either on the clients or the Splunk instance that hosts HEC.
11. Click Save.

Create an Event Collector token

To use HEC, you must configure at least one token.

1. Click Settings > Add Data.
2. Click monitor.
3. Click HTTP Event Collector.
4. In the Name field, enter a name for the token.
5. (Optional) In the Source name override field, enter a source name for events that this input generates.
6. (Optional) In the Description field, enter a description for the input.
7. (Optional) In the Output Group field, select an existing forwarder output group.
8. (Optional) If you want to enable indexer acknowledgment for this token, click the Enable indexer acknowledgment checkbox.

9. Click Next.
10. (Optional) Confirm the source type and the index for HEC events.
11. Click Review.
12. Confirm that all settings for the endpoint are what you want.
13. If all settings are what you want, click Submit. Otherwise, click < to make changes.
14. Copy the token value that Splunk Web displays (we will need it when configuring Mugnsoft’s integrator).

Add/Update the Mugnsoft integrator with Spunk info

1. First navigate to the component web page.

2. Edit the Integrator component and save.

Update or add a Mugnsoft integrator component with Spunk info and the freshly created token. Do not forget to check the Enabled box.

Check your Splunk’s Search & Reporting dashboard

You will start receiving some events in Splunk.

Copy/paste the below SPL to get some statistics on your monitors global average response time.

index="Mugnsoft" name != '' | 
where isnull(transactionName) | 
stats avg(responseTime) as avg_responseTime by name | 
eval avg_responseTime=round((avg_responseTime),2) | 
rex field=name "'(?<name>.*)'" | 
rename name as "Monitor Name" | 
sort -avg_responseTime | 
rename avg_responseTime as "avg response time (sec)"

Example of Mugnsoft Splunk dashboard

We can provide an example Mugnsoft Splunk dashboard. Please contact us.

Disable the Mugnsoft/Splunk integration

If you want to stop sending the monitors’ data to Splunk. Edit the integrator component and uncheck the “Enabled” checkbox.