Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to configure Splunk app for Jenkins?

bsuresh1
Path Finder
‎03-28-2017 12:45 AM

Hi All,
I have been asked to install "Splunk app for Jenkins" in my environment. I have installed it on Search Head 1 (SH1) as that is the SH where all my customers have access and they run reports, searches, create dashboards, etc.,

After installing the app, my customer have asked to provide below three information as in the below documentation:
link:(https://wiki.jenkins-ci.org/display/JENKINS/Splunk+Plugin+for+Jenkins)

  1. Indexer host name
  2. HTTP Input port
  3. HTTP Input Token

As I have 8 indexers in my environment, I have thought of giving any one indexer name but while creating a HTTP token as per the below link, I am being asked to mention index name and source type as per the below documentation. Atleast I will give sourcetype as Automatic but I want to know which index to be selected. As the HTTP token generation was being done on SH1, it showed few new indexes like jenkins, jenkins_artifact, jenkins_console and jenkins_statistics. I believe these got created while installing the jenkins app.
Link:(http://dev.splunk.com/view/event-collector/SP-CAAAE7C)

In this case, should I give "Indexer host name" or "Search Head name" to the customer as the data from Jenkins is going to be sent to "Jenkins" index which is on SH1.

I tried to create the http token on Indexer1 but it is not populating four jenkins indexes which I mentioned above.

Is it good practise to install this type of Apps on SH?
Is the port 8088 is default port? Can this be changed? If yes, how?

0 Karma
Reply

hardikJsheth
Motivator
‎03-30-2017 10:20 PM

No thats not the right practise. Ideally data collection should not happen on Search Head Node. It should take place on Heavy Forwarder.

If you use Heavy Forwarder, you will need to give that host name to your customer to configure data inputs on Jenkins server.

0 Karma
Reply

txiao_splunk
Splunk Employee
Splunk Employee
‎03-30-2017 10:13 PM

I think below link may help
High volume HTTP Event Collector data collection using distributed deployment
Configure an NGINX load balancer for HTTP Event Collector

You can setup a load balancer to forward data to 8 indexers and use that load balancer address as input host name in the plugin config, and load balancer port (maybe 443) as input port.

You need create the 4 indexes (jenkins, jenkins_artifact, jenkins_console and jenkins_statistics) manually if the app is not installed on indexer.
You can also change the default port 8088, see the screenshot on HEC setup

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...