Forward Analytics Data to Splunk

How to forward Analytics data to Splunk

Overview

Follow the steps in this guide to set up an NGINX Controller Integration that forwards data to Splunk .

Before You Begin

This guide assumes that you are already an active Splunk user. If you haven’t already done so, you will need to install and configure Splunk before you proceed.

You will also need to Create an Integration for your Splunk forwarder.

Create a Forwarder

Take the following steps to create a Forwarder for Splunk:

  1. Open the NGINX Controller user interface and log in.
  2. Select the NGINX Controller menu icon, then select Platform.
  3. On the Platform menu, select Data Forwarders.
  4. On the Data Forwarders menu, select the Create Data Forwarder quick action.
  5. Add a name.
  6. (Optional) Add a display name.
  7. (Optional) Add a description.
  8. Select your Integration Reference from the dropdown menu or select Create New to create a new Integration.
  9. In the Collector Type list, select SPLUNK.
  10. In the Source list, select the type of data to forward: metrics or events.
  11. In the Output Format list, select SPLUNK.
  12. The Selector field consists of the following query parameters (optional):
  • names (inapplicable for EVENTS): The list of metrics names that you want to forward.
  • excluded_names (inapplicable for EVENTS): The list of metric names that you don’t want to forward.
  • filter: The conditions to use to refine the metrics or events data.
  • Example usage when selecting metrics: "names=nginx.*&excluded_names=nginx.upstream.*filter=app='myapp'"
  • Example usage when selecting events: "filter=type='security violation' AND app='my-app'"
  1. (Optional) Add additional Streams as required using the Add Stream button.
Important:

Each metric will be prefixed with a common namespace – such as nginx-controller – before it is sent to Splunk. This prefix is used by Splunk only and is not applied to any of the internal NGINX Controller metrics. Refer to the metrics catalog for the full list of valid metric names.

In case of events, the “nginx-controller” namespace will be placed in the “source” key and sent with each event.

See Also:
See the NGINX Controller Metrics docs for more information.

What’s Next


This documentation applies to the following versions of NGINX Controller Documentation: 3.6, 3.7, 3.8, 3.9, 3.10, 3.12, 3.13, 3.14, 3.15, 3.16.1, 3.17 and 3.18.