Forward Analytics Data to Splunk
How to forward Analytics data to Splunk.
Follow the steps in this guide to set up an NGINX Controller Integration that forwards data to Splunk.
This guide assumes that you are already an active Splunk user. If you haven’t already done so, you will need to install and configure Splunk before you proceed.
You will also need to Create an Integration for your Splunk forwarder.
Take the following steps to create a Forwarder for Splunk:
Open the NGINX Controller user interface and log in.
Select the NGINX Controller menu icon, then select Platform.
On the Platform menu, select Data Forwarders.
On the Data Forwarders menu, select the Create Data Forwarder quick action.
Add a name.
(Optional) Add a display name.
(Optional) Add a description.
Select your Integration Reference from the dropdown menu or select Create New to create a new Integration.
In the Collector Type list, select
In the Source list, select the type of data to forward:
In the Output Format list, select
The Selector field consists of the following query parameters (optional):
EVENTS): The list of metrics names that you want to forward.
EVENTS): The list of metric names that you don’t want to forward.
filter: The conditions to use to refine the metrics or events data.
- Example usage when selecting metrics:
- Example usage when selecting events:
"filter=type='security violation' AND app='my-app'"
(Optional) Add additional Streams as required using the Add Stream button.
Each metric will be prefixed with a common namespace – such as
nginx-controller– before it is sent to Splunk. This prefix is used by Splunk only and is not applied to any of the internal NGINX Controller metrics. Refer to the metrics catalog for the full list of valid metric names.
In case of events, the “nginx-controller” namespace will be placed in the “source” key and sent with each event.
See the NGINX Controller Metrics docs for more information.
- Refer to Troubleshooting Forwaders for tips on resolving common issues.