Configuring Mashery Local and Splunk to Support Monitoring

General Configuration Instructions

  1. A Splunk forwarder will need to be installed and configured on Mashery Local to send the access_log data as it is generated
  2. A Splunk receiver will need to be configured if using Splunk Enterprise. A Splunk receiver comes automatically enabled with the Splunk Web interface available in Trial Accounts.
  3. Optionally, the Splunk Forward input file (/etc/system/local/inputs.conf file) can be configured to:
    1. Specify a host which can be different for each node in a cluster.
    2. Specify a specific index in Splunk to hold the forwarded data.

Detailed Configuration Instructions

These diagrams show the relationship of the Splunk forwarders to the Splunk Indexer / Receiver. The Splunk forwarders would be installed on each Mashery Local node.



To perform the installation of the universal forwarder, you do not need to have administrator rights.

To use the forwarder, you do not need elevated privileges, but the user that the forwarder runs as must have read access to the resources that you want to monitor and forward. Mashery's regular administrator access is sufficient.

  1. Sign up for a Free Splunk Cloud Trial Account at splunk.com.
  2. Once the registration is complete, click on Settings from the top menu bar and then → Add Data on the left of the dropdown.

  3. Click on forward icon to set up a Splunk forwarder.

  4. Click on Setup new forwarder.

  5. Follow instructions 1-4 on this page. This step is not needed for the Splunk Cloud Trial.

  6. Click on the link to Download the Universal Forwarder client (aka <splunk_forwarder_client_filename>). Click on the Download Now button to the right of the Linux 64-bit .tgz file option.

  7. Accept the terms and download the file.
  8. Create a folder for the Splunk forwarder application on Mashery Local. The Administrator will have access to put these files in the /var/logforwarder folder.
  9. Transfer the file from your computer to Mashery Local. scp <splunk_forwarder_client_filename> administrator@<mashery_local_ip_address>:/tmp/app/.

    For example: scp splunkforwarder-7.0.3-fa31da744b51-Linux-x86_65.tgz administrator@xxx.xxx.xxx.xxx:/tmp/app

  10. Log in to the Mashery Local instance.
  11. Install the Universal Forwarder
    1. cd to the app folder (ex: cd /tmp/app)
    2. Extract the application: tar xvzf <splunk_forwarder_client_filename>
    3. This will create a <splunkforwarder_folder> with all of the files needed to run the forwarder.
  12. Start splunk
    1. cd <splunkforwarder_folder>/bin (Example: cd /tmp/app/splunkforwarder/bin)
    2. Start Splunk: ./splunk start
  13. Download Splunk Credentials.
  14. Transfer Splunk Credential file to Mashery Local:
    1. scp <splunk_credential_file> administrator@<mashery_local_ip_address>:/tmp/app/splunkforwarder/

      Example: scp splunkclouduf.spladministrator@xxx.xxx.xxx.xxx:/tmp/app/splunkforwarder/

  15. Install Splunk Credentials:
    1. On Mashery Local instance, cd /tmp/app
    2. Install Splunk Credentials: ./splunk install app <full path to splunkclouduf.spl> -auth admin:changeme

      Example: ./splunk install app ../splunkclouduf.spl -auth admin:changeme

    3. Type y to Agree with the license.

  16. Restart Splunk: ./splunk restart.
  17. Configure splunk to watch the access log:
    1. <splunk_bin_folder>/splunk add monitor /var/log/trafficmgr/access/access.log
    2. Enter the splunk default username and password (admin/changeme)
  18. Restart Splunk: ./splunk restart
  19. Make some sample API calls and verify that they are being logged to the Mashery Local access.log file.
  20. View results in Splunk.
    1. In your browser, sign in to your Splunk account.
    2. Click on App → Search & Reporting

    3. Enter index="main" in the search terms and click on the search icon to search.