Hello,
I would like to use the following Splunk addon for Axway API Gateway to facilitate the reading of API Gateway's logs on Splunk side:
https://splunkbase.splunk.com/app/4723/#/details
Did anyone use this addon so far? It's not clear to me what configuration should be done on Gateway's side. Does it need a token for authentication?
Hello Ana,
Open logging should be enabled on the gateway, with care (maybe not on prod right away, to evaluate the impact).
Then, when logging is enabled, logs are being written to local files as documented here: link text
Then you got to put this data into Splunk. And there are several ways to do so.
The simpler: You have a Splunk Universal Forwarder in the gateway, and it just monitor the file with a simple configuration like:
[monitor:///<INSTALL_DIR>/apigateway/logs/group-*_instance-*_traffic.log]
sourcetype = axway:apigateway:traffic:json
index = <index>
Our AWS scenario, not the simpler, but we had to do it that way: You have a CloudWatch agent on the Gateway that forwards the open logging data to a CloudWatch Log Group, which is pushed to Splunk HTTP Event Collector via Kinesis Firehose.
In that case, yes, you need to configure a token on the Splunk side with the HEC input:
[http://<input name>]
index = <index>
indexes = <index>
sourcetype = axway:apigateway:traffic:json
token = <token>
useACK = 1
And the token should also be configured on the Kinesis Firehose stream.
There is some documentation on how to create a Kinesis Forehose stream (i.e. link text), except you do not have to use a Lambda function.
I hope it will help!