All Apps and Add-ons

Axway API Gateway Add-0n

userit922
New Member

Hello,

I would like to use the following Splunk addon for Axway API Gateway to facilitate the reading of API Gateway's logs on Splunk side:
https://splunkbase.splunk.com/app/4723/#/details

Did anyone use this addon so far? It's not clear to me what configuration should be done on Gateway's side. Does it need a token for authentication?

0 Karma

D2SI
Communicator

Hello Ana,

Open logging should be enabled on the gateway, with care (maybe not on prod right away, to evaluate the impact).

Then, when logging is enabled, logs are being written to local files as documented here: link text

Then you got to put this data into Splunk. And there are several ways to do so.

The simpler: You have a Splunk Universal Forwarder in the gateway, and it just monitor the file with a simple configuration like:

[monitor:///<INSTALL_DIR>/apigateway/logs/group-*_instance-*_traffic.log]
sourcetype = axway:apigateway:traffic:json
index = <index>
  • the configuration needed to route data to your Splunk (outputs.conf).

Our AWS scenario, not the simpler, but we had to do it that way: You have a CloudWatch agent on the Gateway that forwards the open logging data to a CloudWatch Log Group, which is pushed to Splunk HTTP Event Collector via Kinesis Firehose.

In that case, yes, you need to configure a token on the Splunk side with the HEC input:

[http://<input name>]
index = <index>
indexes = <index>
sourcetype = axway:apigateway:traffic:json
token = <token>
useACK = 1

And the token should also be configured on the Kinesis Firehose stream.

There is some documentation on how to create a Kinesis Forehose stream (i.e. link text), except you do not have to use a Lambda function.

I hope it will help!

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...