I am testing out the Splunk App for Jenkins (v.1.0.7) on my Proof of Concept instance of Splunk (v6.6.0), but I am having problems with it working properly, specially the field extractions. The downloaded app is checked into our Git repo, which pushes it out to the Splunk Search Cluster Deployer and down the a 4-node Search Cluster using Splunk's built in deployment processes.
As shown below, I have setup both the Jenkins plugin and Splunk app, which is feeding in plenty of data under the four indexes created under the app. Looking through the related Jenkin events, everything looks fine to me.
However, when I switch over to the dashboards within the app, every panel is completely blank. The only thing that seems to be working is the "Jenkins Master" dropdown option within each dashboard page.
After doing some digging, I have found that none of the custom field extractions that come with the app are working. I only see the normal index, sourcetype, souce, host, splunk_server, etc. key/value pairs when I run searches from the dashboards. An example search string and all of the resulting fields returned are provided below.
- Search string: index=jenkins_statistics (host="jenkins-etsb.tools.expedia.com" )
- host
- index
- source
- sourcetype
- linecount
- splunk_server
I also noticed that the only field extraction showing in the UI is the "source::jenkins://... : EXTRACT-username" or the first one in the props.conf file under the app. I even commented out the entire "[source::jenkins://...]" stanza to see if it was causing problems, than nothing showed up in the fields extraction.
The really strange part is when I run the btool command against the Splunk App for Jenkins app and the props.conf settings, everything from the props.conf file appear to be loaded without issues. (And, yes I have both restarted the Splunk service and ran a debug-refresh command several times).
[root@ip-10-0-18-18 ~]# /opt/splunk/bin/splunk cmd btool props list --app=splunk_app_jenkins
[json:jenkins]
INDEXED_EXTRACTIONS = json
KV_MODE = none
LEARN_MODEL = false
TRUNCATE = 0
category = Structured
description = JavaScript Object Notation format.
pulldown_type = true
[json:jenkins:old]
KV_MODE = json
LEARN_MODEL = false
TRUNCATE = 0
category = Structured
description = JavaScript Object Notation format.
pulldown_type = true
[source::.../job_event]
EVAL-build_plan = if(type="completed" AND isnull('test_summary.total'), job_name, NULL)
EVAL-duration = duration * 1000
EVAL-fail_count = 'test_summary.failures'
EVAL-id = coalesce(id, build_url)
EVAL-pass_count = 'test_summary.passes'
EVAL-skip_count = 'test_summary.skips'
EVAL-status = case(job_result=="SUCCESS", "Successful", job_result=="FAILURE", "Failed", job_result=="UNSTABLE", "Unstable", job_result=="ABORTED", "Aborted")
EVAL-test_suite_id = if(type="completed" AND isnotnull('test_summary.total'), job_name, NULL)
EVAL-testless = if(isnull('test_summary.total'), 1, 0)
[source::jenkins://...]
EXTRACT-username = ^\<!--\<!\[CDATA\[(?P<username>.*?)\]\]\>--\>\n(?P<jenkins_config>.*)
KV_MODE = xml
[text:jenkins]
LEARN_MODEL = false
SHOULD_LINEMERGE = false
TRUNCATE = 100000
category = Miscellaneous
pulldown_type = true
