All Apps and Add-ons

MongoDB Monitoring: I need help with installation of this add-on

New Member

I can't find that much information on how to install this add on.

Splunk Server already has the app installed.
I download the .tgz file from and extracted it in /splunkforwarder/etc/apps but I notice there is not script in the folder.

I know I have to configure data inputs for admin, collection stats and database stats. But how is this going to get recognized without installing the add on on the mongo instance?

Thanks in Advance

0 Karma


I'm not sure what you are trying to do on a forwarder?
You should not install it on the forwarder but in etc/apps directory.

MongoDB Admin
To receive administrative events from MongoDB hosts, enable a mongo_admin data input under Settings > Data Inputs > MongoDB Admin

MongoDB Collection Stats
To fetch collection statistics from MongoDB hosts, enable a mongo_collstats data input under Settings > Data Inputs > MongoDB Collection Stats

MongoDB Database Stats
To fetch database statistics from MongoDB hosts, enable a mongo_db data input under Settings > Data Inputs > MongoDB Database Stats

MongoDB Logs
There are 3 ways to get MongoDB logs into Splunk:

set up a file monitor on the Splunk Universal Forwarder to tail mongod.log on all MongoDB hosts
configure mongod to send logs to Splunk via syslog
configure the MongoDB Monitoring app to collect logs via the MongoDB Client API by adding a data input under Settings > Data Inputs > MongoDB Logs
The MongoDB Monitoring app applies field extractions to the mongod sourcetype. By default the dashboards expect MongoDB logs to reside in the mongodb index with sourcetype mongod. You can change this by modifying the mongo_index and mongo_sourcetype macros under Settings > Advanced search > Search macros.

0 Karma

New Member

I have done all the steps mentioned above. I created a monitor for mongod.log When I go to the MongoDB Monitoring dashboard everything is empty. No data is being received form anywhere.

0 Karma

New Member

I've also configured the data inputs and made sure that my cluster hosted in Atlas is accessible from my machine. However the Splunk docker images renders the dashboard empty.

Can someone please shed some light on this?

0 Karma