All Apps and Add-ons

Need Guidance on Configuring Splunk InfluxDB Connect App.

pramit46
Contributor

I have installed the app. Now while configuring I am providing below information:

InstanceName- unq_instance_name1
Hostname- IP of the search head. I have also installed influxdb there. In fact I have also used the machine name, as well
Port- 8086
Database- telegraf [default influxdb database name automatically created by telegraf application]
Username- this is the part where I'm confused. I used 'root', referring some old documentation. I also used 'user' after referring influxdb config file. Went in vain
Password- same issue as the username

Can you guys please let me know if I am going wrong at any point? I have been trying to configure this and still unable to do that. I do't see much of helpful documentations on the web either.

0 Karma
1 Solution

Yasaswy
Contributor

Hi pramit,

Username and password are for the "influxdb" database. It has to match whatever username you have defined for the database in influxdb.

If you need info on setting one up you can find details here
Let me you if you need more help setting the app up.

View solution in original post

0 Karma

imanr
New Member

Is there any plan to release a complete README file or instruction document for this app?

Thanks,
Iman

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @imanr, Welcome to the Splunk community. I converted your "Answer" post to a "comment". Please use the correct button when posting to help keep the forum organized.
For this new question it could help as well if you create a new question so that others who have the same question can find your post along with the answer, and because it is not 100% aligned with the question in this post, which was resolved in 2016.

0 Karma

Yasaswy
Contributor

Hi pramit,

Username and password are for the "influxdb" database. It has to match whatever username you have defined for the database in influxdb.

If you need info on setting one up you can find details here
Let me you if you need more help setting the app up.

View solution in original post

0 Karma

pramit46
Contributor

Thanks a lot for replying @Yasaswy.

I see, Auth is set to false, by default:

[http]
enabled = true
bind-address = ":8086"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = false
https-certificate = "/etc/ssl/influxdb.pem"
max-row-limit = 10000

But in splunk, I need to put some data in those two text boxes. I can not skip them and add an instance

0 Karma

Yasaswy
Contributor

Correct. The current app supports only an auth enabled (Set to "true") scenario. I do agree adding capability to support unauthenticated exports will make it more extendable. This will need some code changes. I can include this in the next release.

For now, if you have access on the influxdb side, enabling user authentication is the cleaner way to resolve the issue. Another option would be make some changes on the back-end lib file (if you have access to the splunk searchhead).

Edit line 71 on splunk_to_influxdb.py (located in you splunkroot->etc->apps->influxdb_connect->lib)
change it form
posturl = 'http://%s:%s/write?db=%s&precision=ms&p=%s&u=%s' % (infdbhost,infdbport,infdbdb,infdbaccs,infdbuser)
to
posturl = 'http://%s:%s/write?db=%s&precision=ms' % (infdbhost,infdbport,infdbdb)

Note that this is not a clean way of doing this (you are essentially ignoring the user and passwd defined on splunk side) .... but I think it should work for now for you to export data out of splunk into influxdb.

0 Karma

Cuyose
Builder

I am still unable to get this to connect, and I am not seeing where there are any logs to show what failed? It simply goes to the next screen with no configured instances listed. I have no issues connecting to this instance outside of Splunk.

0 Karma

Yasaswy
Contributor

hi Cuyose,
You will find the log at $SPLUNK_HOME/var/log/splunk/influxdbmod.log ... fyi I have not yet added native support to unauthenticated writes to influxdb. The app without any modification will expect a username and password for influxdb.

0 Karma

Cuyose
Builder

Yes, I changed the py scripts to stub out that requirement, however the log file is completely blank as well after trying to configure any settings.

0 Karma

Yasaswy
Contributor

I would suggest not to make any changes. remove the app completely. Have the latest install of the app reinstalled. Configure normally with a username and password for influxdb side. And verify if the log file shows up with details. Once you have log file working should be easier to troubleshoot with modifications.

0 Karma

pramit46
Contributor

I create a new admin user and also enabled that auth. I tested both telegraf and influxdb and they both work fine with the new username. But Splunk configuration still goes in vain... As soon as I click on submit, it goes to next page where it shows two boxes that list down the existing instances and the selected ones. I see nothing in that list.
Is it possible that the port 8086 is not enabled?

0 Karma

Yasaswy
Contributor

are you an admin on Splunk?

0 Karma

Yasaswy
Contributor

make sure the spunk user configuring the app has appropriate access... check out
https://answers.splunk.com/answers/441007/how-to-assign-access-to-users-for-influxdb-connect-1.html

0 Karma