All Apps and Add-ons

Splunk App for Jenkins: What is the Recommended Meta-Data Configuration

syncsyn
New Member

Preface: I've already looked through the other answers and any examples I found/tried didn't fix the problem.

Problem: Getting log events pushed to Splunk from Jenkins, but the dashboard app shows nothing. I'm thinking it's the meta-data configuration that's wrong. Does anyone have a good working example of what the meta-data configuration should look like on the Jenkins side? We're using pipelines, if that makes a difference. If anyone has suggestions that aren't around the meta-data configuration please feel free to let me know.

Thanks!
Syncs

Tags (1)
0 Karma

txiao_splunk
Splunk Employee
Splunk Employee

Checkout https://wiki.jenkins-ci.org/display/JENKINS/Splunk+plugin+for+Jenkins
For Splunk version 6.5 or later, it is recommended to use the plugin's default config
For Splunk 6.3.x or 6.4.x, please adjust the default sourcetype to json:jenkins:old (please remove it if Splunk get upgraded to latest version otherwise data will be extracted twice)
Can you get any results for below two searches?

index=jenkins_statistics event_tag=job_event
index=jenkins_statistics job_event
0 Karma

syncsyn
New Member

@Txiao

The first search query returns no results. The second query returns lots of results where the source = "jenkins/job_event", and the sourcetype = "json:jenkins"

0 Karma

txiao_splunk
Splunk Employee
Splunk Employee

what is the version of splunk which is used http event collector? 6.3 or 6.4?

0 Karma

syncsyn
New Member

We're on 6.5.0

0 Karma

adonio
Ultra Champion

if you see events but not data in dashboard, the first thing i will check is if the indexes that are shipped with the app are searched by default by the user who looks at the dashboard
navigate to settings -> access control -> roles -> the role your user has -> scroll down all the way -> add the 4 jenkins indexes to indexes searched by default.

0 Karma

syncsyn
New Member

Thanks @adonio I'll have to get my Splunk admins to check it out, they only give our corp users admin rights. So i can't see "Access Control". I'll get back to you as soon as I can!

0 Karma

adonio
Ultra Champion

in the meantime,
you can open a panel in search by clicking the magnifying glass icon on panels buttom
at the begging of the search string, place index=* and run the search, if it works, then great. if not, will check next that the app is set to global so all knowledge objects are global
cheers

0 Karma

syncsyn
New Member

That did not work. How do I check to see if the app is set to global? Is that another Splunk admin function?

0 Karma

adonio
Ultra Champion

when you search index = jenkins* | stats count by sourcetype
do you see any results?
do you see the fields eventtype and tag?

0 Karma

syncsyn
New Member

Yes, i get lots of results. I do not have fields eventtype and tag.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...