All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Terraform Cloud for Splunk

jbspecht
Explorer
‎11-15-2024 05:50 AM

Installed the app yesterday on our cloud instance (Victoria) and I can't figure out what index it points data to or where that is configured? The setup UI never asks for the index. Also, I can't find any internal logs for the app to understand what may be going on. Feeling like this was created as an app whereas maybe it should have been an add-on in the add-on builder?

Any help would be greatly appreciated.

Josh

Labels (2)
Labels
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 06:06 AM

For anyone else running into this below is what I've found so far of what the app does.

Logs are sent to following...

index=main
host=https://app.terraform.io
source=terraform_cloud
sourcetype=terraform_cloud

Two dashboards are added to the dashboards in Splunk. You can use these to determine where the logs are set to go which is to no index by default (main). 

Dashboards:
[ HCP Terraform Analysis ] - Dark Theme
[ HCP Terraform Analysis ] - Light Theme

NEXT QUESTION: How to switch the index to get the logs securely stored and format properly recognized? 

Tags (1)
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 06:24 AM

It appears that you then have to change the data input (after completing the apps setup page) to set the index and source type. Also, the polling interval (default of 60 seconds) is found here. Along with this I went and changed the dashboard portlet searches to include the index. 

Hope this helps someone else. I've yet to get data in to confirm but will report back if I do.

Preview file
72 KB
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 09:18 AM

Logs are now coming in as expected. 

Couple things that threw me off.

- Besides adding the index to the dashboard portlet searches, i had to examine the XML to modify (add index) the base search at the top so the associated drop downs and results portlet at the bottom of the dashboard worked.

-  Changing the data inputs source type from 'Automatic' to 'From list' -> 'terraform_cloud' didn't take. It would revert back to 'Automatic' but in the end the source type is still correctly attached to the logs and fields are extracted. 

- Lack of documentation. Wasn't sure of the index, source, host, source type, polling interval, log level, etc. Could maybe be added to the setup page? Appreciate just having the app though.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...