All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Terraform Cloud for Splunk

jbspecht
Explorer
‎11-15-2024 05:50 AM

Installed the app yesterday on our cloud instance (Victoria) and I can't figure out what index it points data to or where that is configured? The setup UI never asks for the index. Also, I can't find any internal logs for the app to understand what may be going on. Feeling like this was created as an app whereas maybe it should have been an add-on in the add-on builder?

Any help would be greatly appreciated.

Josh

Labels (2)
Labels
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 06:06 AM

For anyone else running into this below is what I've found so far of what the app does.

Logs are sent to following...

index=main
host=https://app.terraform.io
source=terraform_cloud
sourcetype=terraform_cloud

Two dashboards are added to the dashboards in Splunk. You can use these to determine where the logs are set to go which is to no index by default (main). 

Dashboards:
[ HCP Terraform Analysis ] - Dark Theme
[ HCP Terraform Analysis ] - Light Theme

NEXT QUESTION: How to switch the index to get the logs securely stored and format properly recognized? 

Tags (1)
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 06:24 AM

It appears that you then have to change the data input (after completing the apps setup page) to set the index and source type. Also, the polling interval (default of 60 seconds) is found here. Along with this I went and changed the dashboard portlet searches to include the index. 

Hope this helps someone else. I've yet to get data in to confirm but will report back if I do.

Preview file
72 KB
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 09:18 AM

Logs are now coming in as expected. 

Couple things that threw me off.

- Besides adding the index to the dashboard portlet searches, i had to examine the XML to modify (add index) the base search at the top so the associated drop downs and results portlet at the bottom of the dashboard worked.

-  Changing the data inputs source type from 'Automatic' to 'From list' -> 'terraform_cloud' didn't take. It would revert back to 'Automatic' but in the end the source type is still correctly attached to the logs and fields are extracted. 

- Lack of documentation. Wasn't sure of the index, source, host, source type, polling interval, log level, etc. Could maybe be added to the setup page? Appreciate just having the app though.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...