Getting Data In

How to configure Splunk app for Jenkins?

bsuresh1
Path Finder

Hi All,
I have been asked to install "Splunk app for Jenkins" in my environment. I have installed it on Search Head 1 (SH1) as that is the SH where all my customers have access and they run reports, searches, create dashboards, etc.,

After installing the app, my customer have asked to provide below three information as in the below documentation:
link:(https://wiki.jenkins-ci.org/display/JENKINS/Splunk+Plugin+for+Jenkins)

  1. Indexer host name
  2. HTTP Input port
  3. HTTP Input Token

As I have 8 indexers in my environment, I have thought of giving any one indexer name but while creating a HTTP token as per the below link, I am being asked to mention index name and source type as per the below documentation. Atleast I will give sourcetype as Automatic but I want to know which index to be selected. As the HTTP token generation was being done on SH1, it showed few new indexes like jenkins, jenkins_artifact, jenkins_console and jenkins_statistics. I believe these got created while installing the jenkins app.
Link:(http://dev.splunk.com/view/event-collector/SP-CAAAE7C)

In this case, should I give "Indexer host name" or "Search Head name" to the customer as the data from Jenkins is going to be sent to "Jenkins" index which is on SH1.

I tried to create the http token on Indexer1 but it is not populating four jenkins indexes which I mentioned above.

Is it good practise to install this type of Apps on SH?
Is the port 8088 is default port? Can this be changed? If yes, how?

0 Karma

hardikJsheth
Motivator

No thats not the right practise. Ideally data collection should not happen on Search Head Node. It should take place on Heavy Forwarder.

If you use Heavy Forwarder, you will need to give that host name to your customer to configure data inputs on Jenkins server.

0 Karma

txiao_splunk
Splunk Employee
Splunk Employee

I think below link may help
High volume HTTP Event Collector data collection using distributed deployment
Configure an NGINX load balancer for HTTP Event Collector

You can setup a load balancer to forward data to 8 indexers and use that load balancer address as input host name in the plugin config, and load balancer port (maybe 443) as input port.

You need create the 4 indexes (jenkins, jenkins_artifact, jenkins_console and jenkins_statistics) manually if the app is not installed on indexer.
You can also change the default port 8088, see the screenshot on HEC setup

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...