I have been asked to install "Splunk app for Jenkins" in my environment. I have installed it on Search Head 1 (SH1) as that is the SH where all my customers have access and they run reports, searches, create dashboards, etc.,
After installing the app, my customer have asked to provide below three information as in the below documentation:
As I have 8 indexers in my environment, I have thought of giving any one indexer name but while creating a HTTP token as per the below link, I am being asked to mention index name and source type as per the below documentation. Atleast I will give sourcetype as Automatic but I want to know which index to be selected. As the HTTP token generation was being done on SH1, it showed few new indexes like jenkins, jenkinsartifact, jenkinsconsole and jenkins_statistics. I believe these got created while installing the jenkins app.
In this case, should I give "Indexer host name" or "Search Head name" to the customer as the data from Jenkins is going to be sent to "Jenkins" index which is on SH1.
I tried to create the http token on Indexer1 but it is not populating four jenkins indexes which I mentioned above.
Is it good practise to install this type of Apps on SH?
Is the port 8088 is default port? Can this be changed? If yes, how?
You can setup a load balancer to forward data to 8 indexers and use that load balancer address as input host name in the plugin config, and load balancer port (maybe 443) as input port.
You need create the 4 indexes (jenkins, jenkinsartifact, jenkinsconsole and jenkins_statistics) manually if the app is not installed on indexer.
You can also change the default port 8088, see the screenshot on HEC setup
No thats not the right practise. Ideally data collection should not happen on Search Head Node. It should take place on Heavy Forwarder.
If you use Heavy Forwarder, you will need to give that host name to your customer to configure data inputs on Jenkins server.