Other Usage

Splunk integration with thousandeyes

stufty
Path Finder

Has anyone hooked up Splunk to the thousandeyes network monitor? I would rather not re-invent the wheel, but I would like to import what it sees into my Splunk repository.

Thanks in advance - Steve

0 Karma
1 Solution

stufty
Path Finder

What we wound up doing is writing a C# windows service that hits the Thousand eyes API and reports any test failures. The frequency of this polling is configurable, but set to every 5 minutes by default. Not perfect, but we are getting valuable data.

View solution in original post

0 Karma

vikramyadav
Contributor

We can use TE add-on to onboard data. https://splunkbase.splunk.com/app/5686/

 

0 Karma

cesaccenturefed
Path Finder

Has one tried using the modular inputs app? 

0 Karma

alexeyglukhov
Path Finder

It would be awesome if you could share your results if you configured it.

Thanks.

0 Karma

alexeyglukhov
Path Finder

So, I looked through the APIs and it looks like in order to get all the metrics it'll require:

1. Firstly, to get list of currently configured tests https://developer.thousandeyes.com/v6/tests/

each test includes actions it does and, accordingly, pointers to those actions, from which we can get metrics, example:

https://api.thousandeyes.com/v6/web/http-server/your_testid_here.json

.

.

"apiLinks": [
                {
                    "rel""self",
                    "href""https://api.thousandeyes.com/v6/tests/your_testid_here"
                },
                {
                    "rel""data",
                    "href""https://api.thousandeyes.com/v6/web/http-server/your_testid_here"
                },
                {
                    "rel""data",
                    "href""https://api.thousandeyes.com/v6/web/page-load/your_testid_here"
                },
                {
                    "rel""data",
                    "href""https://api.thousandeyes.com/v6/net/metrics/your_testid_here"
                },
                {
                    "rel""data",
                    "href""https://api.thousandeyes.com/v6/net/path-vis/your_testid_here"
                },
                {
                    "rel""data",
                    "href""https://api.thousandeyes.com/v6/net/bgp-metrics/your_testid_here"
                }
            ],
.
.
2. So, the next step will be to invoke those test action APIs to get those metrics.
 
Doable, of course, but would be better to have a one API invocation to get all metrics of all tests.
0 Karma

stufty
Path Finder

sure @HackerAce, here is the guts of our C# capture routine. We pass in https://api.thousandeyes.com/alerts.xml as the URI. Once you get the data, you can parse it and then either use HEC or write to a file that a UF is reading from.

Cheers - Steve

public static string Fetch(string URI)
{
    string content = string.Empty;
    string username = Credentials.GetUsername();
    string password = Credentials.GetPassword();
    string userpass = string.Format("{0}:{1}", username, password);
    WebRequest req = WebRequest.Create(URI);
    req.Method = "GET";
    req.Headers["Authorization"] = "Basic " + Convert.ToBase64String(Encoding.Default.GetBytes(userpass));
    HttpWebResponse resp = req.GetResponse() as HttpWebResponse;
    if (resp.StatusCode == HttpStatusCode.OK)
    {
        using (var stream = resp.GetResponseStream())
        using (var sr = new StreamReader(stream))
        {
            content = sr.ReadToEnd();
        }
    }
    return content;
}
0 Karma

HackerAce1
Engager

I would be interested to know how the integration works and if you would be willing to share?

0 Karma

stufty
Path Finder

What we wound up doing is writing a C# windows service that hits the Thousand eyes API and reports any test failures. The frequency of this polling is configurable, but set to every 5 minutes by default. Not perfect, but we are getting valuable data.

0 Karma

mookiie2005
Communicator

How did you configure the address for the SAAS, I am not seeing where that is supposed to be inputted/configured?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...