All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Terraform Cloud for Splunk

jbspecht
Explorer
‎11-15-2024 05:50 AM

Installed the app yesterday on our cloud instance (Victoria) and I can't figure out what index it points data to or where that is configured? The setup UI never asks for the index. Also, I can't find any internal logs for the app to understand what may be going on. Feeling like this was created as an app whereas maybe it should have been an add-on in the add-on builder?

Any help would be greatly appreciated.

Josh

Labels (2)
Labels
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 06:06 AM

For anyone else running into this below is what I've found so far of what the app does.

Logs are sent to following...

index=main
host=https://app.terraform.io
source=terraform_cloud
sourcetype=terraform_cloud

Two dashboards are added to the dashboards in Splunk. You can use these to determine where the logs are set to go which is to no index by default (main). 

Dashboards:
[ HCP Terraform Analysis ] - Dark Theme
[ HCP Terraform Analysis ] - Light Theme

NEXT QUESTION: How to switch the index to get the logs securely stored and format properly recognized? 

Tags (1)
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 06:24 AM

It appears that you then have to change the data input (after completing the apps setup page) to set the index and source type. Also, the polling interval (default of 60 seconds) is found here. Along with this I went and changed the dashboard portlet searches to include the index. 

Hope this helps someone else. I've yet to get data in to confirm but will report back if I do.

Preview file
72 KB
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 09:18 AM

Logs are now coming in as expected. 

Couple things that threw me off.

- Besides adding the index to the dashboard portlet searches, i had to examine the XML to modify (add index) the base search at the top so the associated drop downs and results portlet at the bottom of the dashboard worked.

-  Changing the data inputs source type from 'Automatic' to 'From list' -> 'terraform_cloud' didn't take. It would revert back to 'Automatic' but in the end the source type is still correctly attached to the logs and fields are extracted. 

- Lack of documentation. Wasn't sure of the index, source, host, source type, polling interval, log level, etc. Could maybe be added to the setup page? Appreciate just having the app though.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...