All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Terraform Cloud for Splunk

jbspecht
Explorer
‎11-15-2024 05:50 AM

Installed the app yesterday on our cloud instance (Victoria) and I can't figure out what index it points data to or where that is configured? The setup UI never asks for the index. Also, I can't find any internal logs for the app to understand what may be going on. Feeling like this was created as an app whereas maybe it should have been an add-on in the add-on builder?

Any help would be greatly appreciated.

Josh

Labels (2)
Labels
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 06:06 AM

For anyone else running into this below is what I've found so far of what the app does.

Logs are sent to following...

index=main
host=https://app.terraform.io
source=terraform_cloud
sourcetype=terraform_cloud

Two dashboards are added to the dashboards in Splunk. You can use these to determine where the logs are set to go which is to no index by default (main). 

Dashboards:
[ HCP Terraform Analysis ] - Dark Theme
[ HCP Terraform Analysis ] - Light Theme

NEXT QUESTION: How to switch the index to get the logs securely stored and format properly recognized? 

Tags (1)
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 06:24 AM

It appears that you then have to change the data input (after completing the apps setup page) to set the index and source type. Also, the polling interval (default of 60 seconds) is found here. Along with this I went and changed the dashboard portlet searches to include the index. 

Hope this helps someone else. I've yet to get data in to confirm but will report back if I do.

Preview file
72 KB
0 Karma
Reply

jbspecht
Explorer
‎11-15-2024 09:18 AM

Logs are now coming in as expected. 

Couple things that threw me off.

- Besides adding the index to the dashboard portlet searches, i had to examine the XML to modify (add index) the base search at the top so the associated drop downs and results portlet at the bottom of the dashboard worked.

-  Changing the data inputs source type from 'Automatic' to 'From list' -> 'terraform_cloud' didn't take. It would revert back to 'Automatic' but in the end the source type is still correctly attached to the logs and fields are extracted. 

- Lack of documentation. Wasn't sure of the index, source, host, source type, polling interval, log level, etc. Could maybe be added to the setup page? Appreciate just having the app though.

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

ATTENTION!! We’re MOVING (not really)

Hey, all! In an effort to keep this Slack workspace secure and also to make our new members' experience easy, ...

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

  Whether you're running a complex Splunk deployment or just getting your bearings as a new admin, .conf25 ...

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...