Data Export: Splunk

The following system statistics are forwarded to Splunk Indexer:

  • Core Java Virtual Machine (JVM)
  • CPU: including an overview and breakdown by host, process, user, stat, and source.
  • Memory: including an overview and breakdown by host, process, user, and source.
  • Disk: including usage by host, source, and files opened by command, type, and user.
  • Network: including interfaces, interface throughput, connection details, and network sources.

Refer to the Core Splunk Forwarder and App for Splunk Enterprise Guide for information on how to set up the end-to-end MobileIron Splunk solution. Terminology provides instructions on how to access MobileIron product documentation.

This section includes the general workflow to configure the Splunk Indexer:

Step 1

Enabling the Splunk Forwarder to turn on the Splunk Forwarder so it can push data to the Splunk Indexer.

Step 2

Adding a Splunk Indexer to configure which external Splunk Indexer will receive and manipulate the data from the Splunk Forwarder.

Step 3

Configuring Splunk Data to configure which data Splunk Forwarder sends to the Splunk Indexer.

Enabling the Splunk Forwarder

Procedure 

  1. Log into System Manager.
  2. Go to Settings > Services.
  3. Select Enable next to Splunk Forwarder.
  4. Click Apply > OK to save the changes.

Adding a Splunk Indexer

Procedure 

  1. Log into System Manager.
  2. Go to Settings > Data Export > Splunk Indexer.
  3. Click Add to open the Add Splunk Indexer window.
  4. Modify the fields, as necessary.
  5. Refer to the Add Splunk Indexer window table for details.
  6. Click Apply > OK to save the changes.

Add Splunk Indexer window

The following table summarizes fields and descriptions in the Add Splunk Indexer window:

Table 11.  Add Splunk Indexer window

Fields

Description

Splunk Indexer

Add the IP address of your Splunk Enterprise Server.

Port

Add port of your Splunk Enterprise Server.

Enable SSL

Click this check box to enable SSL

Configuring Splunk Data

Procedure 

To configure the data to export to Splunk:

  1. Log into System Manager.
  2. Go to Settings > Data Export > Splunk Data to open the Data to Index window.

  3. Modify the fields, as necessary.

    Click Show/Hide Advanced Options to further customize which data to send to Splunk.

  4. Click Apply > OK.

  5. Restart the Splunk Forwarder by disabling it, then enabling it again.

    1. Go to Settings > Services.
    2. Select Disable next to Splunk Forwarder.
    3. Click Apply > OK.
    4. Select Enable next to Splunk Forwarder.
  6. Click Apply > OK to save the changes.