Splunk www.splunk.com indexes and makes searchable data from any app, server or network device in real time including logs, config files, messages, alerts, scripts and metrics.
User needs to have edit_tcp permission to post events to Splunk
Find the zip file at 'splunk-alerting-extension.zip'
Unzip the splunk-alerting-extension.zip file into /custom/actions/ . You should have /custom/actions/splunk-alert created.
Check if you have custom.xml file in /custom/actions/ directory. If yes, add the following xml to the element.
<action> <type>splunk-alert</type> <!-- For Linux/Unix *.sh --> <executable>splunk-alert.sh</executable> <!-- For windows *.bat --> <!--<executable>splunk-alert.bat</executable>--> </action>
If you don't have custom.xml already, create one with the below xml content
<custom-actions> <action> <type>splunk-alert</type> <!-- For Linux/Unix *.sh --> <executable>splunk-alert.sh</executable> <!-- For windows *.bat --> <!--<executable>splunk-alert.bat</executable>--> </action> </custom-actions>
Uncomment the appropriate executable tag based on windows or linux/unix machine.
A sample config.yml file is included in splunk-alert/conf
# Host at which Splunk is reachable host: localhost # Port at which Splunk is reachable # Use the admin port, which is 8089 by default. port: 8089 # Splunk username username: admin # Splunk password, provide password or passwordEncrypted and encryptionKey. password: admin passwordEncrypted: encryptionKey: #Proxy server URI proxyUri: #Proxy server user name proxyUser: #Proxy server password proxyPassword: #Index Name, should be available in Splunk index: appdynamics_events #Source Type sourceType: events
Note: An index with index name should be present in Splunk.
To avoid setting the clear text password in the config.yml, please follow the process below to encrypt the password
1. Download the util jar to encrypt the password from https://github.com/Appdynamics/maven-repo/blob/master/releases/com/appdynamics/appd-exts-commons/1.1.2/appd-exts-commons-1.1.2.jar and navigate to the downloaded directory
2. Encrypt password from the commandline java -cp appd-exts-commons-1.1.2.jar com.appdynamics.extensions.crypto.Encryptor encryptionKey myPassword
3. Specify the passwordEncrypted and encryptionKey in config.yml
To create a Custom Action, first refer to the the following topics (requires login):
Now you are ready to use this extension as a custom action. In the AppDynamics UI, go to Alert & Respond -> Actions. Click Create Action. Select Custom Action and click OK. In the drop-down menu you can find the action called 'splunk-alert'.
Always feel free to fork and contribute any changes directly here on GitHub.
For any questions or feature request, please contact AppDynamics Center of Excellence.
|6.2.0, 6.3.2, 6.3.3|
|09 Sep 2016|
Note: This extension works only with a dedicated SaaS controller or an on-prem controller. Alerting extensions, currently do not support multi-tenant SaaS controllers.
1) Updated the splunk libraries to fix post custom event issue
1) Added support to 4.x controller
1) Fixed multiple ad_affected_entity_name in the posted event by adding ad_evaluation_entity_name
1) Using Splunk REST API to post events and removed Splunk and Splunk logging libraries
2) Replaced .splunkrc with the config.yml
1) config clean up and proxy support
1) added root logger in log4j.xml