Overview: Automatic Setup With Splunk

  • 1
  • Praise
  • Updated 4 months ago
Setup

Automatic

Overview: For this effort, you'll be working with Automatic and their instructions for obtaining access to their REST API endpoints.

  1. Navigate to developer.automatic.com.
  2. Log in with the same credentials you use for Automatic's Dashboards to log into the developer site.
  3. Select “My Apps” and fill out the form. Use http://www.splunk.com as your app and follow their instructions for obtaining access to their REST API endpoints.
  4. It takes a few hours for the Automatic developer team to register your App and send you an email with the relevant information to get started.
  5. Log back into the developer web page and your App will be displayed with the relevant information.
  6. Follow Automatic's instructions OR try navigating directly to http://automatic-oauth-example-nodejs.herokuapp.com
Splunk Setup
  1. Within the Splunk UI, navigate to Settings -> Data -> Data Inputs -> Automatic Car Data.
  2. Select the "New" button to pull in trip data associated with your developer.automatic.com account.
  3. Refer to the in-screen instructions on what value to enter for each field. For the value of the "Access Token" field, input the access_token provided by Automatic as per the "Setup" instructions section above.
  4. Select the "Next" button on top to save your new input.
  5. Return to the app within Splunk  Tool and explore your data!
Deployment

This app contains dashboards that require deployment to your Search Head(s), an index definition that requires it to be deployed to your indexer(s), and a Modular Input which you may choose to deploy to a heavy forwarding tier. Follow the standard instructions documented in this manual: http://docs.splunk.com/Documentation/AddOns/latest/Overview/Singleserverinstall or, for a distributed environment, see http://docs.splunk.com/Documentation/AddOns/latest/Overview/Distributedinstall.

Additionally, one of the dashboards uses the Treemap visualization. Therefore, please make this this prerequisite is installed on your Search Head(s).

Upgrading

If upgrading, it is recommended to remove the old apps and indexes and start fresh. Tip: http://docs.splunk.com/Documentation/Splunk/latest/Indexer/RemovedatafromSplunk

Restart CollectionYou can force data collection by clearing the corresponding modinput checkpoint from $SPLUNK_HOME/var/lib/splunk/modinputs/automatic OR by creating a new input.

I hope this will help for some of our friends!

Best Regards
Sarahjohn
Photo of sarahjohn

sarahjohn

  • 70 Points

Posted 4 months ago

  • 1

Be the first to post a reply!