By Victor Mak, Alibaba Cloud Solution Architect
The following figure illustrates the Splunk integration architecture:
Alibaba Cloud Log Service is a one-stop service for log data. Alibaba Cloud Log Service experiences massive big data scenarios. Log Service allows you to quickly complete the collection, consumption, shipping, query, and analysis of log data without the need for development, which improves the Operation & Maintenance (O&M) efficiency, and builds the processing capabilities to handle massive logs in the DT (data technology) era. For more information, see Log Service (SLS) Production Introduction.
Alibaba Cloud Log Service Add-On for Splunk is an add-on that collects the logs from Alibaba Cloud Log Service (SLS) and sends them to Splunk.
Before you begin, make sure:
Follow these steps to enable Web Application Firewall (WAF) logging in the WAF console:
1. Log on to the Alibaba Cloud WAF console
2. In the upper right corner, click Upgrade to enable WAF Access Log Service.
3. Navigate to Log Services under Log Management to enable the website you want to enable log services on in the drop-down list.
Follow these steps to download and install the add-on in the Splunk console:
1. Log on to the Splunk Enterprise Console.
2. Navigate to the "+ Find More Apps" under Apps
3. In the Apps search bar, search Alibaba Cloud Log Service Add-On for Splunk and click Install.
4. A restart is required to complete the add-on installation, click Restart Now to continue.
1. You should see Alibaba Cloud Log Service Add-On for Splunk is successfully installed. Now, select the app Alibaba Cloud Log Service Add-On for Splunk.
2. Navigate to Configuration, click Add under the Account sheet. Fill in the Account Name, Username, and Password. Note: The username and password are configured to correspond to the AccessKey ID and AccessKey Secret.
3. Navigate to Inputs, click Create New Input to create a new data input.
4. Fill in the necessary parameters:
|Name||The unique name for the data input.|
|Interval||Time in seconds to recover the Splunk data input process when it exits unexpectedly.|
|SLS AccessKey||This AccessKey is used by pairing an AccessKey ID and an AccessKey Secret.|
|SLS endpoint||SLS service endpoint. For more information, see Service endpoint.|
|SLS project||The project in Log Service. For more information, see Manage a project.|
|SLS logstore||The logstore in log service. For more information, see Manage a Logstore.|
|SLS consumer group||A consumer group name that's used to consume the logstore. To scale, multiple inputs could be configured with the same consumer group name. For more information, see Use consumer groups to consume logs.|
|SLS cursor start time||The start time from which data is consumed. This parameter is valid only when the consumer group is created for the first time. logs will be consumed from the saving point for other times.|
|SLS heartbeat interval||The heartbeat interval in seconds between consumer and SLS server. Unit: second.|
|SLS data fetch interval||If the coming data is not so frequent, please don't configure it too small. Unit: second.|
After enabling the data inputs, navigate to App Search & Reporting. You will see the logs that are collected from Alibaba Cloud Log Service.
The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.
Alibaba Clouder - January 31, 2019
wjo1212 - January 3, 2019
DavidZhang - January 15, 2021
Xi Ning Wang - August 30, 2018
Alibaba Clouder - April 12, 2021
DavidZhang - April 30, 2021
A cloud firewall service utilizing big data capabilities to protect against web-based attacksLearn More
Explore Web Hosting solutions that can power your personal website or empower your online business.Learn More
Web App Service allows you to deploy, scale, adjust, and monitor applications in an easy, efficient, secure, and flexible manner.Learn More
An all-in-one service for log-type dataLearn More
More Posts by Alibaba Clouder