Splunk Enterprise Integration

  • 4 minute(s) read
Prev Next

Summary

The Catchpoint Search Splunk app uses the Catchpoint REST API to get Catchpoint raw performance data and alerts out of Catchpoint and into Splunk. This allows teams to correlate Catchpoint data and alerts with data from other systems such as APM or machine data to improve troubleshooting efficiency and cross-system reporting in Splunk.

Instructions:

1: Catchpoint Search App - Splunk Download

To download the Catchpoint Search Splunk app, click here mceclip0.png Download the tar.gz file.

2: Catchpoint Setup

In Catchpoint go to Settings>API: https://portal.catchpoint.com/ui/Content/Administration/ApiDetail.aspx mceclip8.png

In the REST API section click Add Consumer and assign a contact. Once saved you will be able to retrieve the consumer key and secret. These will be used for Splunk authentication to Catchpoint’s API.

mceclip4.png

3: Setup Catchpoint in Splunk

Open your Splunk Enterprise application and click on **Apps > Manager Apps
mceclip2.png

Click on install app from file:
mceclip4.png

Choose the Catchpoint Splunk app downloaded in step 1(tar.gz file). mceclip5.png

  1. After Installation, If Splunk Enterprise prompts you to restart, do so.
  2. From the Splunk Web home page, click the Apps gear icon.
  3. Search for Catchpoint Search and choose Set up
    manage_apps.png

This will launch a setup page. This is where you enter your consumer key and secret we get from step 2.
mceclip7.png

Multiple client/division support:

  1. To pull data from multiple Clients/Divisions, navigate to the Manage Apps page.
  2. Search for Catchpoint Search and select Set up from Actions.
  3. Complete the setup by supplying the consumer key and consumer secret within the remaining fields.

4: Setting Indexes

The index is the repository for Splunk Enterprise data. Splunk Enterprise transforms incoming data into the event, which it stores in indexes. We need to create an index for Catchpoint. mceclip0.png

Add a new index and add the required details.

mceclip1.png Here is an example of an index: mceclip3.png

5: Setting Data Inputs

Now click the Settings menu in the toolbar in the top-right portion of the Splunk UI. Click the sub-menu item Data Inputs
mceclip10.png

In here select the option titled Catchpoint Modular Input and click on New
mceclip11.png

This will prompt you to enter Unique Catchpoint Input Name and Catchpoint Client Secret. You will also be provided with an option to collect Alert data or Performance data. The Index in More Settings should be set to “catchpoint".

Note: Client Secret should match one of the consumer secret key which was supplied in the setup page.

Case 1: Alert data

splunk_alerts.png

Case 2: Performance Data

The Test ID can be found in the Catchpoint portal in the test properties page which can be found when editing any given test.

splunk_performance.png NOTE: App can only request 50 specified tests at once and collect the data. Multiple test IDs should belong to the same test type. You can set up multiple Data Inputs to collect data for similar kinds of tests based on their test types.

6: Splunk Data Analysis

Now that the setup is complete, you should see data coming into Splunk. In the Catchpoint Search app, you can now do searches in the Catchpoint Index.
mceclip15.png

You can also use the default dashboards to visualize the data. Click on Views and select Dashboard.
dashboards_options.png

You can see the Visualization for your Performance/Alert data: mceclip17.png

The overview dashboard enables you to quickly see your recent Errors, Events, and Alerts. The Node Map provides a geographical overview of your test runs, and the Tests Widget lets you search for and quickly access all of your test data.

The Test Time dashboard focuses on displaying how much time was spent loading resources. It plots the metrics over time making it easier to identify trends.

The Response size dashboard plots the amount of data downloaded when loading each resource. This highlights the amount of content and the header's download size over time.

The Errors page lists all the errors encountered by tests. This page makes it easy to view the top issues as well as narrow down on problems to identify commonality between failures for any given test or group of tests.

The Alerts page allows you to view the history of all the alerts reported by Catchpoint.

If you face any difficulties in setting up Splunk integration with Catchpoint Splunk App feel free to reach out to support@catchpoint.com

Known Issue
For the latest versions of Splunk which uses python 3, When updating the catchpoint app from version 0.8.* and 0.9.* to 1.0.* the app fails to pull data from Catchpoint API. This is because Splunk copies the app's contents into the existing folder in splunk_home/etc/apps/search_cp, older python files that support only python 2 should be removed in the latest version of the app, but this still exists after a user upgrades from an older version.

Workaround To work around this issue either manually delete the older directories or perform fresh Installations.

Manually delete the old python files and libraries after updating:

  1. Go to the Splunk apps directory where the Catchpoint Search app will be installed.
    <splunk_home>/etc/apps/search_cp/bin.
  2. Delete the below directories.
    httplib2, oauth2, requests, splunklib.
  3. Restart Splunk

Perform a fresh installation:

  1. Go to Splunk home directory.
    <splunk_home>/etc/apps
  2. Delete <search_cp> directory.
  3. Restart Splunk
  4. Install the latest Catchpoint Search app.