Lab 3.3: BIG-IQ Analytics and Splunk

Note

Estimated time to complete: 5 minutes

Lab environment access

If you have not yet visited the page Getting Started, please do so.

Tasks

Prerequisites Splunk

• This demo is using a instance of Splunk running in a container.
• An HTTP Event Collector listening on port 8088 to receive JSON events has been configured.

Custom script to export BIG-IQ analytics and send them over to Splunk

A script is setup in the crontab (Linux Scheduler) where the Splunk container runs, This script is getting the Analytics using BIG-IQ API, then sending the JSON result to Splunk HTTP Event collector every minutes.

The events (in JSON format) are received in Splunk and dashboards can be easily created using the search query field.

Below is an example of a search query used to display the HTTP Transactions:

index = "main" |table _time,result.result{}.transactions$avg-count-per-sec | rename result.result{}.transactions$avg-count-per-sec as transactions | spath

Click on the SPLUNK button on the system Ubuntu Lamp Server in the lab environment. Use admin/purple123 to authenticate.

Dashboard in Splunk

Dashboard in BIG-IQ