Setting up the ‘Discovery’ input is a convenient way to get information about your Cloudhub environments in Splunk.
Most of the data inputs that can be created in the app require at least one of Organization IDor Environment ID to be supplied. We have created a “Discovery” input that takes in a set of MuleSoft credentials and returns a table of Organisation and Environment IDs that are associated with it.
This guide assumes that:
- You already have created a MuleSoft Account and that the permissions on that account are set correctly. This account should have ‘Read Applications’ permissions for the environments you wish to monitor in Splunk – you may need to ask your Mulesoft Administrator to allow this.
- You have created a Splunk index into which the ‘discovery’ data should be ingested.
How to use the ‘discover’ input
- In the app, click on the Configuration tab:
- Go to ‘Add’:
- Add a name (this can be anything you want). For username and password, enter the credentials that you used to set up your Mulesoft account.
Once you are happy with these, click on ‘Add’ and then go back to the Inputs tab.
- Go to “Create New Input” and select ‘discovery’ from the drop-down list
- Name: This can be set to any meaningful string.
Interval: This should be an integer value greater than or equal to 60. This represents the number of seconds between successive calls to the Mulesoft API. A good value for this input is 42300 (representing half a day).
Index: Select the index that you have created for this input.
Global Account: Select the name corresponding to the set of credentials as set up in step 3.
- At this point, the input is up and running. Check that the data is being ingested correctly by clicking on ‘Search’.
And entering the following SPL into the search bar:
index=<your_index> source="mulesoft:discovery" | table envID, envName, orgID, orgName,parentOrgID, parentOrgName
- If everything has been successful you should see a table of information similar to that shown below.