API Connect

 View Only

Offloading Analytics Data to Splunk from APIConnect on AWS SaaS

By Akhil Muralidharan posted Tue May 16, 2023 02:56 PM

  

Splunk is a data analytics solution allows organisations to collect, index, search, analyse, and visualise data in real-time.

In API Connect, you can configure analytics data offload to S3 or Splunk. In this blog I'll explain how to configure analytics data offload to Splunk.
If you prefer to watch a video demo instead, you can watch it here.
 
You can sign up for an API Connect SaaS trial instance here  if you don't have one.
I'm using a Splunk cloud trial instance for this demo.

To configure offload from API Connect  to your Splunk instance, you need to input the following details.

1. Splunk Index name
2. HEC Token
3. HEC URI

1. Create an Index in Splunk.

            a. Login to your Splunk account
            b. Goto Settings -> Indexes 



           c. Click on "New Index" and enter an Index name (apic-analytics), Index Data Type as "Events", Max raw size = 0 MB and Searchable retention as 14 days.
               These values can be anything as you wish. 

 

2. Create HEC token.

            a. Goto Settings -> Data Inputs

 
            b. Select "HTTP Event collector" and click on "New Token"


            c. Give a name for the token and click next.
            d. Select the index name which created in step 1c and click "Review" and then "Submit"


            c. Copy and keep the HEC token generated on the final step.



3. HEC URI

The HEC URI is just the URL for the Splunk instance. In case of Splunk trial account, You need to add a port number with URL. The port number can be found on HTTP Event Collector -> Global Settings.
In this example, the HEC URI is https://prd-p-cmgte.splunkcloud.com:8088. Since I'm using a Splunk Cloud trial account, I need to add port 8088 with HEC URI.



Once you have these three informations ready, you can login to API Connect and configure offload to Splunk.

Configuring  analytics data offload to Splunk

           1. Login to API Connect SaaS (AWS) API Manager.
           2. Goto Analytics menu on the left side panel.
           3. Click on "Offload Settings" & click "Yes"



           4. In Offload Settings side panel, select "Splunk" and enter Index name, HEC Token and HEC URI which created in above steps. Click Save.


           4. The configuration will take few seconds to complete and you will be notified once it is configured successfully.



Try invoking your APIS, and you will see the API call analytics data being offloaded to index "apic-analytics" in near real time.

 

Offloading APIC analytics data to Splunk enables the creation of real-time analytics dashboards that provide actionable insights and facilitate data-driven decision-making for organisations based on their API Consumption data. 

Hope this article is helpful.
Please let me know if you have any questions or concerns in the comment section.


#automation-featured-area-2

2 comments
247 views

Permalink

Comments

Akhil Muralidharan
Tue January 02, 2024 07:17 AM

Hi , @Carolina Monserrat Montero Gonzalez,

The process of offloading analytics in VMWare takes a different approach. Further details can be found in this documentation

https://www.ibm.com/docs/en/api-connect/10.0.x?topic=SSMNED_v10cd/com.ibm.apic.install.doc/analytics_install_offload_vm.htm

Carolina Monserrat Montero Gonzalez
Thu November 16, 2023 05:13 PM

Is there any similar guide to offload for API Connect in VMware? Version 10.0.5