Splunk’s External IoT Analytics Demo – Technical Blog Series
May 10, 2018
Today you are going to quickly learn how to integrate your device data with third-party analytics solutions with the ClearBlade IoT Solutions. This is useful for sending device data directly to an external service that knows how to analyze that data. For this demonstration, we are going to take payloads from our device MQTT feed and send them to Splunk’s cloud offering.
- Integrate device data with third-party analytics solutions
- Take payloads from device MQTT feed and send them to Splunk’s Cloud Offering
- ClearBlade Sandbox Account (Create)
1. Start by going to IoT Package Manager (IPM) and pull down the example that has the pieces put together for you. Here you’ll find all kinds of solutions waiting to be leveraged. For the purposes of this demonstration, you’ll want to use the “splunk-service” package. You’ll notice there is a setup and description of the package below. To get started, grab the repository url by clicking copy at the top next to the URL.
2. Transition over to the platform instance and run the install process. IPMs can install into existing solutions or new ones. In this demo, we are keeping it simple by installing the IPM in a new system. Click Install, paste the URL, and click Fetch!.
3. You can see all the assets of interest here that get imported, and you could potentially deselect things you don’t want to add. Click Import to finalize the IPM import.
With the IPM imported you can browse your newly imported system. With most IPMs its best to follow the setup instructions. The first set of instructions is about getting Splunk set up. If you are already an expert at Splunk this might be old news, but for those who aren’t, click around a little in the Splunk cloud.
3. Here you can see our Splunk account where we have a default dashboard. On this dashboard you are seeing data from a Splunk HTTP Event Collector or HEC. Essentially, this enables an http request to send data.
4. The Splunk setup takes about 5 minutes and is pretty straight forward. You’ll need to do this on your own.
5. With your HEC setup, review the remainder of the steps required to get device data flowing into this external analytics service. First, you will set up your third party credentials in the ConstantsSplunk library. Navigate there by clicking “Code” then under “Libraries” clicking “ConstantsSplunk”. You’ll want to edit the URL after “var PLATFORM_URL =” to the hostname of the ClearBlade platform you are running on. You’ll also need to input the Splunk key, hostname, and port number that you’ll get from your Splunk account during the HEC setup. Remember to save after entering your information.
6. With the constants set, you need to run the SetupSplunk service. This service will create a SplunkUser for you to log into the portal and send data on behalf of the devices. In the “Code” tab under “Services” click on “SetupSplunk”. At the bottom you can see the name of the user created, and at the top you can see the corresponding password. If you want to change the password for this user (which I recommend), do it right here. Click “Save and Test”. A popup saying “Success!” will appear and you now have a new user created. After the service runs, you are ready to go.
7. Now you can open the “SplunkPublisher” portal. Make sure to log in using your newly created credentials from the last step.
8. This portal is a basic environment where you can send data as one of three devices. When you click, you can see the message has fired off into the platform where it has used the underlying ClearBlade protocol to ingest the data. You can continue to click to send more data or even use the repeating logic underneath the text box to send a larger load of messages.
9. If you go back to the developer console and click “code” then under “Triggers” click “DataReceivedFromDevice,” you can see the message comes and hits this trigger because it’s watching the devices message topic. That trigger kicks off the “PublishToSplunkCloud” service, handing the devices payload information.
10. By clicking “Code” under “Services,” click on “PublishToSplunkCloud” and you can see that the “PublishToSplunkCloud” service takes that information and ships it off to the Splunk HEC in real time.
11. Finally, if you hop over to the Splunk cloud where you may have thousands or millions of devices streaming information, you can see the default dashboard accepting the new device endpoints. Splunk, of course is now going to provide you tons of bells and whistles with which to explore that data and represent it as creatively as you need.