Chef App for SplunkΒΆ

Note

This topic is meant to support existing customers using Analytics. The visibility capabilities of Chef Automate replace the features and functionality of Chef Analytics and we encourage customers to adopt Chef Automate going forward.

Use the Chef App for Splunk to gather insights about nodes that are under management by Chef. The Chef App for Splunk requires Chef Analytics version 1.1.4 (or later).

_images/splunk_app_nodes_activity.png _images/splunk_app_server_activity.png

Note

Splunk Enterprise is required to use the Chef App for Splunk. Splunk light does not support the installation of packaged Splunk applications.

To set up the Chef App for Splunk, do the following:

  1. Download and install Chef Analytics.

  2. Configure a notification for the Splunk server.

  3. Go to the Notifications tab in the Chef Analytics web user interface.

  4. Click the plus symbol (+) and select Splunk.

  5. Name the configuration. For example: splunk-notifier.

  6. Configure the hostname, port, username, and password for the Splunk server.

  7. The default port is 8089; modify to match your Splunk install.

  8. You can choose what data to send to the Splunk server by type. Valid types are action, run_converge, run_resource, run_control, and run_control_group. Add the following rules to enable data to be sent to the Splunk server:

    rules 'Splunk'
      rule on action
      when
        true
      then
        notify('splunk-notifier')
      end
    
      rule on run_converge
      when
        true
      then
        notify('splunk-notifier')
      end
    
      rule on run_resource
      when
        true
      then
        notify('splunk-notifier')
      end
    end
    

The rules block MUST be exactly as shown. If these rules do not match exactly, the Chef App for Splunk may not work correctly.