Splunk Log Observer Connect for Virtual Appliance

Splunk Log Observer Connect for Virtual Appliance enriches the application logs with metadata specific to Splunk AppDynamics Virtual Appliance. To view logs in Splunk Enterprise in context of an application monitored by Splunk AppDynamics Self Hosted Virtual Appliance, you must integrate Splunk AppDynamics Self Hosted Virtual Appliance with Splunk Enterprise, depending on your deployment. Using the deep links on the Controller UI, you can directly navigate from Splunk AppDynamics Self Hosted Virtual Appliance to Splunk Enterprise with a single sign-on and view the logs corresponding to the application, tier, node, business transaction, and transaction snapshot. With logs, you can further drill down to identify the root cause and the source of an issue and then initiate remediation actions.

Note: Single sign-on is not enabled by default. Administrators can enable single sign-on by using the same third party SAML identity provider on Splunk Enterprise and Splunk AppDynamics Self Hosted Virtual Appliance.

License Requirements

Note: Use of the Log Observer Connect Integration between AppDynamics and Splunk Enterprise is subject to the

General Terms

and applicable Offer Description(s) or any superseding agreement between Cisco, AppDynamics, or Splunk, as applicable, and you.

To integrate Splunk AppDynamics Self Hosted Virtual Appliance with Splunk Enterprise, you need an active:

  • Splunk AppDynamics On-premises license

  • Splunk Enterprise license depending on your deployment

Note: For any issues related to Splunk Enterprise, contact Splunk Support.

Integration Steps

To integrate Splunk AppDynamics Self Hosted Virtual Appliance with Splunk Enterprise, perform the following tasks:

SequenceTaskDescription
1Configure Splunk service account userCreate a service account in Splunk Enterprise for Splunk AppDynamics Self Hosted Virtual Appliance integration. This user is used to access the indexes for applications for application logs are stored.
2Configure universal forwarderConfigure your existing universal forwarder to send meta data specific to Splunk AppDynamics Self Hosted Virtual Appliance and augment them with logs.
3Configure the Splunk AppDynamics agentsConfigure Java, .Net, and Node.js agents to enrich the log data with request GUID, business transaction ID, and node ID.
4

Configure the application loggers:

Configure the Java, .NET, and Node.js application loggers to enrich the log data. The configuration of the logger will vary based on whether you are using structured or unstructured logs, as well as the type of logging framework being utilized.
5Install the Universal Integration Layer service in the clusterInstall the service endpoints and pods in the cluster that are required for the integration.
6Configure Splunk AppDynamics On-Premises for Splunk Log Observer ConnectConfigure the on-premises Controller to view the logs in Splunk Enterprise.
7

Configure allow list in Splunk Enterprise

Ensure that Splunk AppDynamics Self Hosted Virtual Appliance can communicate with Splunk Enterprise.