JOBS-1114 - The metric and log index names are now configurable

Author: deepakkjfrog

README.md

@@ -52,27 +52,29 @@ Our integration uses the [Splunk HEC](https://dev.splunk.com/enterprise/docs/dat
 
 Users will need to configure the HEC to accept data (enabled) and also create a new token. Steps are below.
 
-#### Create index jfrog_splunk
+#### Create index for logs (default: jfrog_splunk)
 
 ```text
 1. Open Splunk web console as administrator
 2. Click on "Settings" in dropdown select "Indexes"
 3. Click on "New Index"
-4. Enter Index name as jfrog_splunk
+4. Enter Index name as jfrog_splunk (or your custom name)
 5. Click "Save"
 ```
 
-#### Create index jfrog_splunk_metrics
+#### Create index for metrics (default: jfrog_splunk_metrics)
 
 ```text
 1. Open Splunk web console as administrator
 2. Click on "Settings" in dropdown select "Indexes"
 3. Click on "New Index"
-4. Enter Index name as jfrog_splunk_metrics
+4. Enter Index name as jfrog_splunk_metrics (or your custom name)
 5. Select Index Data Type as Metrics
 6. Click "Save"
 ```
 
+**Note:** You can customize the index names by setting the `SPLUNK_LOGS_INDEX` and `SPLUNK_METRICS_INDEX` environment variables in your docker.env file.
+
 #### Configure new HEC token to receive Logs
 
 ```text
@@ -83,7 +85,7 @@ Users will need to configure the HEC to accept data (enabled) and also create a
 5. Enter a "Name" in the textbox
 6. (Optional) Enter a "Description" in the textbox
 7. Click on the green "Next" button
-8. Add "jfrog_splunk" index to store the JFrog platform log data into.
+8. Add "jfrog_splunk" (or your custom logs index name) to store the JFrog platform log data into.
 9. Click on the green "Review" button
 10. If good, Click on the green "Done" button
 11. Save the generated token value
@@ -99,7 +101,7 @@ Users will need to configure the HEC to accept data (enabled) and also create a
 5. Enter a "Name" in the textbox
 6. (Optional) Enter a "Description" in the textbox
 7. Click on the green "Next" button
-8. Add "jfrog_splunk_metrics" index to store the JFrog platform metrics data into.
+8. Add "jfrog_splunk_metrics" (or your custom metrics index name) to store the JFrog platform metrics data into.
 9. Click on the green "Review" button
 10. If good, Click on the green "Done" button
 11. Save the generated token value
@@ -176,6 +178,8 @@ We rely heavily on environment variables so that the correct log files are strea
 * **SPLUNK_HEC_PORT**: Splunk HEC configured port
 * **SPLUNK_HEC_TOKEN**: Splunk HEC Token for sending logs to Splunk
 * **SPLUNK_METRICS_HEC_TOKEN**: Splunk HEC Token for sending metrics to Splunk
+* **SPLUNK_LOGS_INDEX**: Splunk index name for storing logs (default: jfrog_splunk)
+* **SPLUNK_METRICS_INDEX**: Splunk index name for storing metrics (default: jfrog_splunk_metrics)
 * **SPLUNK_INSECURE_SSL**: false for test environments only or if http scheme
 * **SPLUNK_VERIFY_SSL**: false for disabling ssl validation (useful for proxy forwarding or bypassing ssl certificate validation)
 * **SPLUNK_COMPRESS_DATA**: true for compressing logs and metrics json payloads on outbound to Splunk
@@ -349,6 +353,8 @@ export MASTER_KEY=$(openssl rand -hex 32)
           --set splunk.port=$SPLUNK_HEC_PORT \
           --set splunk.logs_token=$SPLUNK_HEC_TOKEN \
           --set splunk.metrics_token=$SPLUNK_METRICS_HEC_TOKEN \
+          --set splunk.logs_index=$SPLUNK_LOGS_INDEX \
+          --set splunk.metrics_index=$SPLUNK_METRICS_INDEX \
           --set splunk.compress_data=$SPLUNK_COMPRESS_DATA \
           --set splunk.com_protocol=$SPLUNK_COM_PROTOCOL \
           --set splunk.insecure_ssl=$SPLUNK_INSECURE_SSL \
@@ -425,6 +431,8 @@ export MASTER_KEY=$(openssl rand -hex 32)
         --set splunk.port=$SPLUNK_HEC_PORT \
         --set splunk.logs_token=$SPLUNK_HEC_TOKEN \
         --set splunk.metrics_token=$SPLUNK_METRICS_HEC_TOKEN \
+        --set splunk.logs_index=$SPLUNK_LOGS_INDEX \
+        --set splunk.metrics_index=$SPLUNK_METRICS_INDEX \
         --set splunk.com_protocol=$SPLUNK_COM_PROTOCOL \
         --set splunk.insecure_ssl=$SPLUNK_INSECURE_SSL \
         --set splunk.verify_ssl=$SPLUNK_VERIFY_SSL \
@@ -456,6 +464,8 @@ For Xray installation, download the .env file from [here](https://raw.githubuser
 * **SPLUNK_HEC_PORT**: Splunk HEC configured port
 * **SPLUNK_HEC_TOKEN**: Splunk HEC Token for sending logs to Splunk
 * **SPLUNK_METRICS_HEC_TOKEN**: Splunk HEC Token for sending metrics to Splunk
+* **SPLUNK_LOGS_INDEX**: Splunk index name for storing logs (default: jfrog_splunk)
+* **SPLUNK_METRICS_INDEX**: Splunk index name for storing metrics (default: jfrog_splunk_metrics)
 * **SPLUNK_INSECURE_SSL**: false for test environments only or if http scheme
 * **SPLUNK_VERIFY_SSL**: false for disabling ssl validation (useful for proxy forwarding or bypassing ssl certificate validation)
 * **SPLUNK_COMPRESS_DATA**: true for compressing logs and metrics json payloads on outbound to Splunk
@@ -487,6 +497,8 @@ helm upgrade --install xray jfrog/xray --set xray.jfrogUrl=$JPD_URL \
     --set splunk.port=$SPLUNK_HEC_PORT \
     --set splunk.logs_token=$SPLUNK_HEC_TOKEN \
     --set splunk.metrics_token=$SPLUNK_METRICS_HEC_TOKEN \
+    --set splunk.logs_index=$SPLUNK_LOGS_INDEX \
+    --set splunk.metrics_index=$SPLUNK_METRICS_INDEX \
     --set splunk.com_protocol=$SPLUNK_COM_PROTOCOL \
     --set splunk.insecure_ssl=$SPLUNK_INSECURE_SSL \
     --set splunk.verify_ssl=$SPLUNK_VERIFY_SSL \

app/jfrog-logs/README.md

@@ -4,11 +4,13 @@
 Install the app in your Splunk instance. Then restart your Splunk instance by going to _Server Controls > Restart_.
 
 ## Splunk Setup
-1. Create new Events index `jfrog_splunk` at _Settings > Indexes > New Index > Save_
-2. Create new Metrics index `jfrog_splunk_metrics` at _Settings > Indexes > New Index > Metrics > Save_
+1. Create new Events index `jfrog_splunk` (or your custom name) at _Settings > Indexes > New Index > Save_
+2. Create new Metrics index `jfrog_splunk_metrics` (or your custom name) at _Settings > Indexes > New Index > Metrics > Save_
 3. Create a new HTTP Event Collector data input for logs at _Settings > Data Inputs > HTTP Event Collector > New Token > jfrog_splunk index > Save_
 4. Create a new HTTP Event Collector data input for metrics at _Settings > Data Inputs > HTTP Event Collector > New Token > jfrog_splunk_metrics index > Save_
 
+**Note:** You can customize the index names by setting the `SPLUNK_LOGS_INDEX` and `SPLUNK_METRICS_INDEX` environment variables in your configuration.
+
 ## Setup Fluentd
 FluentD is used to send log events to Splunk. This [repo](https://github.com/jfrog/log-analytics-splunk) contains instructions on various installations options for Fluentd as a logging agent. 
 
@@ -21,6 +23,8 @@ export SPLUNK_HEC_HOST=splunk.example.com
 export SPLUNK_HEC_PORT=8088
 export SPLUNK_HEC_TOKEN=SPLUNK_HEC_TOKEN
 export SPLUNK_METRICS_HEC_TOKEN=SPLUNK_METRICS_HEC_TOKEN
+export SPLUNK_LOGS_INDEX=jfrog_splunk
+export SPLUNK_METRICS_INDEX=jfrog_splunk_metrics
 export SPLUNK_INSECURE_SSL=false
 export SPLUNK_VERIFY_SSL=true
 export SPLUNK_COMPRESS_DATA=true
@@ -36,6 +40,8 @@ export COMMON_JPD=false
 * **SPLUNK_HEC_PORT**: Splunk HEC configured port
 * **SPLUNK_HEC_TOKEN**: Splunk HEC Token for sending logs to Splunk
 * **SPLUNK_METRICS_HEC_TOKEN**: Splunk HEC Token for sending metrics to Splunk
+* **SPLUNK_LOGS_INDEX**: Splunk index name for storing logs (default: jfrog_splunk)
+* **SPLUNK_METRICS_INDEX**: Splunk index name for storing metrics (default: jfrog_splunk_metrics)
 * **SPLUNK_INSECURE_SSL**: false for test environments only or if http scheme
 * **SPLUNK_VERIFY_SSL**: false for disabling ssl validation (useful for proxy forwarding or bypassing ssl certificate validation)
 * **SPLUNK_COMPRESS_DATA**: true for compressing logs and metrics json payloads on outbound to Splunk

app/jfrog-logs/default/macros.conf

@@ -1,7 +1,7 @@
 [default_index]
-definition = index="jfrog_splunk"
+definition = index="$SPLUNK_LOGS_INDEX$"
 iseval = 0
 
 [default_metrics_index]
-definition = "index"="jfrog_splunk_metrics"
+definition = "index"="$SPLUNK_METRICS_INDEX$"
 iseval = 0

fluent.conf.rt

@@ -23,7 +23,7 @@
   hec_token "#{ENV['SPLUNK_METRICS_HEC_TOKEN']}"
   flush_interval 5s
   source ${tag}
-  index jfrog_splunk_metrics
+  index "#{ENV['SPLUNK_METRICS_INDEX']}"
   metric_name_key metric_name
   metric_value_key value
   insecure_ssl "#{ENV['SPLUNK_INSECURE_SSL']}"
@@ -405,7 +405,7 @@
     hec_host "#{ENV['SPLUNK_HEC_HOST']}"
     hec_port "#{ENV['SPLUNK_HEC_PORT']}"
     hec_token "#{ENV['SPLUNK_HEC_TOKEN']}"
-    index jfrog_splunk
+    index "#{ENV['SPLUNK_LOGS_INDEX']}"
     format json
     sourcetype_key log_source
     use_fluentd_time false

fluent.conf.xray

@@ -23,7 +23,7 @@
   hec_token "#{ENV['SPLUNK_METRICS_HEC_TOKEN']}"
   flush_interval 5s
   source ${tag}
-  index jfrog_splunk_metrics
+  index "#{ENV['SPLUNK_METRICS_INDEX']}"
   metric_name_key metric_name
   metric_value_key value
   insecure_ssl "#{ENV['SPLUNK_INSECURE_SSL']}"
@@ -156,7 +156,7 @@
   hec_host "#{ENV['SPLUNK_HEC_HOST']}"
   hec_port "#{ENV['SPLUNK_HEC_PORT']}"
   hec_token "#{ENV['SPLUNK_HEC_TOKEN']}"
-  index jfrog_splunk
+  index "#{ENV['SPLUNK_LOGS_INDEX']}"
   format json
   sourcetype_key log_source
   use_fluentd_time false
@@ -367,7 +367,7 @@
     hec_host "#{ENV['SPLUNK_HEC_HOST']}"
     hec_port "#{ENV['SPLUNK_HEC_PORT']}"
     hec_token "#{ENV['SPLUNK_HEC_TOKEN']}"
-    index jfrog_splunk
+    index "#{ENV['SPLUNK_LOGS_INDEX']}"
     format json
     sourcetype_key log_source
     use_fluentd_time false

fluentd-demo.conf

@@ -185,7 +185,7 @@
   hec_host HEC_HOST
   hec_port HEC_PORT
   hec_token HEC_TOKEN
-  index jfrog_splunk
+  index "#{ENV['SPLUNK_LOGS_INDEX']}"
   format json
   sourcetype_key log_source
   use_fluentd_time false

helm/artifactory-ha-values.yaml

@@ -47,6 +47,10 @@ artifactory:
           value: {{ .Values.splunk.metrics_token }}
         - name: SPLUNK_HEC_TOKEN
           value: {{ .Values.splunk.logs_token }}
+        - name: SPLUNK_LOGS_INDEX
+          value: {{ .Values.splunk.logs_index | default "jfrog_splunk" }}
+        - name: SPLUNK_METRICS_INDEX
+          value: {{ .Values.splunk.metrics_index | default "jfrog_splunk_metrics" }}
         - name: SPLUNK_INSECURE_SSL
           value: {{ .Values.splunk.insecure_ssl | quote}}
         - name: SPLUNK_VERIFY_SSL
@@ -62,6 +66,8 @@ splunk:
   port: SPLUNK_HEC_PORT
   logs_token: SPLUNK_HEC_TOKEN
   metrics_token: SPLUNK_METRICS_HEC_TOKEN
+  logs_index: SPLUNK_LOGS_INDEX
+  metrics_index: SPLUNK_METRICS_INDEX
   com_protocol: SPLUNK_COM_PROTOCOL
   insecure_ssl: SPLUNK_INSECURE_SSL
   verify_ssl: SPLUNK_VERIFY_SSL

helm/artifactory-values.yaml

@@ -47,6 +47,10 @@ artifactory:
           value: {{ .Values.splunk.metrics_token }}
         - name: SPLUNK_HEC_TOKEN
           value: {{ .Values.splunk.logs_token }}
+        - name: SPLUNK_LOGS_INDEX
+          value: {{ .Values.splunk.logs_index | default "jfrog_splunk" }}
+        - name: SPLUNK_METRICS_INDEX
+          value: {{ .Values.splunk.metrics_index | default "jfrog_splunk_metrics" }}
         - name: SPLUNK_INSECURE_SSL
           value: {{ .Values.splunk.insecure_ssl | quote}}
         - name: SPLUNK_VERIFY_SSL
@@ -62,6 +66,8 @@ splunk:
   port: SPLUNK_HEC_PORT
   logs_token: SPLUNK_HEC_TOKEN
   metrics_token: SPLUNK_METRICS_HEC_TOKEN
+  logs_index: SPLUNK_LOGS_INDEX
+  metrics_index: SPLUNK_METRICS_INDEX
   com_protocol: SPLUNK_COM_PROTOCOL
   insecure_ssl: SPLUNK_INSECURE_SSL
   verify_ssl: SPLUNK_VERIFY_SSL

helm/jfrog_helm.env

@@ -3,6 +3,8 @@ export SPLUNK_HEC_HOST=splunk.example.com
 export SPLUNK_HEC_PORT=8088
 export SPLUNK_HEC_TOKEN=SPLUNK_HEC_TOKEN
 export SPLUNK_METRICS_HEC_TOKEN=SPLUNK_METRICS_HEC_TOKEN
+export SPLUNK_LOGS_INDEX=jfrog_splunk
+export SPLUNK_METRICS_INDEX=jfrog_splunk_metrics
 export SPLUNK_INSECURE_SSL=false
 export SPLUNK_VERIFY_SSL=true
 export SPLUNK_COMPRESS_DATA=true

helm/xray-values.yaml

@@ -50,6 +50,10 @@ common:
           value: {{ .Values.splunk.metrics_token }}
         - name: SPLUNK_HEC_TOKEN
           value: {{ .Values.splunk.logs_token }}
+        - name: SPLUNK_LOGS_INDEX
+          value: {{ .Values.splunk.logs_index | default "jfrog_splunk" }}
+        - name: SPLUNK_METRICS_INDEX
+          value: {{ .Values.splunk.metrics_index | default "jfrog_splunk_metrics" }}
         - name: SPLUNK_INSECURE_SSL
           value: {{ .Values.splunk.insecure_ssl | quote}}
         - name: SPLUNK_VERIFY_SSL
@@ -63,6 +67,8 @@ splunk:
   port: SPLUNK_HEC_PORT
   logs_token: SPLUNK_HEC_TOKEN
   metrics_token: SPLUNK_METRICS_HEC_TOKEN
+  logs_index: SPLUNK_LOGS_INDEX
+  metrics_index: SPLUNK_METRICS_INDEX
   com_protocol: SPLUNK_COM_PROTOCOL
   insecure_ssl: SPLUNK_INSECURE_SSL
   verify_ssl: SPLUNK_VERIFY_SSL