Skip to main content

Search

How to deploy the Splunk Add-on and App.

  • Updated

Note: This release of the Canary Splunk Addon and App can be obtained from the links below. 

Any unexpected behaviour or issues can also be reported to our support.

Your Canary Console can integrate with Splunk easily. In this article, we'll walk you through installing the integration.

Follow the steps below to install both the App and the Technology Add-on (TA). As a pre-requisite, you'll need an API key and your Console's hostname.

Optional: If you would like to adjust the default index, click here to jump to the steps required.

Where do I install the add-on and app?:

The add-on is independent from the app and is responsible for the logic as well as data collection from your Console, this is generally installed on your heavy forwarder with internet access. (direct or via a proxy server.) where it will collecting and forward data to your indexer tier.

The app is used for monitoring and provides a dashboard built from search macro's. The app is dependant on the add-on and both will need to be installed on your search head tier.

Note: Splunk 8.0.0 and higher are required for the new Canary integration.

Step 1: Log in to your Splunk console

Head over to the "Find More Apps" menu.

mceclip0.png

Step 2: Installing the Canary add-on and App

Search for the Thinkst Canary App and Thinkst Canary Add-on.

mceclip3.png

Step 3: Configuring the Add-on.

Once uploaded we can head over to the Add-on configuration.

Untitled-8.png

Here we can configure the add-on to fetch data from your Console.

Select the Configuration tab, then the Add button.

Untitled-7.png 

A window will now display where you can enter the details of your Canary Console.

Account Name: Enter an identifier for your Console which we will later use to reference the connection.

Console Name: Enter your Console's domain hash.

API Key: Insert your Console's API key.

Note: Your Console's domain hash and API key can be found in your Console's global settings. Further reading on where to locate the details can be found here.

Once complete click the "Add" button.

Untitled-6.png

Step 4: Enabling data inputs.

Head over to the Inputs tab, here we'll enable the inputs and edit each one to make use of the Console connection. 

Untitled-5.png

Select each input and edit the Index if necessary then select the account name that we created previously.

Untitled-4.png

Note: Remember to do this for each data input to ensure you are collecting all data.

Once complete enable each input to start collecting data.

Untitled-3.png

Step 5: Viewing Data

Finally, to start browsing data, select the Apps drop-down menu then select the Canary app to view the dashboard.

Untitled-8.png

mceclip0.png

Note: It may take some time to populate data into the dashboard, and perform the initial sync. If you don't have any data after a couple of hours, contact our support team support@canary.tools for assistance.

You're done! ;-)

Optional: Adjusting the default index.

Head over to the addon's input page one more.

The index column indicates the current index data will be inserted into.

Select the pencil icon of the input you'd like to modify the index of.

Step 1: Update inputs.

mceclip1.png

Insert your preferred index then click the Update button when done.

mceclip2.png

Repeat the change for the other index you'd like adjusted.

mceclip3.png

Step 2: Updating the Search Macro.

Click on the settings drop-down menu then Advanced search.

mceclip4.png

Click on Search Macro's

mceclip6.png

Click on the canarytools_index entry.

mceclip7.png

Update the Definition entry with your preferred index, then click Save when complete.

mceclip8.png

You're done! ;-)

Was this article helpful?
3 out of 3 found this helpful
Return to top