Splunk integration example

Using the Agile Service Manager custom tool functionality, you can create a custom tool integration with Splunk. The example in this topic lets you search a Splunk repository via the custom (right-click) menu of a resource in the topology viewer.

Splunk custom tool: 'Search' queries

Tip: You must have Splunk Enterprise and Splunk Forwarder installed before you can define a custom tool. The tool sample provided was tested with Splunk Version 8.1.0. See the Splunk website for more information.

The following sample code creates a custom (right-click) tool that lets you use the properties of the resource from which you launch the tool to search a specific Splunk repository.

This specific tool searches Splunk for logs matching the name of an Agile Service Manager resource. This lets you find out whether Splunk has registered any log information about the resource from which you are launching the tool.

To customize this sample code, change the values for the following properties:

splunkUrl: The base URL of your Splunk instance
splunkRepository: The repository you want to search
searchValue: The dynamically created searchTerm used in Splunk

Note: You can use any Agile Service Manager properties associated with the resource to create your tool.

You can also define the tool's response when its search is unsuccessful.

Sample code:

// Set the Splunk instance url
var splunkUrl = 'host:port';
// This will store the value that you wish to search in Splunk
var searchValue = '';
// This will search results for defined period
//    0 = all time
// -15m = last 15 mins
// -24h = last 24 hours
//  -7d = last 7 days
var searchEarliest = "0";
// This flag is set if you find a valid search value
var foundValidSearchValue = false;
if (asmProperties && asmProperties.name) {
    searchValue = "\"" + asmProperties.name + "\"";
    foundValidSearchValue = true;
} else {
    var status = 'critical';
    var message = 'Unable to find name property for Splunk search request';
    asmFunctions.showToasterMessage(status, message);
}
// DO NOT MODIFY THE LINES BELOW
if (foundValidSearchValue) {
	var searchLatest = '';
	if(searchEarliest!="0") {
		searchLatest="now"
	}
    var encodedSearchValue = encodeURI(searchValue);
    var searchQuery = '/en-US/app/search/search?q=search%20index%3D*%20'+encodedSearchValue+"&earliest="+searchEarliest+"&latest="+searchLatest;
	window.open(splunkUrl+searchQuery);
}