Splunk® Supported Add-ons

Splunk Add-on for NGINX

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure NGINX status API input

NGINX Plus provides a real-time live activity monitoring interface that shows key load and performance metrics of your server infrastructure. These metrics are represented as a RESTful JSON interface and this live data can be ingested into Splunk as NGINX Status API input.

Configure NGINX Status API input through Splunk Web.

  1. Identify whether your NGINX deployment uses encrypted or unencrypted communication. See the Switch between encrypted and unencrypted communication section of this topic for more information.
  2. Log in to Splunk Web.
  3. Select Settings > Data inputs > Splunk Add-on for NGINX.
  4. Click New.
  5. On the NGINX Status API Input page, enter the following fields:
    • Name: A unique name that identifies the NGINX Status API input
    • Log level: One of these log levels (with decreasing verbosity): debug, info, warning, error
    • NGINX URL: Location of the NGINX status JSON REST interface. For example, 127.0.0.1/api
    • NGINX API Types: Enter comma-separated Nginx Plus Types for which data needs to be fetched.
      Allowed values are processes, connections, slabs, http, stream, resolvers, ssl
    • NGINX Username (Optional) Add the NGINX username you use to access the NGINX status JSON REST interface.
    • NGINX Password (Optional) Add the NGINX password you use to access the NGINX status JSON REST interface.
  6. Optionally, select More settings and modify the detailed settings field values as needed.
  7. Click Next.
  8. Click Review.
  9. After you review the information, click Submit.

Switch between encrypted and unencrypted communication

Switch between encrypted and unencrypted communication. By default, all the communications from the Splunk Add-on for NGINX to your NGINX servers are encrypted via HTTPS with SSL certificate validation enabled. If your NGINX server is configured with HTTPS and a valid CA signed certificate, then communications with your NGINX server work with the default configurations.

Configure the Splunk Add-on for NGINX to use a self-signed certificate

If your NGNIX server is configured with HTTPS using a self-signed certificate, follow the below steps.

  1. Download the CA certificate of the NGINX server in PEM format.
  2. Move the CA certificate to the $SPLUNK_HOME/etc/apps/Splunk_TA_nginx/local directory.
  3. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_ngnix/default/.
  4. Copy splunk_ta_nginx_settings.conf and paste in your deployment's $SPLUNK_HOME/etc/apps/Splunk_TA_nginx/local folder.
  5. In $SPLUNK_HOME/etc/apps/Splunk_TA_nginx/local, open splunk_ta_nginx_settings.conf, and enter the path of the CA certificate file (including the file name) under the ssl_settings stanza.
  6. Save your changes.
  7. Restart the Splunk platform.

Switch from HTTPS to HTTP communications

Switch from HTTPS to HTTP communications when your NGINX server is configured with HTTP communications.

  1. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_nginx/local/, and open splunk_ta_nginx_settings.conf in a text editor.
  2. Under the ssl_settings stanza, change the value of the http_scheme field from HTTPS to HTTP.
  3. Save your changes.
  4. Restart your Splunk platform instance.

Validate data collection

After you configure monitoring, run one of the following searches to check that you are ingesting the data that you expect.

sourcetype=nginx:plus:api

Last modified on 19 December, 2023
PREVIOUS
Configure monitor inputs for the Splunk Add-on for NGINX 		  NEXT
Troubleshoot the Splunk Add-on for NGINX

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters