Splunk MINT

Splunk MINT Overview

Download manual as PDF

Download topic as PDF

About Splunk MINT data collection

The Splunk MINT SDKs collect data from mobile apps and then send that data to Splunk Enterprise by using the MINT Data Collector or the HTTP Event Collector:

MINT Data Collector
The MINT Data Collector is a cloud service that is operated by Splunk. The MINT Data Collector forwards mobile app data to Splunk MINT Management Console and Splunk Enterprise, then deletes the raw data. The MINT Management Console stores aggregated summaries about the performance of mobile apps for 7 days, and crash reports for 90 days. For more, see How do I use MINT Data Collector?.
HTTP Event Collector (HEC)
HEC enables you to send data over HTTP or HTTPS directly to Splunk Enterprise 6.4 and later from your mobile apps. When using HEC to send data to MINT, mobile app data does not appear in MINT Management Console or the Splunk MINT App. However, you can use the End User Experience Monitoring (EUEM) module for Splunk IT Service Intelligence (ITSI).
Note  iOS crash reports are not symbolicated when you use HEC to send data to MINT.
For more, see How do I use HTTP Event Collector with MINT?.

How does the MINT Data Collector work?

The MINT Data Collector relies on a single-tenant service that is hosted in Amazon Web Services (AWS). Every customer has a dedicated environment that is provisioned to meet the strictest enterprise security requirements. Dedicated environments ensure that data is never mixed with data from another customers, assuring that access to data is strictly limited to provisioned users.

The MINT Data Collector uses highly secure, state-of-the-art technologies that are used by many telecommunication and MNO providers. The lack of traditional web technology makes the MINT Data Collector less prone to common security attacks such as SQL injections.

Splunk MINT is designed to scale such that one customer’s behavior has no impact on other customers, which is essential to enterprises using MINT as a mission-critical service.

How do I use MINT Data Collector?

To send data from mobile apps to MINT Management Console and Splunk Enterprise using the MINT Data Collector:

  1. Create projects for your mobile apps in Splunk MINT Management Console.
  2. Log in to Splunk MINT Management Console and create a project for one variation of your mobile app (a platform and release stage, such as Android/Testing, or iOS/Release). You'll get an API key and a line of code to add for that particular platform—copy it to your clipboard:

    MINTExpress apikey.png

  3. Integrate MINT into your mobile apps.
  4. Paste the line of code that contains your API key into your mobile app code to integrate MINT:

    Repeat steps 1-2 for each of the mobile apps you want to monitor, creating one project for each platform/release stage combination.

  5. Verify that MINT Management Console is displaying data from your mobile apps.
  6. When you start using your mobile apps, they will begin to send data to the Splunk MINT Data Collector. Go back to MINT Management Console and open your mobile app projects. You'll start to see data appear in your dashboards in minutes.

  7. View data in Splunk Enterprise.
  8. To get your MINT data into Splunk Enterprise, install the MINT Add-on on your indexers and forwarders. You'll also need to set up a MINT Data Collector token. For details, see Install the Splunk MINT Add-on and Set the MINT Data Collector token in the MINT Add-on in the Splunk MINT Add-on User Guide.

    Once your MINT data is indexed in Splunk Enterprise, you can view your data in different ways:

    • Run searches directly in Splunk Enterprise using the Search & Reporting app.
    • Use the Splunk MINT App, which provides a data model and a set of dashboards that display network performance, location, transactions, and usage. For details, see About the Splunk MINT App in the Splunk MINT App User Guide.
    • Use the End User Experience Monitoring (EUEM) module for Splunk IT Service Intelligence (ITSI), which monitors metrics related to the end-user experience and correlates end-user performance issues such as page load time, page rendering time, error rates, and AJAX latency. For details, see About the End User Experience Monitoring Module in the Splunk IT Service Intelligence Modules manual.

How do I use HTTP Event Collector with MINT?

The HTTP Event Collector (HEC) is a fast way to send data directly from your mobile apps to Splunk Enterprise.

Splunk Enterprise 6.4 or later is required to use HEC with MINT.

Note Because HEC does not use MINT cloud services such as the MINT Symbolicator, iOS crash reports from HEC will not be symbolicated in Splunk Enterprise (memory addresses will not be replaced with human-readable function names or line numbers). However, crash reporting is built into Xcode if you want to use a crash reporting feature.

To send data from mobile apps to Splunk Enterprise using HEC:

1. Get a HEC token

  1. In Splunk Web, go to Settings > Data inputs.
  2. Under Local Inputs, click HTTP Event Collector.
  3. If a warning icon is displayed next to Global Settings, you must enable tokens: click Global Settings, click Enabled for All Tokens, then click Save.
    • By default, HEC uses HTTPS. To disable this, uncheck Enable SSL in the Global Settings view.
    • The default HEC port is 8088. To modify this, change the HTTP Port Number field in the Global Settings view.
  4. Click New Token, and follow the Add Data wizard:
    • Enter a name, and then click Next.
    • For Source type, select Automatic.
    • For Index, select the "mint" index.
    • If "mint" is not listed, create the index: click Create a new index, enter "mint" for Index Name, then click Save.

    • Click Review to review your settings, then click Submit.
  5. Copy the Token Value, which is your HEC token.

2. Integrate MINT into your mobile apps

For each platform your app runs on, download the corresponding Splunk MINT SDK or plugin:

Initialize the SDK in your mobile app projects using the HEC token you created above, and the HEC URL for the MINT endpoint. This URL takes the form "https://host:mPort/services/collector/mint", where host is the hostname of your Splunk Enterprise instance, and mPort is the port you defined in the Global Settings of the HTTP Event Collector data input, such as "8088". For more, see the services/collector/mint endpoint in the REST API Reference Manual.

3. View MINT data in Splunk Enterprise

Once your MINT data is indexed in Splunk Enterprise, you can view your data in different ways:

  • Run searches directly in Splunk Enterprise using the Search & Reporting app.
  • Use the End User Experience Monitoring (EUEM) module for Splunk IT Service Intelligence (ITSI), which monitors metrics related to the end-user experience and correlates end-user performance issues such as page load time, page rendering time, error rates, and AJAX latency. This module requires the Splunk MINT Add-on. For details, see About the Splunk MINT Add-on in the Splunk MINT Add-on User Guide manual, and About the End User Experience Monitoring Module in the Splunk IT Service Intelligence Modules manual.

For more about using the HTTP Event Collector, see Introduction to Splunk HTTP Event Collector on the Splunk Developer Portal.

Data security

Splunk MINT SDKs and service implementations use strong TLS configurations to protect data in transit. 2048-bit SSL connections are used between mobile apps and the MINT Data Collector.

All hosting providers used to support Splunk MINT are regularly certified by auditors for facility security.

List of data fields

By default, the MINT Data Collector collects the following data from mobile devices.

Note  To disable the collection of data for a particular user, set the Mint.setUserOptOut method to "true". For details, see "Do not report data" in the Splunk MINT SDK for Android Developer Guide and the Splunk MINT SDK for iOS Developer Guide.
Field name Data model
display name
Description
activeMemory -- The amount of active memory, in MB. (iOS only.)
apiKey -- Your API key.
appEnvironment Application Environment Application environment ("Release", "Staging", "UserAcceptanceTesting", "Testing", "Development", or a custom string).
appRunningState -- App running state (Foreground or Background).
appVersionCode Version Code The app version code.
appVersionName App Version The app version name.
architecture -- The device architecture (iOS).
batteryLevel -- The device battery level (0 - 100).
breadcrumbs -- Breadcrumb information as an array.
buildUuid -- Build UUID (iOS).
carrier Carrier The mobile carrier.
className -- The class name. (iOS only.)
connection Connection Type The type of connection (such as "WiFi" or "UMTA").
current Current The name of the current view.
currentView Current View The current view
device Device The mobile device type.
domain Domain The domain name.
domainLookupTime Domain Lookup Time Time, in seconds.
domProcessingTime DOM Processing Time Time, in seconds.
elapsedTime Elapsed Time The time between two views, in milliseconds.

The elapsed time of a timer, in nanoseconds.
The elapsed time between starting and stopping the method trace, in nanoseconds.

errorHash errorHash The error hash, which MINT creates for grouping errors.
event_name Event Name The event name.
exception Network Exception The contents of the HTTP exception that occurred.
extraData -- Extra data information as key-value pairs.
failed Failed Whether the request failed.
failureErrorID Failure Error ID The error ID.
freeMemory -- The amount of free memory, in MB. (iOS only.)
fsEncrypted -- For Android ping events (true, false, NA).
gpsAcc -- The GPS accuracy (in meters). The default is -1.
gpsLat -- The GPS latitude. The default is 0.
gpsLng -- The GPS longitude. The default is 0.
gpsStatus -- Device GPS status (on or off).
handled Handled Whether the error was handled.
hashcode -- The hashcode of the HTTP connection object, allowing you to differentiate between multiple connections to the same address.
host View Source The string of the host, or "NA".
httpMethod -- The HTTP method (GET, PUT, POST, or NA).
imageBaseAddress -- The image base address.
inactiveMemory -- The amount of inactive memory, in MB. (iOS only.)
klass Exception Class The class of the exception.
latency Latency The network service latency.
level Level The log level of the event: "V" (Verbose), "D" (Debug), "I" (Info), "N" (Notice), "W" (Warning), "E" (Error), "C" (Critical), "A" (Alert), "E!" (Emergency).

For Android, the trim level constant or "NA", indicating the amount of trimming to perform. For possible values, see ComponentCallbacks2 constants on the Android Developers website.

levelLast -- The trim level constant or "NA", indicating the last trim level. For possible values, see ComponentCallbacks2 constants on the Android Developers website.
loadTime Load Time The time it took for a view to load.
locale Locale The device's locale.
location -- The device location with values for latitude, longitude, and timestamp.
log -- Console log report of unhandled exceptions, or NA if this feature has been disabled.

To enable this feature, set enableLogging to true.

log_name -- The log name (Android).
memAppAvailable Available Memory (MB) The number of bytes currently available on the heap without expanding the heap.
memAppMax Max Memory (MB) The maximum number of bytes the heap can expand to.
memAppTotal Used Memory (MB) The number of bytes taken by the heap at its current size.
memSysAvailable -- Available system memory in MB (iOS).
memSysLow -- Whether system memory is low (true or false).
memSysThreshold -- The system memory threshold, in MB.
memSysTotal System Memory (MB) The total system memory, in MB.
message Error Message The error message.
method -- The traced method.
msFromStart Time until crash The time between starting the app and the exception, in milliseconds.
osVersion OS Version The version of the device operating system.
packageName Package The package or binary name of the app.
platform Platform The app platform ("Android", "iOS" or "WP").
previous Previous The name of the previous view.
protocol -- The network protocol (HTTP, HTTPS, or FILE).
purgableMemory -- The amount of purgable memory, in MB. (iOS only.)
reason Stop Reason The reason for stopping the transaction.
remoteIP Remote IP The remote IP address.
remoteIP_City City The remote IP city.
remoteIP_Country Country The remote IP country.
remoteIP_lat Latitude The remote IP latitude.
remoteIP_lon Longtitude The remote IP longitude.
remoteIP_Region Region The remote IP region.
requestLength Request Length (bytes) The length of the request, in bytes.
responseLength Response Length The length of the response, in bytes.
rooted -- Rooted (true or false).
screenOrientation -- The screen orientation (Portrait, UpsideDown, LandscapeLeft, LandscapeRight).
sdkVersion -- The MINT SDK version.
serverTime Server Time Time, in seconds.
ses_duration Session Duration The session duration, in milliseconds.
session_id Session Id The session ID.
signature -- The signature of the intercepted network API method (for example, int HttpUtlConnection.getResponseCode()).
stacktrace -- The error stack trace.
state Network State The connection state (such as "Connecting" or "Connected").
status Transaction Status The transaction status (SUCCESS, FAIL, or CANCEL).
statusCode HTTP Status Code The HTTP response status code.
threadCrashed -- The index of the item that crashed (0 for Android).
threadID -- The thread ID.
timerName -- The name of a timed activity.
totalMemory -- The total memory, in MB. (iOS only.)
tr_duration Transaction Duration The duration of the transaction, in milliseconds.
tr_name Transaction Name The transaction name.
transaction_id Transaction Id The transaction ID.
transactions Transactions An array of names of active transactions.
url URL The request URL.
usedMemory -- The amount of used memory, in MB. (iOS only.)
userIdentifier User Identifier The user identifier set by the developer.
uuid App User ID A unique user identifier.
where Error Origin The origin where the error occurred.
wiredMemory -- The amount of wired memory, in MB. (iOS only.)
PREVIOUS
About Splunk MINT
  NEXT
MINT Documentation

This documentation applies to the following versions of Splunk MINT: 1.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters