Splunk MINT Add-on (Legacy)

Splunk MINT Add-on User Guide

Acrobat logo Download manual as PDF


Splunk MINT is no longer available for purchase as of January 29, 2021. Customers who have already been paying to ingest and process MINT data in Splunk Enterprise will continue to receive support until December 31, 2021, which is End of Life for all MINT products: App, Web Service (Management Console), SDK and Add-On.
This documentation does not apply to the most recent version of Splunk MINT Add-on (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Install and configure the Splunk MINT Add-on

Deployment

You can install the Splunk MINT Add-on in different deployments:

  • Standalone deployment is a deployment of Splunk Enterprise on a single computer, which handles all Splunk functionality. Use this configuration for evaluation purposes, or for small-scale production.
  • Distributed deployment spreads different components of Splunk Enterprise functionality across multiple computers. A typical deployment consists of a search head on one server, with multiple indexers and heavy forwarders on other servers. For MINT, the scale of the configuration depends on the number of monthly active users you have, along with how your organization uses Splunk.
  • Splunk Cloud delivers the features of Splunk Enterprise as a cloud-based service. To install the Splunk MINT Add-on in your Splunk Cloud instance, contact Splunk Support.


For more about deploying apps and add-ons, see App deployment overview in the Admin Manual. For more about distributed deployment, see the Distributed Deployment Manual. For more about Splunk Cloud, see the Splunk Cloud User Manual.

Components of Splunk MINT

Splunk MINT on Splunk Enterprise includes the Splunk MINT Add-on and optionally the Splunk MINT App.

Component

Description

Standalone

Distributed

Search head Indexer Forwarder
Splunk MINT App Provides dashboards, saved reports, and search functionality allowing you to view data for all of your MINT app projects.
Splunk MINT Add-on Includes a custom modular input as well as index-time and search-time settings required to handle MINT data on forwarders, indexers and search heads. Does not contain any dashboards or reports, nor does it have a user interface.
Splunk MINT Modular Input Defines a modular input for receiving MINT data from the Splunk MINT Data Collector.
Splunk MINT Modular Input is included in the Splunk MINT Add-on. 		Enable Enable

Before you install the Splunk MINT Add-on

Enable HTTPS traffic

Before you install the Splunk MINT Add-on, ensure the firewalls on the search heads and on heavy forwarders allow outgoing HTTPS traffic (TCP:443). If you have a standalone deployment, the single instance of Splunk Enterprise acts as both a search head and forwarder.

Splunk MINT uses client SSL authentication to connect to the MINT Cloud services. The following URLs are used for sending data:

  • MINT Cloud: data.cds.splkmobile.com
  • MINT Authentication Server: cdsauth.splkmobile.com and auth.cds.splkmobile.com
  • MINT Symbolicator: ios.splkmobile.com

The search heads must be able to connect to the MINT URLs to set up the Splunk MINT App and symbolicate iOS errors. Ensure the following IP addresses are whitelisted so that the MINT Cloud Data Collector authentication endpoint can be reached:

  • 54.193.6.245
  • 54.183.222.143
  • 54.183.222.136
  • 54.153.51.51
  • 52.8.207.32
  • 52.8.207.109
  • 208.78.105.194 through 208.78.105.202

The computers that run the Splunk MINT Add-on (typically heavy forwarders) must be able to make outbound connections to fetch data.

Enable proxy support

If you want to use a proxy server as an alternative to enabling HTTPS traffic:

  • Enable proxy server support by ensuring that your proxy server supports the CONNECT feature over port 443.
  • After you install the Splunk MINT Add-on, specify the proxy address (see Specify a proxy address below).

Install the Splunk MINT Add-on

In a standalone deployment, install the Splunk MINT Add-on on your single instance of Splunk Enterprise.

In a distributed deployment, install the Splunk MINT Add-on on each indexer and on each heavy forwarder. The Splunk MINT Add-on does not support light or universal forwarders because the add-on requires Python.

Important The Splunk MINT Add-on creates a "mint" index. You can customize the index in $SPLUNKHOME/etc/apps/Splunk_TA_mint/local/indexes.conf, including setting unique retention requirements and sizing configurations as needed, before deploying the add-on.


To install the Splunk MINT Add-on using Splunk Web

  1. Download the Splunk MINT Add-on package.
  2. Click the Manage Apps con next to Apps.
  3. On the Apps page, click Install app from file.
  4. Click Choose File, navigate to and select the package file for the Splunk MINT Add-on, then click Open.
  5. Click Upload.


To install the Splunk MINT Add-on from the command line

  1. Download the Splunk MINT Add-on package.
  2. At the command line, enter:
splunk install app <path/packagename>


To install the Splunk MINT Add-on by copying files

  1. Download the Splunk MINT Add-on package.
  2. Unpack the package file, then copy the /Splunk_TA_mint directory to $SPLUNK_HOME/etc/apps.


To install the Splunk MINT Add-on in Splunk Cloud

Contact Splunk Support to install the MINT Add-on in your Splunk Cloud installation:

Set the MINT Data Collector token in the MINT Add-on

On each forwarder on which you have installed the MINT Add-on, or on the single instance of Splunk Enterprise in a standalone deployment, you must configure the MINT Add-on with your MINT Data Collector token.

Get your MINT Data Collector token

  1. Log in to MINT Management Console.
  2. Click Account > Account Info, and then click Usage.
  3. Under MINT Data Collector token, click Generate Token if a token has not yet been generated.
  4. Copy the token string.

Configure each forwarder running the MINT Add-on

  1. Restart Splunk Enterprise if you have not already done so after installing the MINT Add-on.
  2. In Splunk Web, go to Settings > Data inputs, then click Splunk MINT Data Collector. Or, navigate directly to http://<localhost>:<port>/en-US/manager/launcher/data/inputs/mi_cds.
  3. Under Input Name, click default.
  4. In MINT Data Collector Token, paste the token string you copied above.
  5. Optionally, specify a proxy server in HTTPS Proxy Address.
  6. Click Save.
  7. For the default input under Status, click Enable to begin pulling data from the MINT Data Collector.


You can verify that data is being collected by running a search, for example:

index=_internal source=*mint.log

Upgrade the Splunk MINT Add-on

You cannot upgrade from an earlier version of the MINT Add-on to version 2.2.0. You must perform a clean installation as follows:

  1. On computers running the MINT Add-on 2.1.0 or earlier, remove the $SPLUNK_HOME/etc/apps/Splunk_TA_mint directory.
  2. Restart Splunk Enterprise.
  3. Install the Splunk MINT Add-on.
  4. Set the MINT Data Collector token in the MINT Add-on.

Specify a proxy address

If you are using a proxy address, specify it on all of the indexers and forwarders that are running the MINT Add-on.

Note On your forwarders, you can specify a proxy address at the same time you set the MINT Data Collector token.
  1. On each indexer running the MINT Add-on, create a /local directory under $SPLUNK_HOME/etc/apps/Splunk_TA_mint/.
  2. In a text editor, create a text file with a [mi_cds://default] stanza that contains a https_proxy attribute with the full URL of your proxy server. Do not use quotes around the URL string. For example:
    3. [mi_cds://default]
https_proxy = https://localhost:8888
  3. Save your file as inputs.conf under $SPLUNK_HOME/etc/apps/Splunk_TA_mint/local/.
  4. Restart Splunk Enterprise.

Change the MINT Data Collector token

You can change your MINT Data Collector if you need to, and then you'll also need to set or update the token in the MINT Add-on (and the MINT App, if you are using it).


Generate a new MINT Data Collector token

  1. Log in to MINT Management Console.
  2. Click Account > Account Info, and then click Usage.
  3. Under MINT Data Collector token, click Remove Token, and then click Generate Token.
  4. Copy the token string.


Update the token in the MINT Add-on

On each forwarder running the MINT Add-on, or on the single instance of Splunk Enterprise in a standalone deployment:

  1. Delete the entire $SPLUNK_HOME/etc/apps/Splunk_TA_mint/auth directory.
  2. Delete the $SPLUNK_HOME/etc/apps/Splunk_TA_mint/local/inputs.conf configuration file.
  3. Restart Splunk Enterprise.
  4. In Splunk Web, go to Settings > Data inputs.
  5. Click Splunk MINT Data Collector.
  6. Under Input Name, click default.
  7. In MINT Data Collector Token, paste the token string you copied above.
  8. Optionally, specify a proxy server in HTTPS Proxy Address.
  9. Click Save.
  10. For the default input under Status, click Enable to begin pulling data from the MINT Data Collector.


Update the token in the MINT App

If you're using the MINT App, update the MINT Data Collector to use iOS symbolication.

  1. On the computer running the MINT App, in a text editor open $SPLUNK_HOME/etc/apps/splunk_app_mint/local/symbolicator.conf and set the authentication_key property to your MINT Data Collector token:
    2. [settings]
authentication_key = your_token_string
  2. Save your changes and restart Splunk Enterprise.
Last modified on 01 March, 2017
PREVIOUS
Requirements 		  NEXT
What's new

This documentation applies to the following versions of Splunk MINT Add-on (Legacy): 2.2.0

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters