Install and configure the Splunk MINT App
Deployment
You can install Splunk MINT in different ways:
- Standalone deployment is a deployment of Splunk Enterprise on a single computer, which handles all Splunk functionality. Use this configuration for evaluation purposes, or for small-scale production.
- Distributed deployment spreads different components of Splunk Enterprise functionality across multiple computers. A typical deployment consists of a search head on one server, with multiple indexers and heavy or light forwarders on other servers. For MINT, the scale of the configuration depends on the number of monthly active users you have, along with how your organization uses Splunk.
- Splunk Cloud delivers the features of Splunk Enterprise as a cloud-based service. To install the Splunk MINT App in your Splunk Cloud instance, contact your sales representative.
- Note Splunk MINT does not fully support search head clusters, but the Splunk MINT App can work in a search head clustering environment.
For more about deploying apps, see App deployment overview in the Admin Manual. For more about distributed deployment, see the Distributed Deployment Manual. For more about Splunk Cloud, see the Splunk Cloud User Manual.
Components of the Splunk MINT App
The Splunk MINT App on Splunk Enterprise includes the following components.
Component |
Description |
Standalone |
Distributed | ||
Search head | Indexer | Forwarder | |||
Splunk MINT App | Provides dashboards, saved reports, and search functionality allowing you to view data for all of your MINT app projects. | ✓ | ✓ | ||
Splunk MINT Add-on | Includes a custom modular input as well as index-time and search-time settings required to handle MINT data on forwarders, indexers and search heads. Does not contain any dashboards or reports, nor does it have a user interface. Splunk MINT Add-on is included in the Splunk MINT App package. |
✓ * | ✓ * | ✓ | ✓ |
Splunk MINT Modular Input | Defines a modular input for receiving MINT data from the Splunk MINT Data Collector. Splunk MINT Modular Input is included in the Splunk MINT Add-on. |
Enable | – | – | Enable |
* The add-on does not require installation because it is included with the app.
Before you install the Splunk MINT App
Enable HTTPS traffic
Before you install the Splunk MINT App, ensure the firewalls on the search heads and on heavy/light forwarders allow outgoing HTTPS traffic (TCP:443). If you have a standalone deployment, the single instance of Splunk Enterprise acts as both a search head and forwarder.
Splunk MINT uses client SSL authentication to connect to the MINT Cloud services. The following URLs are used for sending data:
- MINT Cloud: data.cds.splkmobile.com
- MINT Authentication Server: cdsauth.splkmobile.com and auth.cds.splkmobile.com
- MINT Symbolicator: ios.splkmobile.com
The search heads must be able to connect to the MINT URLs to set up the Splunk MINT App and symbolicate iOS errors. Ensure the following IP addresses are whitelisted so that the MINT Cloud Data Collector authentication endpoint can be reached:
- 54.193.6.245
- 54.183.222.143
- 54.183.222.136
- 54.153.51.51
- 52.8.207.32
- 52.8.207.109
- 208.78.105.194 through 208.78.105.202
The computers that run the Splunk MINT Add-on (typically heavy/light forwarders) must be able to make outbound connections to fetch data.
Enable proxy support
If you want to use a proxy server as an alternative to enabling HTTPS traffic:
- Enable proxy server support by ensuring that your proxy server supports the CONNECT feature over port 443.
- After you install the Splunk MINT App, specify the proxy address for the Splunk MINT App and the Splunk MINT Add-on. For details, see the installation instructions below.
Assign MINT roles
Before you install the Splunk MINT App, make sure you are assigned to the mint_admin role. For more, see MINT user roles.
Install and configure the Splunk MINT App (standalone deployment)
In a standalone deployment, you need to install and configure the Splunk MINT App on your single instance of Splunk Enterprise.
To install the Splunk MINT App using Splunk Web
- Download the Splunk MINT App package, which is a .tgz file.
- Log into Splunk Web.
- Click the icon next to Apps.
- On the Apps page, click Install app from file.
- Click Choose File, navigate to and select the Splunk MINT App package file, then click Open.
- Click Upload.
To install the Splunk MINT App from the command line
- Download the Splunk MINT App package, which is a .tgz file.
- At the command line, enter:
splunk install app <path/packagename.tgz>
Alternatively, unpack the file and then copy the /splunk_app_mint directory to $SPLUNK_HOME/etc/apps.
Note Ensure that the /splunk_app_mint directory and its files have proper permissions and ownership so that Splunk Enterprise can read and write to them.
To specify a proxy address (standalone deployment)
If you want to use a proxy with Splunk MINT, after you install the app but before you start and configure it, you must create configuration files with the proxy address for the Splunk MINT App and the Splunk MINT Add-on.
To specify the proxy address for the Splunk MINT App:
- Create a /local directory under $SPLUNK_HOME/etc/apps/splunk_app_mint/.
- In a text editor, create a text file with a
[proxy]
stanza that contains ahttps_proxy
attribute with the full URL of your proxy server. Do not use quotes around the URL string. For example: - Save your file as ssl.conf under $SPLUNK_HOME/etc/apps/splunk_app_mint/local/.
[proxy] https_proxy = https://localhost:8888
To specify the proxy address for the Splunk MINT Add-on:
- Create a /local directory under $SPLUNK_HOME/etc/apps/Splunk_TA_mint/.
- In a text editor, create a text file with a
[mi_cds://default]
stanza that contains ahttps_proxy
attribute with the full URL of your proxy server. Do not use quotes around the URL string. For example: - Save your file as inputs.conf under $SPLUNK_HOME/etc/apps/splunk_app_mint/local/.
- Restart Splunk Enterprise.
[mi_cds://default] https_proxy = https://localhost:8888
To configure the Splunk MINT App (standalone deployment)
After you have installed the Splunk MINT App, you are ready to configure it. A configuration wizard runs the first time you start the app to connect to the Splunk MINT Data Collector with your MINT license, which is provided to you in a Welcome email when you sign up for Splunk MINT.
The wizard also does the following:
- Enables the MINT modular data input to retrieve the data from your MINT mobile app projects.
- Enables data model acceleration for the MINT data model to improve the performance of the app.
After enabling these settings, your mobile app data will start coming in and populate the data model.
- Notes
- You must wait for the data model acceleration process to complete before you can start using the app.
- Do not disable the MINT modular input or data model acceleration settings. They are required for the app to function properly.
The Splunk MINT App configuration wizard starts the first time you run the Splunk MINT App:
- On the Splunk Home page under Apps, click Splunk MINT to run the app.
- Add your MINT license to Splunk Enterprise if you have not done so already, then click Next.
- Click Standalone, then click Next.
- Wait for MINT to enable modular inputs and find your MINT data, then click Next.
- Wait for MINT to accelerate your data (this process might take a few minutes depending on your data volume), then click Done.
Install and configure the Splunk MINT App (distributed deployment)
In a distributed deployment:
- Install the Splunk MINT App on the search head.
- Optionally, specify a proxy address for the Splunk MINT App.
- Install the Splunk MINT Add-on on each indexer and on each heavy/light forwarder.
- Configure the Splunk MINT App on the search head and on your remote forwarders, and optionally specify a proxy address for your remote forwarders.
To install the Splunk MINT App using Splunk Web
- Download the Splunk MINT App package, which is a .tgz file.
- Log into Splunk Web.
- Click the icon next to Apps.
- On the Apps page, click Install app from file.
- Click Choose File, navigate to and select the Splunk MINT App package file, then click Open.
- Click Upload.
To install the Splunk MINT App from the command line
- Download the Splunk MINT App package, which is a .tgz file.
- At the command line, enter:
splunk install app <path/packagename.tgz>
Alternatively, unpack the file and then copy the /splunk_app_mint directory to $SPLUNK_HOME/etc/apps.
Note Ensure that the /splunk_app_mint directory and its files have proper permissions and ownership so that Splunk Enterprise can read and write to them.
To specify a proxy address for the Splunk MINT App (distributed deployment)
If you want to use a proxy with the Splunk MINT App, specify your proxy address after you install the app but before you start and configure it. You'll specify the proxy for the Splunk MINT Add-on during the configuration process.
- Create a /local directory under $SPLUNK_HOME/etc/apps/splunk_app_mint/.
- In a text editor, create a text file with a
[proxy]
stanza that contains ahttps_proxy
attribute with the full URL of your proxy server. Do not use quotes around the URL string. For example: - Save your file as ssl.conf under $SPLUNK_HOME/etc/apps/splunk_app_mint/local/.
- Restart Splunk Enterprise.
[proxy] https_proxy = https://localhost:8888
To install the Splunk MINT Add-on
Install the Splunk MINT Add-on on each indexer and on each heavy/light forwarder. The Splunk MINT Add-on does not support universal forwarders because it requires Python.
- Important The Splunk MINT Add-on creates a "mint" index. You can customize the index in $SPLUNKHOME/etc/apps/Splunk_TA_mint/local/indexes.conf, including setting unique retention requirements and sizing configurations as needed, before deploying the add-on.
- Download the Splunk MINT App package to an accessible location and unpack the file.
- Copy the /splunk_app_mint/install/Splunk_TA_mint directory from the package, then paste this directory to the $SPLUNK_HOME/etc/apps directory on each remote server in your deployment (indexers and heavy/light forwarders).
- Note for advanced users
- Indexers only require the index-time configurations from the Splunk MINT Add-on. You can deploy that group of configurations using a deployment app using a deployment server. If you do so, extract the indexes.conf and props.conf configurations files from the Splunk MINT Add-on package.
To configure the Splunk MINT App (distributed deployment)
After you have installed the Splunk MINT App on the search head and installed the Splunk MINT Add-on on your indexers and heavy/light forwarders, you are ready to configure the Splunk MINT App. A configuration wizard runs the first time you start the app to:
- Connect to the Splunk MINT Data Collector with the MINT license, which is provided to you in a Welcome email when you sign up for Splunk MINT.
- Configure your remote forwarders using the information provided to you by the wizard, and optionally specify a proxy server.
The wizard also enables data model acceleration for the MINT data model to improve the performance of the app. After enabling these settings, your mobile app data will start coming in and populate the data model.
- Notes
- You must wait for the data model acceleration process to complete before you can start using the app.
- Do not disable the MINT modular input or data model acceleration settings. They are required for the app to function properly.
The Splunk MINT App configuration wizard starts the first time you run the Splunk MINT App on the search head:
- On the Splunk Home page under Apps, click Splunk MINT.
- Add your MINT license to Splunk Enterprise if you have not done so already, then click Next.
- Select Distributed for the type of deployment, then click Next.
- Configure the Splunk MINT Add-on on each of your remote forwarders using the information that is displayed:
- In a text editor, copy and paste the onscreen information into a new text file.
- Optionally, if you are using a proxy server, add a
[mi_cds://default]
stanza with ahttps_proxy
attribute with the full URL of your proxy server. Do not use quotes around the URL string. For example: - Save your file as inputs.conf.
- On each remote forwarder, create a /local directory under $SPLUNK_HOME/etc/apps/Splunk_TA_mint/, then copy the custom inputs.conf configuration file you created earlier to this new directory.
- Restart Splunk Enterprise on your remote forwarders to complete the installation and configuration of the Splunk MINT Add-on.
- Return to the Splunk MINT App configuration wizard, and click Next.
- Wait for MINT to find your MINT data, then click Next.
- Wait for MINT to accelerate your data (this process might take a few minutes depending on your data volume), then click Done.
[mi_cds://default] https_proxy = https://localhost:8888
Upgrade the Splunk MINT App
Follow the previous instructions for installing the Splunk MINT App, with one change:
- From Splunk Web, when choosing the app file, click Upgrade app.
- From the Splunk command line, include the "-update 1" parameter.
Note If you are upgrading the Splunk MINT App from version 1.x to 2.x, we recommended performing a clean installation rather than upgrading.
Requirements | Use the Splunk MINT App |
This documentation applies to the following versions of Splunk MINT™ App (Legacy): 2.0.1, 2.0.2
Feedback submitted, thanks!