Splunk® Supported Add-ons

Splunk Add-on for Java Management Extensions

Prepare JMX servers for the Splunk Add-on for JMX

Before you configure your inputs, prepare your JMX servers for connectivity with the Splunk platform. Depending on how you want to set up your inputs for each server, you may need to configure connectivity in different ways for different servers.

Connect to a local JVM using a process ID

When connecting directly to local JVM using a process ID, the JRE uses a native library called attach.dll on Windows and libattach.so on Linux. In Windows, the library is located at %JRE_HOME%\bin\attach.dll In Linux, the library is located at $JDK_HOME/jre/lib/i386/libattach.so


Steps

  1. If you are using Windows, add %JAVA_HOME%\jdk1.x.x_xx\jre\bin\ to the environment variable %PATH%.
    If you are using Linux, the attach library is only packaged in the JRE that is part of a JDK install. If you do not have libattach.so, you can get it from the JDK($JDK_HOME/lib/) and copy it into the JRE's lib ($JDK_HOME/jre/lib/) directory.
  2. (Optional) To use this method to connect to your local JVMs when you configure your data inputs for this add-on, select one of the three connection type options under Attach to process when you add a server. For more information, see Configure the inputs for the Splunk Add-on for JMX.

Get process id from service name

Use the following command to get the process id of any service.

 ps -eafH | grep "java" | grep "{your_service_name}" | grep -v "grep" | awk '{print $2}'

Connect to a local or remote JMX server via system properties

To set up a JMX server for remote access, follow the instructions in the Oracle documentation: http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html#remote

Select either rmi or iiop as your connection type when you configure your inputs if you use this method to connect to your local or remote JVMs. For more information, see Configure the inputs for the Splunk Add-on for JMX.

Connect to a local or remote JMX server using MX4J

The Splunk Add-on for JMX supports MX4J as the JMX implementation for remote connectors (rmi and iiop). You can also use any of the MX4J-specific JMX connectors (soap, burlap, hessian).

If you use Java 8 or 11, remote method invocation (RMI) is the only supported set of MX4J protocols.

Select the MX4J-specific JMX connector that you use as your connection type when you configure your inputs if you use this method to connect to your local or remote JVMs. For more information, see Configure the inputs for the Splunk Add-on for JMX.

If you are using any of the HTTPS connectors (soap+ssl, hessian+ssl, burlap+ssl), the root certification authority should be present in the trusted certificates, normally stored in the $JAVA_HOME/jre/lib/security/cacerts file.

To connect to a JMX server with SSL, follow these steps.

Prerequisites

Generating Server certificates

  1. Export the server certification to a file. Use the keytool utility provided by Java to generate the SSL certificate. The following example uses the filename server.cer:
    > keytool -export -keystore <server_key_store> -alias <key_alias> -file server.cer
  2. Copy the file to the machine running Splunk Enterprise.
  3. Create a keystore file, set your password, name it mx4j.ks and put it under $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin.
  4. Import server.cer into mx4j.ks using your password.
    > keytool -import -keystore mx4j.ks -alias <key_alias> -file server.cer
    By using this command, you can append other certificates in the mx4j.ks file for use by the Splunk Add-on for Java Management Extension.
  5. Add the password to access certificates in the mx4j.ks file through the UI from the menu for Splunk add-on for JMX
    Configuration > Java System Properties > TrustStore Password.
  6. Restart Splunk Enterprise.

Generating Client certificates

  1. Export the client certification to a file. Use the keytool utility provided by Java to generate the SSL certificate. The following example uses the filename server.cer:
    > keytool -export -keystore <client_key_store> -alias <key_alias> -file client.cer
  2. Copy the file to the machine running Splunk Enterprise.
  3. Create a keystore file, set your password, name it jmx_client.ks and put it under $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin.
  4. Import client.cer into jmx_client.ks using your password.
    > keytool -import -keystore jmx_client.ks -alias <key_alias> -file client.cer
    By using this command, you can append other certificates in the jmx_clientj.ks file for use by the Splunk Add-on for Java Management Extension.
  5. Add the password to access certificates in the jmx_client.ks file through the UI from the menu for Splunk add-on for JMX
    Configuration > Java System Properties > KeyStore Password.
  6. Restart Splunk Enterprise.

Splunk best practices are to use client certificates when you want to have a fully secure RMI Registry between your server and client. You must update server configurations as well as any applicable properties.

Providing passwords for certificates stored in the Keystore and Truststore

Property Meaning Default value
TrustStore password The password to access the jmx_client.ks file under Splunk_TA_jmx/bin/. This would contain the client certificates. <No default value>
KeyStore password The password to access the mx4j.ks file under Splunk_TA_jmx/bin/. This would contain the server certificates. <No default value>
Certificate Length Maximum number of certificates that can be stored in a keystore. 10



Next, configure your inputs.

Last modified on 06 September, 2024
Upgrade the Splunk Add-on for JMX   Connect the Splunk Add-on for Java Management Extensions to IBM Websphere Application Server

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters