Related Answers
Download topic as PDF
Prepare JMX servers for the Splunk Add-on for JMX
Before you configure your inputs, prepare your JMX servers for connectivity with the Splunk platform. Depending on how you want to set up your inputs for each server, you may need to configure connectivity in different ways for different servers.
Connect to a local JVM using a process ID
When connecting directly to local JVM using a process ID, the JRE uses a native library called attach.dll on Windows and libattach.so on Linux. In Windows, the library is located at %JRE_HOME%\bin\attach.dll
In Linux, the library is located at $JDK_HOME/jre/lib/i386/libattach.so
Steps
- If you are using Windows, add
%JAVA_HOME%\jdk1.x.x_xx\jre\bin\to the environment variable%PATH%.
If you are using Linux, theattachlibrary is only packaged in the JRE that is part of a JDK install. If you do not havelibattach.so, you can get it from the JDK($JDK_HOME/lib/) and copy it into the JRE'slib($JDK_HOME/jre/lib/) directory. - (Optional) To use this method to connect to your local JVMs when you configure your data inputs for this add-on, select one of the three connection type options under Attach to process when you add a server. For more information, see Configure the inputs for the Splunk Add-on for JMX.
Get process id from service name
Use the following command to get the process id of any service.
ps -eafH | grep "java" | grep "{your_service_name}" | grep -v "grep" | awk '{print $2}'
Connect to a local or remote JMX server via system properties
To set up a JMX server for remote access, follow the instructions in the Oracle documentation: http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html#remote
Select either rmi or iiop as your connection type when you configure your inputs if you use this method to connect to your local or remote JVMs. For more information, see Configure the inputs for the Splunk Add-on for JMX.
Connect to a local or remote JMX server using MX4J
The Splunk Add-on for JMX supports MX4J as the JMX implementation for remote connectors (rmi and iiop). You can also use any of the MX4J-specific JMX connectors (soap, burlap, hessian).
If you use Java 8 or 11, remote method invocation (RMI) is the only supported set of MX4J protocols.
Select the MX4J-specific JMX connector that you use as your connection type when you configure your inputs if you use this method to connect to your local or remote JVMs. For more information, see Configure the inputs for the Splunk Add-on for JMX.
If you are using any of the HTTPS connectors (soap+ssl, hessian+ssl, burlap+ssl), the root certification authority should be present in the trusted certificates, normally stored in the $JAVA_HOME/jre/lib/security/cacerts file.
To connect to a JMX server with SSL, follow these steps.
Prerequisites
- "keytool" utility provided by Java to generate the SSL certificate. See Generate a Certificate by Using keytool.
Generating Server certificates
- Export the server certification to a file. Use the keytool utility provided by Java to generate the SSL certificate. The following example uses the filename server.cer:
> keytool -export -keystore <server_key_store> -alias <key_alias> -file server.cer - Copy the file to the machine running Splunk Enterprise.
- Create a keystore file, set your password, name it
mx4j.ksand put it under$SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin. - Import
server.cerintomx4j.ksusing your password.
> keytool -import -keystore mx4j.ks -alias <key_alias> -file server.cer
By using this command, you can append other certificates in the mx4j.ks file for use by the Splunk Add-on for Java Management Extension. - Add the password to access certificates in the
mx4j.ksfile through the UI from the menu for Splunk add-on for JMX
Configuration > Java System Properties > TrustStore Password. - Restart Splunk Enterprise.
Generating Client certificates
- Export the client certification to a file. Use the keytool utility provided by Java to generate the SSL certificate. The following example uses the filename server.cer:
> keytool -export -keystore <client_key_store> -alias <key_alias> -file client.cer - Copy the file to the machine running Splunk Enterprise.
- Create a keystore file, set your password, name it
jmx_client.ksand put it under$SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin. - Import
client.cerintojmx_client.ksusing your password.
> keytool -import -keystore jmx_client.ks -alias <key_alias> -file client.cer
By using this command, you can append other certificates in the jmx_clientj.ks file for use by the Splunk Add-on for Java Management Extension. - Add the password to access certificates in the
jmx_client.ksfile through the UI from the menu for Splunk add-on for JMX
Configuration > Java System Properties > KeyStore Password. - Restart Splunk Enterprise.
Splunk best practices are to use client certificates when you want to have a fully secure RMI Registry between your server and client. You must update server configurations as well as any applicable properties.
Providing passwords for certificates stored in the Keystore and Truststore
| Property | Meaning | Default value |
|---|---|---|
| TrustStore password | The password to access the jmx_client.ks file under Splunk_TA_jmx/bin/. This would contain the client certificates.
|
<No default value> |
| KeyStore password | The password to access the mx4j.ks file under Splunk_TA_jmx/bin/. This would contain the server certificates.
|
<No default value> |
| Certificate Length | Maximum number of certificates that can be stored in a keystore. | 10 |
Next, configure your inputs.
|
PREVIOUS Upgrade the Splunk Add-on for JMX |
NEXT Connect the Splunk Add-on for Java Management Extensions to IBM Websphere Application Server |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!