Install and configure the Splunk MINT App
Deployment
Splunk MINT can be deployed in a standalone or distributed deployment:
- Standalone deployment is a deployment of Splunk Enterprise on a single computer, which handles all Splunk functionality. Use this configuration for evaluation purposes, or for small-scale production.
- Distributed deployment spreads different components of Splunk Enterprise functionality across multiple computers. A typical deployment consists of a search head on one server, with multiple indexers and heavy or light forwarders on other servers. For MINT, the scale of the configuration depends on the number of monthly active users you have, along with how your organization uses Splunk.
- Note Splunk MINT does not support search head clusters yet. Your environment must use a single search head.
For more about deploying apps, see App deployment overview in the Admin Manual. For more about distributed deployment, see the Distributed Deployment Manual.
Components of the Splunk MINT App
The Splunk MINT App on Splunk Enterprise includes the following components.
Component |
Description |
Standalone |
Distributed | ||
Search head | Indexer | Forwarder | |||
Splunk MINT App | Provides dashboards, saved reports, and search functionality allowing you to view data for all of your MINT app projects. | ✓ | ✓ | ||
Splunk MINT Add-on | Includes a custom modular input as well as index-time and search-time settings required to handle MINT data on forwarders, indexers and search heads. Does not contain any dashboards or reports, nor does it have a user interface. Splunk MINT Add-on is included in the Splunk MINT App package. |
✓ * | ✓ * | ✓ | ✓ |
Splunk MINT Modular Input | Defines a modular input for receiving MINT data from the Splunk MINT Data Collector. Splunk MINT Modular Input is included in the Splunk MINT Add-on. |
Enable | – | – | Enable |
* The add-on does not require installation because it is included with the app.
Before you install the Splunk MINT App
Enable HTTPS traffic
Before you install the Splunk MINT App, ensure the firewalls on the search heads and on heavy/light forwarders allow outgoing HTTPS traffic (TCP:443). If you have a standalone deployment, the single instance of Splunk Enterprise acts as both a search head and forwarder.
Splunk MINT uses the following URLs for sending data:
- MINT Cloud: <your MINT-assigned subdomain>.splkmobile.com (this endpoint is not configured with a static IP address)
- MINT Authentication Server: cdsauth.splkmobile.com
- MINT Symbolicator: ios.splkmobile.com
The search heads must be able to connect to the MINT URLs to set up the Splunk MINT App and symbolicate iOS errors. Ensure the following IP addresses are whitelisted so that the MINT Cloud Data Collector authentication endpoint can be reached (the proxy is not used for authentication):
- 54.193.6.245
- 54.183.222.143
- 54.183.222.136
- 54.153.51.51
The computers that run the Splunk MINT Add-on (typically heavy/light forwarders) must be able to make outbound connections to fetch data. You can alternatively use a proxy and set the proxy address in the MINT modular input settings.
Assign MINT roles
Before you install the Splunk MINT App, make sure you are assigned to the mint_admin role. For more, see MINT user roles.
Install Splunk MINT
In a standalone deployment:
- Install the Splunk MINT App on a single Splunk instance.
In a distributed deployment:
- Install the Splunk MINT App on the search head.
- Install the Splunk MINT Add-on on each indexer.
- Install the Splunk MINT Add-on on each heavy/light forwarder.
- Configure the Splunk MINT App on the search head and on your remote forwarders.
To install the Splunk MINT App using Splunk Web
- Download the Splunk MINT App package, which is a .tgz file.
- Log into Splunk Web.
- Do one of the following:
- In Splunk Enterprise 6.2, click the icon next to Apps.
- In Splunk Enterprise 6.1, go to Apps > Manage Apps.
- On the Apps page, click Install app from file.
- Click Choose File, navigate to and select the Splunk MINT App package file, then click Open.
- Click Upload.
- Proceed to Configure the Splunk MINT App.
To install the Splunk MINT App from the command line
- Download the Splunk MINT App package, which is a .tgz file.
- Unpack the file into an accessible location.
- Copy the /splunk_app_mint directory to $SPLUNK_HOME/etc/apps.
- Proceed to Configure the Splunk MINT App.
Note Ensure that the /splunk_app_mint directory and its files have proper permissions and ownership so that Splunk can read and write to them.
To install the Splunk MINT Add-on
This add-on does not support universal forwarders because the add-on requires Python.
- Important The Splunk MINT Add-on creates a "mint" index. You can customize the index in $SPLUNKHOME/etc/apps/Splunk_TA_mint/local/indexes.conf, including setting unique retention requirements and sizing configurations as needed, before deploying the add-on.
- Download the Splunk MINT App package to an accessible location and unpack the file.
- Copy the /splunk_app_mint/install/Splunk_TA_mint directory from the package, then paste this directory to the $SPLUNK_HOME/etc/apps directory on each remote server in your deployment (indexers and heavy/light forwarders).
- Note for advanced users
- Indexers only require the index-time configurations from the Splunk MINT Add-on. You can deploy that group of configurations using a deployment app using a deployment server. If you do so, extract the indexes.conf and props.conf configurations files from the Splunk MINT Add-on package.
- Proceed to Configure the Splunk MINT App.
Configure the Splunk MINT App
The first time you run the Splunk MINT App, a wizard guides you though the process of setting up the app. Use the wizard to:
- Connect to the Splunk MINT Data Collector with the token that was provided to you in your Welcome email when you signed up for Splunk MINT.
- Specify the type of deployment you are using. For distributed deployments, the configuration wizard provides the configuration information you need for your remote forwarders.
The wizard also does the following:
- Enables the MINT modular data input to retrieve the data from your MINT mobile app projects (in standalone deployment only).
- Enables data model acceleration for the MINT data model to improve the performance of the app.
- Note You must wait for the data model acceleration process to complete before you can start using the app.
After enabling these settings, your mobile app data will start coming in and Splunk will populate the data model.
- Note These settings are required in order for the app to function properly. Do not disable these settings.
To configure the Splunk MINT App (standalone deployment)
- After you install the Splunk MINT App, run the app (on the Splunk Home page under Apps, click Splunk MINT).
- Enter your token to connect to the Splunk MINT Data Collector, then click Continue.
- Click Standalone.
- Wait for MINT to enable modular inputs and find your MINT data, then click Continue.
- Wait for MINT to accelerate your data (this process might take a few minutes depending on your data volume), then click Done.
The Configure Splunk MINT wizard starts the first time you run the Splunk MINT App.
To configure the Splunk MINT App (distributed deployment)
- After you have installed the Splunk MINT Add-on on your indexers and heavy/light forwarders, and installed the Splunk MINT App on the search head, run the app (on the Splunk Home page under Apps, click Splunk MINT).
- Enter your token to connect to the Splunk MINT Data Collector, then click Continue.
- Click Distributed.
- Create a text file called inputs.conf that contains the corresponding text. For example:
- Create a text file called tokens.conf that contains the corresponding text. For example:
- On each remote forwarder, create a /local directory under $SPLUNK_HOME/etc/apps/Splunk_TA_mint/, copy the two files to the new directory, then restart Splunk Enterprise on those computers to complete the installation and configuration of the TA.
- Return to the Configure Splunk MINT wizard, and click Continue.
- Wait for MINT to find your MINT data, then click Continue.
- Wait for MINT to accelerate your data (this process might take a few minutes depending on your data volume), then click Done.
The Configure Splunk MINT wizard starts the first time you run the Splunk MINT App.
The wizard displays specific configuration information for your remote forwarders.
// $SPLUNK_HOME/etc/apps/Splunk_TA_mint/local/inputs.conf [mi_cds://default] disabled = 0
// $SPLUNK_HOME/etc/apps/Splunk_TA_mint/local/tokens.conf [cds] cds_url = your_url disabled = 0 token = your_token
Update the Splunk MINT Data Collector token
To update the Splunk MINT Data Collector token (standalone deployment)
- In Splunk Web, start the Splunk MINT App.
- On the Splunk MINT page, click Manage Splunk MINT Connection.
- Enter the new authentication token for the Splunk MINT Data Collector and click Update.
- Go to Settings > Data inputs.
- Click Splunk MINT Data Collector.
- For the MINT input that is listed, in the Status column click Disable, and then click Enable.
To update the Splunk MINT Data Collector token (distributed deployment)
- On each remote forwarder, edit the tokens.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_mint/local with the new value for "token".
- In Splunk Web, go to Settings > Data inputs.
- Click Splunk MINT Data Collector.
- For the MINT input that is listed, in the Status column click Disable.
- Refresh Splunk (go to localhost:<port>/debug/refresh).
- In Splunk Web, go to Settings > Data inputs.
- Click Splunk MINT Data Collector.
- For the MINT input that is listed, in the Status column click Enable.
Requirements | Use the Splunk MINT App |
This documentation applies to the following versions of Splunk MINT™ App (Legacy): 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0
Feedback submitted, thanks!