Splunk MINT App (Legacy)

Splunk MINT App User Guide

Acrobat logo Download manual as PDF


Splunk MINT is no longer available for purchase as of January 29, 2021. Customers who have already been paying to ingest and process MINT data in Splunk Enterprise will continue to receive support until December 31, 2021, which is End of Life for all MINT products: App, Web Service (Management Console), SDK and Add-On.
This documentation does not apply to the most recent version of MintApp. Click here for the latest version.
Acrobat logo Download topic as PDF

Install and configure the Splunk MINT App

Deployment

Splunk MINT can be deployed in a standalone or distributed deployment:

  • Standalone deployment is a deployment of Splunk Enterprise on a single computer, which handles all Splunk functionality. Use this configuration for evaluation purposes, or for small-scale production.
  • Distributed deployment spreads different components of Splunk Enterprise functionality across multiple computers. A typical deployment consists of a search head on one server, with multiple indexers and heavy or light forwarders on other servers. For MINT, the scale of the configuration depends on the number of monthly active users you have, along with how your organization uses Splunk.
Note Splunk MINT does not support search head clusters yet. Your environment must use a single search head.

For more about deploying apps, see App deployment overview in the Admin Manual. For more about distributed deployment, see the Distributed Deployment Manual.

Components of the Splunk MINT App

The Splunk MINT App on Splunk Enterprise includes the following components.

Component

Description

Standalone

Distributed

Search head Indexer Forwarder
Splunk MINT App Provides dashboards, saved reports, and search functionality allowing you to view data for all of your MINT app projects.
Splunk MINT Add-on Includes a custom modular input as well as index-time and search-time settings required to handle MINT data on forwarders, indexers and search heads. Does not contain any dashboards or reports, nor does it have a user interface.
Splunk MINT Add-on is included in the Splunk MINT App package.
✓ * ✓ *
Splunk MINT Modular Input Defines a modular input for receiving MINT data from the Splunk MINT Data Collector.
Splunk MINT Modular Input is included in the Splunk MINT Add-on.
Enable Enable

* The add-on does not require installation because it is included with the app.

Before you install the Splunk MINT App

Enable HTTPS traffic

Before you install the Splunk MINT App, ensure the firewalls on the search heads and on heavy/light forwarders allow outgoing HTTPS traffic (TCP:443). If you have a standalone deployment, the single instance of Splunk Enterprise acts as both a search head and forwarder.

Splunk MINT uses the following URLs for sending data:

  • MINT Cloud: <your MINT-assigned subdomain>.splkmobile.com (this endpoint is not configured with a static IP address)
  • MINT Authentication Server: cdsauth.splkmobile.com
  • MINT Symbolicator: ios.splkmobile.com

The search heads must be able to connect to the MINT URLs to set up the Splunk MINT App and symbolicate iOS errors. Ensure the following IP addresses are whitelisted so that the MINT Cloud Data Collector authentication endpoint can be reached (the proxy is not used for authentication):

  • 54.193.6.245
  • 54.183.222.143
  • 54.183.222.136
  • 54.153.51.51

The computers that run the Splunk MINT Add-on (typically heavy/light forwarders) must be able to make outbound connections to fetch data. You can alternatively use a proxy and set the proxy address in the MINT modular input settings.

Assign MINT roles

Before you install the Splunk MINT App, make sure you are assigned to the mint_admin role. For more, see MINT user roles.

Install Splunk MINT

In a standalone deployment:

In a distributed deployment:

  1. Install the Splunk MINT App on the search head.
  2. Install the Splunk MINT Add-on on each indexer.
  3. Install the Splunk MINT Add-on on each heavy/light forwarder.
  4. Configure the Splunk MINT App on the search head and on your remote forwarders.

To install the Splunk MINT App using Splunk Web

  1. Download the Splunk MINT App package, which is a .tgz file.
  2. Log into Splunk Web.
  3. Do one of the following:
    • In Splunk Enterprise 6.2, click the MINT AppGearIcon.png icon next to Apps.
    • In Splunk Enterprise 6.1, go to Apps > Manage Apps.
  4. On the Apps page, click Install app from file.
  5. Click Choose File, navigate to and select the Splunk MINT App package file, then click Open.
  6. Click Upload.
  7. Proceed to Configure the Splunk MINT App.

To install the Splunk MINT App from the command line

  1. Download the Splunk MINT App package, which is a .tgz file.
  2. Unpack the file into an accessible location.
  3. Copy the /splunk_app_mint directory to $SPLUNK_HOME/etc/apps.
  4. Note Ensure that the /splunk_app_mint directory and its files have proper permissions and ownership so that Splunk can read and write to them.

  5. Proceed to Configure the Splunk MINT App.

To install the Splunk MINT Add-on

This add-on does not support universal forwarders because the add-on requires Python.

Important The Splunk MINT Add-on creates a "mint" index. You can customize the index in $SPLUNKHOME/etc/apps/Splunk_TA_mint/local/indexes.conf, including setting unique retention requirements and sizing configurations as needed, before deploying the add-on.
  1. Download the Splunk MINT App package to an accessible location and unpack the file.
  2. Copy the /splunk_app_mint/install/Splunk_TA_mint directory from the package, then paste this directory to the $SPLUNK_HOME/etc/apps directory on each remote server in your deployment (indexers and heavy/light forwarders).
  3. Note for advanced users
    Indexers only require the index-time configurations from the Splunk MINT Add-on. You can deploy that group of configurations using a deployment app using a deployment server. If you do so, extract the indexes.conf and props.conf configurations files from the Splunk MINT Add-on package.
  4. Proceed to Configure the Splunk MINT App.

Configure the Splunk MINT App

The first time you run the Splunk MINT App, a wizard guides you though the process of setting up the app. Use the wizard to:

  • Connect to the Splunk MINT Data Collector with the token that was provided to you in your Welcome email when you signed up for Splunk MINT.
  • Specify the type of deployment you are using. For distributed deployments, the configuration wizard provides the configuration information you need for your remote forwarders.

The wizard also does the following:

  • Enables the MINT modular data input to retrieve the data from your MINT mobile app projects (in standalone deployment only).
  • Enables data model acceleration for the MINT data model to improve the performance of the app.
Note You must wait for the data model acceleration process to complete before you can start using the app.

After enabling these settings, your mobile app data will start coming in and Splunk will populate the data model.

Note These settings are required in order for the app to function properly. Do not disable these settings.

To configure the Splunk MINT App (standalone deployment)

  1. After you install the Splunk MINT App, run the app (on the Splunk Home page under Apps, click Splunk MINT).
  2. The Configure Splunk MINT wizard starts the first time you run the Splunk MINT App.

  3. Enter your token to connect to the Splunk MINT Data Collector, then click Continue.
  4. Click Standalone.
  5. Wait for MINT to enable modular inputs and find your MINT data, then click Continue.
  6. Wait for MINT to accelerate your data (this process might take a few minutes depending on your data volume), then click Done.

To configure the Splunk MINT App (distributed deployment)

  1. After you have installed the Splunk MINT Add-on on your indexers and heavy/light forwarders, and installed the Splunk MINT App on the search head, run the app (on the Splunk Home page under Apps, click Splunk MINT).
  2. The Configure Splunk MINT wizard starts the first time you run the Splunk MINT App.

  3. Enter your token to connect to the Splunk MINT Data Collector, then click Continue.
  4. Click Distributed.
  5. The wizard displays specific configuration information for your remote forwarders.

  6. Create a text file called inputs.conf that contains the corresponding text. For example:
  7. // $SPLUNK_HOME/etc/apps/Splunk_TA_mint/local/inputs.conf
    [mi_cds://default]
    disabled = 0
    
  8. Create a text file called tokens.conf that contains the corresponding text. For example:
  9. // $SPLUNK_HOME/etc/apps/Splunk_TA_mint/local/tokens.conf
    [cds]
    cds_url = your_url
    disabled = 0
    token = your_token
    
  10. On each remote forwarder, create a /local directory under $SPLUNK_HOME/etc/apps/Splunk_TA_mint/, copy the two files to the new directory, then restart Splunk Enterprise on those computers to complete the installation and configuration of the TA.
  11. Return to the Configure Splunk MINT wizard, and click Continue.
  12. Wait for MINT to find your MINT data, then click Continue.
  13. Wait for MINT to accelerate your data (this process might take a few minutes depending on your data volume), then click Done.

Update the Splunk MINT Data Collector token

To update the Splunk MINT Data Collector token (standalone deployment)

  1. In Splunk Web, start the Splunk MINT App.
  2. On the Splunk MINT page, click Manage Splunk MINT Connection.
  3. Enter the new authentication token for the Splunk MINT Data Collector and click Update.
  4. Go to Settings > Data inputs.
  5. Click Splunk MINT Data Collector.
  6. For the MINT input that is listed, in the Status column click Disable, and then click Enable.

To update the Splunk MINT Data Collector token (distributed deployment)

  1. On each remote forwarder, edit the tokens.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_mint/local with the new value for "token".
  2. In Splunk Web, go to Settings > Data inputs.
  3. Click Splunk MINT Data Collector.
  4. For the MINT input that is listed, in the Status column click Disable.
  5. Refresh Splunk (go to localhost:<port>/debug/refresh).
  6. In Splunk Web, go to Settings > Data inputs.
  7. Click Splunk MINT Data Collector.
  8. For the MINT input that is listed, in the Status column click Enable.
Last modified on 09 September, 2015
PREVIOUS
Requirements
  NEXT
Use the Splunk MINT App

This documentation applies to the following versions of Splunk MINT App (Legacy): 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters