Splunk MINT App (Legacy)

Splunk MINT App User Guide

Acrobat logo Download manual as PDF


Splunk MINT is no longer available for purchase as of January 29, 2021. Customers who have already been paying to ingest and process MINT data in Splunk Enterprise will continue to receive support until December 31, 2021, which is End of Life for all MINT products: App, Web Service (Management Console), SDK and Add-On.
This documentation does not apply to the most recent version of Splunk MINT App (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Install and configure the Splunk MINT App

Deployment

You can install Splunk MINT in different ways:

  • Standalone deployment is a deployment of Splunk Enterprise on a single computer, which handles all Splunk functionality. Use this configuration for evaluation purposes, or for small-scale production.
  • Distributed deployment spreads different components of Splunk Enterprise functionality across multiple computers. A typical deployment consists of a search head on one server, with multiple indexers and heavy or light forwarders on other servers. For MINT, the scale of the configuration depends on the number of monthly active users you have, along with how your organization uses Splunk.
  • Splunk Cloud delivers the features of Splunk Enterprise as a cloud-based service. To install the Splunk MINT App in your Splunk Cloud instance, contact Splunk Support.


For more about deploying apps, see App deployment overview in the Admin Manual. For more about distributed deployment, see the Distributed Deployment Manual. For more about Splunk Cloud, see the Splunk Cloud Platform Admin Manual.

Components of Splunk MINT

Splunk MINT on Splunk Enterprise includes the following components.

Component

Description

Standalone

Distributed

Search head Indexer Forwarder
Splunk MINT App Provides dashboards, saved reports, and search functionality allowing you to view data for all of your MINT app projects.
Splunk MINT Add-on Includes a custom modular input as well as index-time and search-time settings required to handle MINT data on forwarders, indexers and search heads. Does not contain any dashboards or reports, nor does it have a user interface.
Splunk MINT Modular Input Defines a modular input for receiving MINT data from the Splunk MINT Data Collector.
Splunk MINT Modular Input is included in the Splunk MINT Add-on.
Enable Enable

Before you install the Splunk MINT App

Enable HTTPS traffic

Before you install the Splunk MINT App, ensure the firewalls on the search heads allow outgoing HTTPS traffic (TCP:443). If you have a standalone deployment, the single instance of Splunk Enterprise acts as both a search head and forwarder.

Splunk MINT uses client SSL authentication to connect to the MINT Cloud services. The following URLs are used for sending data:

  • MINT Cloud: data.cds.splkmobile.com
  • MINT Authentication Server: cdsauth.splkmobile.com and auth.cds.splkmobile.com
  • MINT Symbolicator: ios.splkmobile.com

The search heads must be able to connect to the MINT URLs to set up the Splunk MINT App and symbolicate iOS errors. Ensure the following IP addresses are whitelisted so that the MINT Cloud Data Collector authentication endpoint can be reached:

  • 54.193.6.245
  • 54.183.222.143
  • 54.183.222.136
  • 54.153.51.51
  • 52.8.207.32
  • 52.8.207.109
  • 208.78.105.194 through 208.78.105.202

Enable proxy support

If you want to use a proxy server as an alternative to enabling HTTPS traffic:

  • Enable proxy server support by ensuring that your proxy server supports the CONNECT feature over port 443.
  • After you install the Splunk MINT App, specify the proxy address (see Specify a proxy address below).

Assign MINT roles

Before you install the Splunk MINT App, make sure you are assigned to the mint_admin role. For more, see MINT user roles.

Note  If you are using Splunk Free, you are automatically assigned all roles so you can skip this step. For more, see What is included with Splunk Free in the Admin Manual.

Install the Splunk MINT App

In a standalone deployment, install the Splunk MINT App on your single instance of Splunk Enterprise.

In a distributed deployment, install the Splunk MINT App on the search head. If you have a search head cluster, install the app on each search head.

After you have installed the Splunk MINT App, ensure that the /splunk_app_mint directory and its files have proper permissions and ownership so that Splunk Enterprise can read and write to them.


To install the Splunk MINT App using Splunk Web

  1. Download the Splunk MINT App package.
  2. Click the Manage Apps icon next to Apps.
  3. On the Apps page, click Install app from file.
  4. Click Choose File, navigate to and select the package file for the Splunk MINT App, then click Open.
  5. Click Upload.


To install the Splunk MINT App from the command line

  1. Download the Splunk MINT App package.
  2. At the command line, enter:
splunk install app <path/packagename>


To install the Splunk MINT App by copying files

  1. Download the Splunk MINT App package.
  2. Unpack the package file, then copy the /splunk_app_mint directory to $SPLUNK_HOME/etc/apps.


To install the Splunk MINT App in Splunk Cloud

Contact Splunk Support to install the MINT App in your Splunk Cloud installation:

Set the MINT Data Collector token in the MINT App

To symbolicate your iOS stack traces, you must configure the MINT App with your MINT Data Collector token.

  1. Get your MINT Data Collector token:
    • Log in to MINT Management Console.
    • Click Account > Account Info, and then click Usage.
    • Under MINT Data Collector token, click Generate Token if a token has not yet been generated.
    • Copy the token string.
  2. On each computer running the MINT App, create a /local folder under $SPLUNK_HOME/etc/apps/splunk_app_mint if one does not already exist.
  3. Copy the $SPLUNK_HOME/etc/apps/splunk_app_mint/default/symbolicator.conf configuration file to $SPLUNK_HOME/etc/apps/splunk_app_mint/local.
  4. In a text editor, open $SPLUNK_HOME/etc/apps/splunk_app_mint/local/symbolicator.conf and set the authentication_key property to the token string you copied in step 1:
  5. [settings]
    authentication_key = your_token_string
  6. Save your changes.
  7. Restart Splunk Enterprise.

Specify a proxy address

If you want to use a proxy with Splunk MINT, after you install the app but before you start it, you must create configuration files with the proxy address for the Splunk MINT App and the Splunk MINT Add-on.

To specify the proxy address for the Splunk MINT App:

  1. Create a /local directory under $SPLUNK_HOME/etc/apps/splunk_app_mint/.
  2. In a text editor, create a text file with a [proxy] stanza that contains a https_proxy attribute with the full URL of your proxy server. Do not use quotes around the URL string. For example:
  3. [proxy]
    https_proxy = https://localhost:8888
  4. Save your file as ssl.conf under $SPLUNK_HOME/etc/apps/splunk_app_mint/local/.
  5. Restart Splunk Enterprise.

Upgrade the Splunk MINT App

Before you upgrade the Splunk MINT App, verify that your version of Splunk Enterprise supports the newer version:

  • Versions 1.x.x of the Splunk MINT App requires Splunk Enterprise 6.1.x - 6.2.x.
  • Versions 2.1.x - 2.2.x of the Splunk MINT App requires Splunk Enterprise 6.3.x - 7.1.x.
  • Version 3.0.x of the Splunk MINT App requires Splunk Enterprise 7.2.x - 8.0.x. Version 8.0.x can be in either Python 2 or Python 3 mode.


To upgrade the Splunk MINT App, follow the instructions above for installing the app, with the following change:

  • From Splunk Web, when choosing the app file, click Upgrade app.
  • From the Splunk command line, include the "-update 1" parameter.


Note  If you are upgrading the Splunk MINT App from version 1.x to 2.x, we recommended performing a clean installation rather than upgrading.

Last modified on 09 August, 2021
PREVIOUS
Requirements
  NEXT
Use the Splunk MINT App

This documentation applies to the following versions of Splunk MINT App (Legacy): 3.0.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters