Data Source

Follow the instructions below to create a new data flow that ingests data from a Splunk Observability source in Nexla.

Splunk Observability

Create a New Data Flow

1. To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Then, select the desired flow type from the list, and click the Create button.

2. Select the Splunk Observability connector tile from the list of available connectors. Then, select the credential that will be used to connect to your Splunk Observability account, and click Next; or, create a new Splunk Observability credential for use in this flow.

3. In Nexla, Splunk Observability data sources can be created using pre-built endpoint templates, which expedite source setup for common Splunk Observability endpoints. Each template is designed specifically for the corresponding Splunk Observability endpoint, making source configuration easy and efficient.
   • To configure this source using a template, follow the instructions in Configure Using a Template.

   Splunk Observability sources can also be configured manually, allowing you to ingest data from Splunk Observability endpoints not included in the pre-built templates or apply further customizations to exactly suit your needs.
   • To configure this source manually, follow the instructions in Configure Manually.

Configure Using a Template

Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common Splunk Observability endpoints. Each template is designed specifically for the corresponding Splunk Observability endpoint, making data source setup easy and efficient.

Endpoint Settings

• Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below. Click on an endpoint to see more information about it and how to configure your data source for this endpoint.

  Get Events

  This endpoint template retrieves a list of events from Splunk Observability Observability Cloud. Use this template when you need to retrieve information about events, including event IDs, timestamps, and other event metadata.

  • Enter the query in the Query field. This should be the search criteria that specifies the events you want the API to return (e.g., is:ok AND sf_notificationWasSent:true). The query determines which events will be retrieved based on the search criteria.

  This endpoint returns a list of events from Splunk Observability Observability Cloud that match the specified query criteria. The endpoint uses offset-based pagination with offset parameter to handle large datasets efficiently. Nexla will automatically fetch subsequent pages of data by incrementing the offset parameter.

  For detailed information about events, query syntax, API response structures, pagination, and available event data, see the Splunk Observability API documentation.

  Retrieve Dashboards

  This endpoint template fetches a list of dashboard objects from your Splunk Observability account. Use this template when you need to retrieve information about dashboards, including dashboard IDs, names, and other dashboard metadata. Use the advanced mode for fetching filtered set of dashboards.

  • This endpoint automatically retrieves all dashboards from your Splunk Observability account. The endpoint uses offset-based pagination to handle large datasets efficiently.

  This endpoint returns a list of dashboard objects from your Splunk Observability account, including dashboard IDs, names, and other dashboard metadata. The endpoint uses offset-based pagination with offset parameter to handle large datasets efficiently. Nexla will automatically fetch subsequent pages of data by incrementing the offset parameter.

  For detailed information about dashboards, API response structures, pagination, query options, and available dashboard data, see the Splunk Observability API documentation.

Endpoint Testing

Once the selected endpoint template has been configured, Nexla can retrieve a sample of the data that will be fetched according to the current settings. This allows users to verify that the source is configured correctly before saving.

• To test the current endpoint configuration, click the Test button to the right of the endpoint selection menu. Sample data will be fetched & displayed in the Endpoint Test Result panel on the right.

• If the sample data is not as expected, review the selected endpoint and associated settings, and make any necessary adjustments. Then, click the Test button again, and check the sample data to ensure that the correct information is displayed.

Configure Manually

Splunk Observability data sources can be manually configured to ingest data from any valid Splunk Observability API endpoint. Manual configuration provides maximum flexibility for accessing endpoints not covered by pre-built templates or when you need custom API configurations.

With manual configuration, you can also create more complex Splunk Observability sources, such as sources that use chained API calls to fetch related data or sources that require custom query parameters or filters.

API Method

1. To manually configure this source, select the Advanced tab at the top of the configuration screen.

2. Select the API method that will be used for calls to the Splunk Observability API from the Method pulldown menu. Splunk Observability API typically uses GET method for retrieving data from endpoints.

API Endpoint URL

3. Enter the URL of the Splunk Observability API endpoint from which this source will fetch data in the Set API URL field. This should be the complete URL to your Splunk Observability endpoint, including your realm (e.g., https://api.{realm}.signalfx.com/v2/event/find, https://api.{realm}.signalfx.com/v2/dashboard). Include any required query parameters in the URL.

Ensure the API endpoint URL is correct and accessible with your current credentials. The Splunk Observability API endpoint URL should include your realm (from your credential) and the appropriate API path. You can test the endpoint using the Test button after configuring the URL.

Response Data Path

4. Enter the JSONPath expression in the Response Data Path field to specify which part of the API response should be treated as the relevant data by Nexla. For Splunk Observability API responses, use $[*] to extract all items from the response array, $.results[*] to extract all items from the results array, or $ to extract the entire response for single record endpoints, depending on your endpoint.

The JSONPath expression must correctly reference the structure of your Splunk Observability API response. Splunk Observability API responses may have different structures depending on the endpoint. Ensure your JSONPath expression matches the structure returned by your specific endpoint. The JSONPath expression determines which data will be extracted and processed by Nexla.

Pagination (if applicable)

5. If your endpoint supports pagination, configure the pagination settings in the Pagination section. Splunk Observability API uses offset-based pagination with offset parameter for most endpoints. Select the pagination type that matches your endpoint's pagination mechanism.

6. Configure the pagination parameters based on your selected pagination type. For offset-based pagination, specify the offset parameter name (offset) and starting offset value.

Save the Data Source

7. Once all of the relevant steps in the above sections have been completed, click the Next button to proceed with the rest of the data flow configuration, or click Save to save the data source configuration for later use.