This is a simple Splunk metrics integration that works with any of the devices supported by Balena.
The main.py script collects OS performance metrics via shell commands and then sends to a specified metrics index on either Splunk Cloud or Splunk Enterprise.
To get this project up and running on the Splunk end, you'll need to have a working Splunk Cloud or Splunk Enterprise environment with the HTTP Event Collector (HEC) enabled and accessible from the internet. You'll also need to create a HEC authentication token and have a target metrics index enabled.
On the Balena end, signup for a balena account here, set up a device, and have a look at the Getting Started tutorial. Once you are set up with balena, you will need to clone this repo locally.
Follow these steps to push the code to your fleet to enable the data collection. Make sure to change the Dockerfile.template file to match the architecture of the target device for the build.
Once deployed, add the three OS environment variables below to enable the connection to Splunk:
SPLUNK_HOST = IP address or hostname of remote Splunk host
SPLUNK_TOKEN = the Splunk authentication token for HEC access
SPLUNK_INDEX = the name of the Splunk target index where the data will be stored
Note: The Splunk index must be a metrics index (not events).
This is how the variables should look on the Balena console:
Once running correctly, you should see this in your logs:
Metrics collected include the following:
load5min, DiskSize, DiskUsed, DisckUsedPct, UsedMem, TotalMem, UsedMemPct
Metrics dimensions (metadata) collected include the following:
balena_machine_name, balena_device_type, balena_local_ip
Here's an example search in Splunk using the load5min metric: