This article describes a way to integrate the Synthetic Classic REST API 3.2 with Splunk on Linux, as an alternative to the Splunk integration described in the documentation page Synthetic Classic API version 3.2 use cases.

Requirements

Do either of these:

  • Perform these steps on Linux machine with a forwarder loaded on it and Internet access.
  • Install scripts on a Linux machine.

Procedure

  1. Create a bash script using the date and wget commands. 
    Use whatever metrics and group dimensions you want for the URL string and for your login and password variables.
    The variable strings for begin and end grab a 15 minute window starting 30 minutes ago. This allows 15 minutes of time for the Dynatrace API database to log and make data available to the API.
    Have the wget command output the file to wherever you want, so long as the Splunk process has access to read the file.
    The following example script was written for SLES.
    #!/bin/bash
    #now minus 15 minutes to allow for data to enter the API database
    end=$(date --date='-15min' '+%s%3N')
    #30m lag
    begin=$(date --date='-30min' '+%s%3N')
    url=https://ultraapi-
    prod.dynatrace.com/v3.2/synthetic/trend?tstart=${begin}&tend=${end}&bucket=second&group=mname,monid,city,ecode,edesc&metrics=count,avail,nwtme,uxtme,cltme&login=LOGINID&pass=XXXXXXXX

    wget $url -O /opt/splunk/scripts/dynatrace_15m.xml

  2. Save the file as dynatrace_15m.sh.

  3. Make the file executable with:
    chmod +x Dynatrace_15m.sh

  4. Edit or add a props.conf file in /opt/{splunk or splunkforwarder}/etc/system/local/props.conf, with the following:
    [dynatrace_api]
    TIME_PREFIX = \"mtime\":
    SHOULD_LINEMERGE = false
    LINE_BREAKER = }(,){
    SEDCMD-remove_header = s/\{\"meta.+?data\":\[//g
    SEDCMD-remove_footer = s/\]\}//g

    Edit your crontab "crontab -e" to include the following line, so the script will run at every 15 minutes of the hour starting at 0:
    0,15,30,45 * * * * <yourpath>/dynatrace_15m.sh

  5. Edit your inputs.conf here: /opt/{splunk or splunkforwarder}/etc/apps/search/local.
    [monitor:///<yourpath>/dynatrace_15m.xml]
    disabled = false
    index = <YOURINDEX>
    sourcetype = dynatrace_api

    As an alternative, enter the data through the Splunk GUI if installing on a Splunk server:
    https://<YOURSPLUNKURL:PORT>/en-US/manager/search/data/inputs/monitor
    Select NEW, browse to the path of Dynatrace_15m.xml, and follow the wizard.

 

The following is an example of a Splunk dashboard with multiple data feeds to compare the data.

 

 

#!/bin/bash