Avi Networks is the Intent-Based Application Services Platform that automates elasticity and intelligence across any cloud. Avi provides a Software Load Balancer, Intelligent Web Application Firewall (iWAF) and Elastic Service Mesh to ensure a fast, scalable, and secure application experience. Customers enjoy 90% faster provisioning and 50% lower TCO.
The Avi Networks Splunk add-on provides inputs for defining sourcetypes, CIM compliant aliases and search time field extractions for three different sources of data from the Avi Controller; Events, Virtual Service Logs and Performance Metrics.
Events are used throughout Avi as an audit trail of what happened when. Events such as user logins, configuration changes and runtime state changes are all tracked as events.
https://avinetworks.com/docs/latest/alerts-overview/
https://avinetworks.com/docs/latest/alert-actions/
https://avinetworks.com/docs/latest/notifications-overview/
Getting Events into Splunk requires configuration changes made on the Avi Controller. To send Avi events into Splunk configure your alert-actions within the Avi Controller to send syslog messages with a destination endpoint being your Splunk infrastructure.
Virtual Service logs provide realtime in depth L7 application data for each request. The Virtual Service Logs are sent as a JSON payload over UDP.
https://avinetworks.com/docs/latest/architectural-overview/applications/virtual-services/vs-logs/
https://avinetworks.com/docs/latest/streaming-avi-logs-to-external-server/
Getting Virtual Service Logs into Splunk requires configuration changes made on the Avi Controller. To send Avi Virtual Service Logs into Splunk configure your anayltics profile to Stream to an External Server, defining your Splunk infrastructure as the server endpoint.
Avi provides over 200+ metrics allowing you to monitor not only the peformance of Avi as a service, but granular visibility or specific applications and backend pool servers.
A Scripted Data Input named Avi Metrics is included with the Splunk add-on. The Avi Metrics Data Input will connect to the specified Avi Controller(s) via the REST API and retrieve the performance metrics. To get performance metrics into Splunk add a new entry within the Avi Metrics data input specifying the Avi Controller cluster and relevant credentials. The default interval for the scripted input to run is every 5 minutes.
https://avinetworks.com/docs/latest/metrics-list/
Recommended Avi versions are 17.2.8 and up. Any version of Avi 17.2 will work, just know that for the performance metrics specifically there will be a few empty graphs for prior versions. Controller performance metrics were added in 17.2.5 and the per Service Engine Virtual Service metrics will work 17.2.8 and after.
The only other configuration required within the Avi Networks Splunk add-on itself is for adding entries in the Avi Metrics scripted input to retrieve performance metrics if desired.
The Avi Networks Splunk Add-on should be installed on the search heads, indexers and if they exist; heavy forwarders.
The Avi Metrics scripted input should be configured to run on a heavy forwarder if one exists, otherwise on a search head.
Avi provides end-to-end timing to troubleshoot issues in minutes, end guesswork and reduce time to resolution. Avi assigns health scores for each service based on network monitoring, application performance metrics, logs and security events. Avi Analytics drive actionable insights that make auto scaling seamless, automation intelligent and decision making easy.
100% API based architecture allows self-service provisioning and integration into the CI/CD pipeline for application delivery. Avi is intent-based by automating the heavy liftings and simplifying end user experience. Avi provides a variety of automation options including Python/GO SDK, RESTful APIs, turn-key integrations with Ansible, Terraform, Grafana, Splunk and Slack.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.