Splunk

XYZ Corp. is a regular A10 client. The company has purchased multiple instances of Thunder and deployed it on their Splunk platform. The instances are configured as an ADC load balancer for their gaming applications named [Volleyball]. The company is receiving timeout/failover complaints from their online customers especially when there is a high traffic load caused by an event, festival, or holiday. The client wants a standard way to monitor using the Splunk dashboard and Splunk Analytics. Additionally, the client also wants to get an email alert when the aggregated CPU usage exceeds 75% to take an appropriate action.

The client has shared the following environment details:

Parameter	Description
Linux Environment IP	10.22.32.51
Hardware	2 GB RAM, 1 CPU, 4 GB memory
Thunder details
Thunder instance	1
Thunder IP	10.22.32.01
User Name	Online_Volleyball_TH
Password	Thunder@XYZ@3201
Resource_Name	North_Virginia_Online_Volleyball_TH
resource_id	i-1234567890lmnopq0
Thunder instance	2
Thunder IP	10.22.32.02
User Name	Online_Volleyball_TH2
Password	Thunder@XYZ@3202
Resource_Name	North_Virginia_Online_Volleyball_TH2
resource_id	i-1234567890rstuvw0
Splunk Monitoring details
token_log	2acdaae2a-0497-4a6c-97b7-b155e79aa88
token_metric	f944d49-37f4-4bba-a2f6-df0cdbe86fcbd
splunk_host	127.0.0.0:8088

Solution

A10 Support team will propose to install Thunder Observability Agent (TOA) for collecting and publishing logs on the Splunk platform:

1. Install Python if the recommended version is not already installed on the shared Linux instance IP 10.22.32.51.

   apt update
   apt-get install python3.10
   apt install python3-pip
   apt install cron
   apt install rsyslog

2. Install TOA.

   pip install virtualenv
   virtualenv venv
   source venv/bin/activate
   pip install thunder_observability_agent

3. Configure TOA.

   1. Configure Thunder details in the /root/.thunder/credentials file depending on the type of Thunder instance:

      Single instance

      {
            "autoscale" : 0,
            "provider" : "XXXX",
            "thunders": [{
      	      "ip": "10.22.32.01",
      	      "username": "Online_Volleyball_TH",
      	      "password": "Thunder@XYZ@3201",
      	      "resource_id": "i-1234567890lmnopq0",
      	     "active_partitions": "shared"
          	}]
      }
      

      Multiple instances

      {
            "autoscale" : 0,
            "provider" : "XXXX",
            "thunders": [{
      	   "ip": "10.22.32.01",
                "username": "Online_Volleyball_TH",
                "password": "Thunder@XYZ@3201",
                "resource_id": i-1234567890lmnopq0,
      	  "active_partitions": "shared"
              },
              {
                "ip": "10.22.32.02",
                "username": "Online_Volleyball_TH2",
                "password": "Thunder@XYZ@3202",
                "resource_id": "i-1234567890rstuvw0",
      	  "active_partitions": "shared"
          	}]
      }
      

   2. Update the Splunk credentials in the /root/.splunk/credentials file.

      token_log=2acdaae2a-0497-4a6c-97b7-b155e79aa88

      token_metric=f944d49-37f4-4bba-a2f6-df0cdbe86fcbd

   3. Update Splunk configuration properties in the /usr/toaenv/thunder-observability-agent/config.json file.

      {
        "splunk_provider": 1,
        "splunk_metric": 1, 
        "splunk_cpu": 1,
        "splunk_memory": 1,
        "splunk_disk": 1,
        "splunk_throughput": 1,
        "splunk_interfaces": 1,
        "splunk_cps": 1,
        "splunk_tps": 1,
        "splunk_server_down_count": 1,
        "splunk_server_down_percentage": 1,
        "splunk_ssl_cert": 1,
        "splunk_server_error": 1,
        "splunk_sessions": 1,
        "splunk_packet_rate": 1,
        "splunk_packet_drop": 1,
        "splunk_log": 1,  
        "splunk_host": "127.0.0.0:8088"

         }

4. Check logs at /var/log/thunder-observability-agent/agent.log.

For more examples, see GitHub.