gNMI and Splunk Integration
Powerful performance with an easy integration, powered by Telegraf, the open source data connector built by InfluxData.
5B+
Telegraf downloads
#1
Time series database
Source: DB Engines
1B+
Downloads of InfluxDB
2,800+
Contributors
Table of Contents
Powerful Performance, Limitless Scale
Collect, organize, and act on massive volumes of high-velocity data. Any data is more valuable when you think of it as time series data. with InfluxDB, the #1 time series platform built to scale with Telegraf.
See Ways to Get Started
Input and output integration overview
The gNMI (gRPC Network Management Interface) Input Plugin collects telemetry data from network devices using the gNMI Subscribe method. It supports TLS for secure authentication and data transmission.
This output plugin facilitates direct streaming of Telegraf collected metrics into Splunk via the HTTP Event Collector, enabling easy integration with Splunk’s powerful analytics platform.
Integration details
gNMI
This input plugin is vendor-agnostic and can be used with any platform that supports the gNMI specification. It consumes telemetry data based on the gNMI Subscribe method, allowing for real-time monitoring of network devices.
Splunk
Use Telegraf to easily collect and aggregate metrics from many different sources and send them to Splunk. Utilizing the HTTP output plugin combined with the specialized Splunk metrics serializer, this configuration ensures efficient data ingestion into Splunk’s metrics indexes. The HEC is an advanced mechanism provided by Splunk designed to reliably collect data at scale via HTTP or HTTPS, providing critical capabilities for security, monitoring, and analytics workloads. Telegraf’s integration with Splunk HEC streamlines operations by leveraging standard HTTP protocols, built-in authentication, and structured data serialization, optimizing metrics ingestion and enabling immediate actionable insights.
Configuration
gNMI
[[inputs.gnmi]]
## Address and port of the gNMI GRPC server
addresses = ["10.49.234.114:57777"]
## define credentials
username = "cisco"
password = "cisco"
## gNMI encoding requested (one of: "proto", "json", "json_ietf", "bytes")
# encoding = "proto"
## redial in case of failures after
# redial = "10s"
## gRPC Keepalive settings
## See https://pkg.go.dev/google.golang.org/grpc/keepalive
## The client will ping the server to see if the transport is still alive if it has
## not see any activity for the given time.
## If not set, none of the keep-alive setting (including those below) will be applied.
## If set and set below 10 seconds, the gRPC library will apply a minimum value of 10s will be used instead.
# keepalive_time = ""
## Timeout for seeing any activity after the keep-alive probe was
## sent. If no activity is seen the connection is closed.
# keepalive_timeout = ""
## gRPC Maximum Message Size
# max_msg_size = "4MB"
## Enable to get the canonical path as field-name
# canonical_field_names = false
## Remove leading slashes and dots in field-name
# trim_field_names = false
## Guess the path-tag if an update does not contain a prefix-path
## Supported values are
## none -- do not add a 'path' tag
## common path -- use the common path elements of all fields in an update
## subscription -- use the subscription path
# path_guessing_strategy = "none"
## Prefix tags from path keys with the path element
# prefix_tag_key_with_path = false
## Optional client-side TLS to authenticate the device
## Set to true/false to enforce TLS being enabled/disabled. If not set,
## enable TLS only if any of the other options are specified.
# tls_enable =
## Trusted root certificates for server
# tls_ca = "/path/to/cafile"
## Used for TLS client certificate authentication
# tls_cert = "/path/to/certfile"
## Used for TLS client certificate authentication
# tls_key = "/path/to/keyfile"
## Password for the key file if it is encrypted
# tls_key_pwd = ""
## Send the specified TLS server name via SNI
# tls_server_name = "kubernetes.example.com"
## Minimal TLS version to accept by the client
# tls_min_version = "TLS12"
## List of ciphers to accept, by default all secure ciphers will be accepted
## See https://pkg.go.dev/crypto/tls#pkg-constants for supported values.
## Use "all", "secure" and "insecure" to add all support ciphers, secure
## suites or insecure suites respectively.
# tls_cipher_suites = ["secure"]
## Renegotiation method, "never", "once" or "freely"
# tls_renegotiation_method = "never"
## Use TLS but skip chain & host verification
# insecure_skip_verify = false
## gNMI subscription prefix (optional, can usually be left empty)
## See: https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-specification.md#222-paths
# origin = ""
# prefix = ""
# target = ""
## Vendor specific options
## This defines what vendor specific options to load.
## * Juniper Header Extension (juniper_header): some sensors are directly managed by
## Linecard, which adds the Juniper GNMI Header Extension. Enabling this
## allows the decoding of the Extension header if present. Currently this knob
## adds component, component_id & sub_component_id as additional tags
# vendor_specific = []
## YANG model paths for decoding IETF JSON payloads
## Model files are loaded recursively from the given directories. Disabled if
## no models are specified.
# yang_model_paths = []
## Define additional aliases to map encoding paths to measurement names
# [inputs.gnmi.aliases]
# ifcounters = "openconfig:/interfaces/interface/state/counters"
[[inputs.gnmi.subscription]]
## Name of the measurement that will be emitted
name = "ifcounters"
## Origin and path of the subscription
## See: https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-specification.md#222-paths
##
## origin usually refers to a (YANG) data model implemented by the device
## and path to a specific substructure inside it that should be subscribed
## to (similar to an XPath). YANG models can be found e.g. here:
## https://github.com/YangModels/yang/tree/master/vendor/cisco/xr
origin = "openconfig-interfaces"
path = "/interfaces/interface/state/counters"
## Subscription mode ("target_defined", "sample", "on_change") and interval
subscription_mode = "sample"
sample_interval = "10s"
## Suppress redundant transmissions when measured values are unchanged
# suppress_redundant = false
## If suppression is enabled, send updates at least every X seconds anyway
# heartbeat_interval = "60s"
Splunk
[[outputs.http]]
## Splunk HTTP Event Collector endpoint
url = "https://splunk.example.com:8088/services/collector"
## HTTP method to use
method = "POST"
## Splunk authentication token
headers = {"Authorization" = "Splunk YOUR_SPLUNK_HEC_TOKEN"}
## Serializer for formatting metrics specifically for Splunk
data_format = "splunkmetric"
## Optional parameters
# timeout = "5s"
# insecure_skip_verify = false
# tls_ca = "/path/to/ca.pem"
# tls_cert = "/path/to/cert.pem"
# tls_key = "/path/to/key.pem"
Input and output integration examples
gNMI
-
Monitoring Cisco Devices: Use the gNMI plugin to collect telemetry data from Cisco IOS XR, NX-OS, or IOS XE devices for performance monitoring.
-
Real-time Network Insights: With the gNMI plugin, network administrators can gain insights into real-time metrics such as interface statistics and CPU usage.
-
Secure Data Collection: Configure the gNMI plugin with TLS settings to ensure secure communication while collecting sensitive telemetry data from devices.
-
Flexible Data Handling: Use the subscription options to customize which telemetry data you want to collect based on specific needs or requirements.
-
Error Handling: The plugin includes troubleshooting options to handle common issues like missing metric names or TLS handshake failures.
Splunk
-
Real-Time Security Analytics: Utilize this plugin to stream security-related metrics from various applications into Splunk in real-time. Organizations can detect threats instantly by correlating data streams across systems, significantly reducing detection and response times.
-
Multi-Cloud Infrastructure Monitoring: Integrate Telegraf to consolidate metrics from multi-cloud environments directly into Splunk, enabling comprehensive visibility and operational intelligence. This unified monitoring allows teams to detect performance issues quickly and streamline cloud resource management.
-
Dynamic Capacity Planning: Deploy the plugin to continuously push resource metrics from container orchestration platforms (like Kubernetes) into Splunk. Leveraging Splunk’s analytics capabilities, teams can automate predictive scaling and resource allocation, avoiding resource bottlenecks and minimizing costs.
-
Automated Incident Response Workflows: Combine this plugin with Splunk’s alerting system to create automated incident response workflows. Metrics collected by Telegraf trigger real-time alerts and automated remediation scripts, ensuring rapid resolution and maintaining high system availability.
Feedback
Thank you for being part of our community! If you have any general feedback or found any bugs on these pages, we welcome and encourage your input. Please submit your feedback in the InfluxDB community Slack.
Powerful Performance, Limitless Scale
Collect, organize, and act on massive volumes of high-velocity data. Any data is more valuable when you think of it as time series data. with InfluxDB, the #1 time series platform built to scale with Telegraf.
See Ways to Get Started
Related Integrations
Related Integrations
HTTP and InfluxDB Integration
The HTTP plugin collects metrics from one or more HTTP(S) endpoints. It supports various authentication methods and configuration options for data formats.
View IntegrationKafka and InfluxDB Integration
This plugin reads messages from Kafka and allows the creation of metrics based on those messages. It supports various configurations including different Kafka settings and message processing options.
View IntegrationKinesis and InfluxDB Integration
The Kinesis plugin allows for reading metrics from AWS Kinesis streams. It supports multiple input data formats and offers checkpointing features with DynamoDB for reliable message processing.
View Integration