Splunk App for Corda

Splunk App for Corda makes it easy for you to fully monitor your Corda Enterprise and OS environment. The example in examples/docker illustrates how to implement infrastructure metric monitoring, as well as application trace, metric and log monitoring.

Splunk App for Corda utilizes the following:

If you want to learn more about Splunk's efforts to support R3 Corda, raise an issue here or email us at blockchain@splunk.com

Usage

Splunk App for Corda relies on having direct access to the environment where your Corda nodes are running. As such, you'll need to modify the start up command for your Corda nodes. The startup command is illustrated here. Take note of the new dependencies you'll have, mentioned above. You can find an example of how to obtain and install them here.

In addition to the two java agents, make sure you install the following on your corda node host:

  • collectd
  • Splunk Universal Forwarder

Refer to the example node dockerfile for how to accomplish the above, or if you already have Splunk App for Infrastructure installed on your Splunk instance, follow the instructions in the App to add more data sources.

Corda Logging Spec (IMPORTANT!)

Splunk App for Corda relies on the Corda node logging in JSON. One of the most important updates you'll need to make to your Corda node startup is to specify a new logging configuration for Log4j2. You can see the full command here. Specifically, you'll find the logging config here, and will specify it like this:

java -Dlog4j.configurationFile=logging.xml -jar corda.jar

Logging arbitrary data

We have implemented a pattern for logging arbitrary data that is illustrated in the CorDapp used in the Docker example. This involves using ThreadContext to put additional strings into your logging context.

You'll need to:

Splunk considerations

Specify your Splunk host in the following locations:

Specify your Splunk HEC token in the following locations:

  • In the Otel Collector config, here and here.

On your Splunk instance

Take note that you'll need to install our Splunk Apps and Add-ons to make sense of all of the new data being sent to your instance.

Examples

We've provided a fully functioning example of everything outlined above, and you can learn more in the Docker example's README.