Splunk Demo For Hyperledger Besu

Hyperledger Besu is an Enterprise mainnet-compatible Ethereum client.

Hyperledger Besu sends logs directly to Splunk and exposes OpenTelemetry metrics and traces.

In this demo, we showcase how all this information can be used when syncing to the network.

The demo uses a set of working prototype Splunk applications.



Hyperledger Besu reports a wide array of metrics using the Prometheus or the OpenTelemetry frameworks.

Splunk can interpret those metrics and render them live in the analytics workspace and integrate them with dashboards.

Besu offers internal metrics showing the state of the client, from its memory use to the discovery of peers, its synchronization state and its highest block number.



Besu instruments all incoming JSON-RPC calls through tracing, reporting all interactions and the JSON-RPC method called. We also instrument critical processes such as the block processing time.


OpenTelemetry Collector

Hyperledger Besu works with the OpenTelemetry Collector to report data. The collector can send data to Splunk APM or Splunk Enterprise.

Our team has contributed a complete tutorial to the Hyperledger Besu official documentation for your reference. Feedback welcome!

Ledger Data

Hyperledger Besu is augmented with ethlogger to report all ledger data - blocks, transactions, and much more.

All this rich data is collected and analyzed by Splunk. Here is a typical transaction representing a token transfer on the Goerli network:


You can find the latest and greatest documentation and examples in our Github repository.

Don’t have a Besu node? No problem! Ethlogger can also interface with Infura and XDai (see this simple docker-compose example!).

Splunk Logging

Hyperledger Besu supports direct logging to Splunk over HTTP Event Collector, HEC for shorts.

Besu logging

Here is an example of configuration pointing Besu to log to Splunk directly, using environment variables:

LOGGER=Splunk \
SPLUNK_URL=https://localhost:8088 \
SPLUNK_TOKEN=11111111-1111-1111-1111-1111111111113 \
besu \
--network=dev \
--miner-coinbase=0xfe3b557e8fb62b89f4916b721be55ceb828dbd73 \
--miner-enabled \

LOGGER=Splunk configures Besu to log directly to Splunk.

SPLUNK_URL, SPLUNK_TOKEN and SPLUNK_SKIPTLSVERIFY are used to configure the HEC connection.

You can see more available options in the official Hyperledger Besu documentation.

Syncing to Chain

Besu Sync applications are Splunk Enterprise applications showcasing the power of combining logs, traces and metrics to understand how Besu performs.

This integration enables deep insights critical to Besu developers. During the initial sync, the client is tasked with peering with other participants and sync its data to match the blockchain. This benchmark is crucial when introducing breaking changes, such as the adoption of EIP-1559 constructs or Bonsai trees to represent transactions, or mundane, yet critical networking features such as exposing richer discovery information as exposed in EIP-868.

Here, Splunk offers a comprehensive view that combines all forms of data to understand better where time is spent and what factors into the quickest sync. Peering effectively seems extremely important, and we witness that block processing time is mostly constant through the sync.

Sync dashboard