Skip to main content
Splunk Lantern

Getting started with the Splunk App for Corda

The Splunk App for Corda makes it easy for you to fully monitor your Corda Enterprise and OS environment. The example in GitHub illustrates how to implement infrastructure metric monitoring, as well as application trace, metric, and log monitoring.

Splunk App for Corda utilizes the following:

If you want to learn more about Splunk's efforts to support R3 Corda, raise an issue here or email blockchain@splunk.com.

Usage

Splunk App for Corda relies on having direct access to the environment where your Corda nodes are running. As such, you'll need to modify the start up command for your Corda nodes. The startup command is illustrated here. Take note of the new dependencies you'll have, mentioned above. You can find an example of how to obtain and install them here.

In addition to the two java agents, make sure you install the following on your corda node host:

  • collectd
  • Splunk Universal Forwarder

Refer to the example node dockerfile for how to accomplish the above, or if you already have Splunk App for Infrastructure installed on your Splunk instance, follow the instructions in the app to add more data sources.

Splunk App for Corda relies on the Corda node logging in JSON. One of the most important updates you'll need to make to your Corda node startup is to specify a new logging configuration for Log4j2. You can see the full command here. You'll find the logging config here, and will specify it like this: java -Dlog4j.configurationFile=logging.xml -jar corda.jar

Logging arbitrary data

A pattern for logging arbitrary data has been implemented that is illustrated in the CorDapp used in the Docker example. This involves using ThreadContext to put additional strings into your logging context.

You'll need to:

  1. Include log4j2 core in your project.
  2. Import ThreadContext in your workflow.
  3. Put values into your logger ThreadContext.
  4. Remove values from ThreadContext when done.

Splunk considerations

Specify your Splunk host in the following locations:

Specify your Splunk HEC token in the Otel Collector config, here and here.

On your Splunk instance

Install the following Splunk apps and add-ons to make sense of all of the new data being sent to your instance.

Examples

You can view a fully functioning example of everything outlined above in the Docker example's README.