.CONF & SPLUNKLIVE!

Analyzing iOS data with Splunk Enterprise

This article describes in detail the steps to:

  1. configure the iOS library
  2. install Splunk Enterprise and Splunk app to receive data forwarded from iOS mobile devices
  3. basic Splunk searches

CONFIGURE THE iOS LIBRARY

  1. Download the logging library from http://splunk-base.splunk.com/apps/92296/mobile-analytics-with-splunk-storm-ios or  https://github.com/nicholaskeytholeong/splunk-storm-mobile-analytics/blob/master/ios/splunkmobileanalytics.zip
  2. Unzip it and drag the splunkmobileanalytics folder into the project
  3. Select Relative to Project at Reference Type, then click Add.
  4. In the AppDelegate interface file (AppDelegate.h), import Splunk.h, like so:
  5. In the AppDelegate implementation file (AppDelegate.m), provide the SPLUNK_HOST_URL and TCP_PORT values in the message
  6. You are set! Splunk Enterprise is now integrated seamlessly into your iOS mobile app!

INSTALL SPLUNK ENTERPRISE AND SPLUNK APP

  1. Download the latest Splunk Enterprise from http://www.splunk.com/download
  2. Install Splunk Enterprise (in this article we assume a very simple Splunk deployment – your Splunk instance is both a receiver and an indexer)
  3. Download the app “Mobile Analytics with Splunk” from Splunk Apps http://apps.splunk.com/app/1578
  4. You may also install the app automatically from Splunk UI if you wish
  5. The app will be listed if it is installed correctly
  6. Go to the TCP inputs page in Splunk UI. You will notice that Splunk is listening to port 9090
  7. You may change the incoming port at the Splunk Enterprise. To do this:
    vi $SPLUNK_HOME/etc/apps/mobileanalytics/default/inputs.conf
    [tcp://<ANOTHER_PORT>]
    

    ** Don’t forget to update the port number in the AppDelegate.m with “ANOTHER_PORT

  8. Restart your Splunk instance

BASIC SPLUNK SEARCHES

  1. Hypothetically this is your stacktrace of the uncaught exception in your mobile app
  2. Remember the data forwarding that we configured earlier? The search summary page will update itself with the received data from the iOS device
  3. This is a simple search to filter only iOS events sourcetype=”ios_crash_log”
  4. This is a sample search to count the different types of uncaught exceptions that caused the app to crash

We hope that you find this article useful to forward data from iOS apps and to configure Splunk Enterprise. Feedback and suggestions are always welcome.

----------------------------------------------------
Thanks!
Nicholas Key

Splunk
Posted by

Splunk

Join the Discussion