Introducing the Hunk App for AWS Elastic Load Balancing

Update 9/27/16: As of Sept. 27, 2016, Hunk functionality has been incorporated into the Splunk Analytics for Hadoop Add-On and Splunk Enterprise versions 6.5 and later.

Today we’re excited to announce the addition of a new member in the class of apps that integrate with the Amazon Web Services ecosystem: Hunk App for AWS Elastic Load Balancing. Other apps in the class include the Splunk App for AWS that collects, reports and visualizes data from AWS CloudTrail and the AWS Billing App that helps you gain greater visibility and assurance in managing your AWS-hosted infrastructure.

What is AWS Elastic Load Balancing? In Amazon’s own words,

ELB is an AWS product that automatically distributes incoming application traffic across multiple Amazon EC2 instances. It detects unhealthy instances and reroutes traffic to healthy instances until the unhealthy instances have been restored. Elastic Load Balancing automatically scales its request handling capacity in response to incoming traffic.

What does the app do?

The app works with data from a newly released AWS feature called Elastic Load Balancing (ELB) Access Logging. For a quick how-to on setting this up please visit: ELB Access Log Collection. The logs contain data about the requests sent to the load balancer, such as the time a request was received, the client’s IP address, server responses, etc. The Hunk App for AWS Elastic Load Balancing leverages this information and provides visibility and insight into the health of the ELB service. Analyzing traffic trends over time and geography, identifying request capacity patterns, inspecting backend processing latency and troubleshooting application status issues can now be achieved faster than ever.

What dashboards are available?

There at least three operational facets exposed in the log data; traffic, latency and status – and the app provides views for each of them. Here’s a brief sample:

Overview landing page showing number of requests and their geographical distribution among other things.

Traffic Detail view showing the amount of traffic and number of requests split by backend, ELB and region.

Latency Overview showing various latency metrics aggregates over time.

Status Overview showing overall request status metrics over time and geography.


If you like what you see, head on over here and download the app. Note than unlike other traditional Splunk apps the Hunk App for AWS Elastic Load Balancing is available only for Hunk and requires an AWS EMR cluster to process and report on the ELB logs.

Requirements – ensure you have the following ready before you configure the app:

  • AWS Elastic Load Balancing Access Logging enabled
  • Access to ELB logs S3 bucket secured
  • EMR Cluster created
  • Hunk instance provisioned

The Documentation tab in the download page contains an outline on how to install the app. Detailed configuration documentation for setting up EMR, Hunk and virtual indexes can be found in the app itself. The app is community supported – if you have any questions or should you require any assistance please feel free to post on Splunk Answers.

Enjoy it!

Dritan Bitincka

Posted by


Show All Tags
Show Less Tags