Splunking Your VoIP Gaining visibility into VoIP Phone Logs for U.S. Embassies
Splunk Your Car
What Happens When A Splunk Engineer Gets Hooked on Data
Soon after diving into the Splunk world, I became a data geek. I was hooked on Splunking all the things. I wanted to know what the data could tell me, I wanted to see what Splunk could show me through custom visualizations, I wanted to analyze everything!
After trying a few things, such as Splunking data on Montgomery County traffic and crime, I learned that it's possible to Splunk your car... and that's exactly what I decided to do. Here is a little bit about how I Splunked my car, a 2015 Jeep Grand Cherokee.
Before continuing, I should mention that I was able to complete this because of a third-party device called Automatic (www.automatic.com). Automatic is an adapter that plugs into a car's diagnostic (OBD-II) port, which is typically located under the dash. It unlocks the data from your car’s onboard computer. With this device, I have all the logs from my car being stored, and I set Splunk up to utilize Automatic’s API to bring in all the data.
It’s incredible how easy it is to bring years of drive logs into Splunk; there is an app built to do all the heavy lifting for you. The Splunk app store is filled with hundreds of free custom apps that either Splunk or another developer built. For almost anything you can think to Splunk, there is likely a solution online. Whether it is a Splunk app that contains pre-built visualizations (that you can download from splunkbase.splunk.com), or a written solution found on Splunk’s Q&A, you can find it!
With all my car data now in Splunk, I created custom visualizations and alerts. One example: I can map out all my drives onto a Google-like map and zoom into each one, clicking on it to show further details about that drive.
The car data contains information about how many miles you drive and what your gas efficiency is during your drives. This allows you to calculate exactly how much money every drive costs. I used this information to create a Splunk alerts, which sends me an email as soon as I finished each drive. This email includes information such as the start time, end time, start address, end address, total duration, total fuel used, total fuel cost, average mpg, distance, number of hard accelerations, number of hard brakes, time spent driving over 70mph, 75mph, and 80mph, and much more.
Also, anytime the engine light comes on in my car, it creates a log and then comes into Splunk. These logs from the engine light contain helpful information such as the error code and description of the issue, so I can create another alert that sends an email to my mechanic with the information every time my engine light comes on. My mechanic can then let me know if this is something that I need to bring the vehicle in for, or if I can simply ignore it and turn the engine light off myself (with the Automatic device/app).
Follow along with the instructions below to learn how to Splunk your own car.
What you will need:
- A computer
- A car with an Automatic device (automatic.com)
- The device that I have is from their previous generation device, before they had Automatic Lite and Automatic Pro. All of the different device versions will work for this project.
Steps to download Splunk and install the Automatic app:
- Go to splunk.com and download Splunk enterprise for your computer
- Install Splunk Enterprise onto your computer
- Access Splunk from a web browser at http://localhost:8000
- Login to Splunk (default credentials will be admin:changeme) and update your password
- Go to Manage Apps
- If on the default launcher/homepage, click the gear icon in the top left next to ‘Apps’
- If on another page, you will see a dropdown in the top left next to the Splunk logo, click the dropdown and then click ‘Manage Apps’
- Click the green button ‘Browse more apps’
- In the search bar, type ‘Automatic’ and hit enter
- The first app listed should be the Automatic app by the author, Burch Simon.
- Click the green button to Install the app
- Type in your username and password for splunk.com (same account you used to download Splunk)
- Click button to Login and Install
- Once installation is completed you will need to restart Splunk, click the button to restart.
Steps to get access token from Automatic (for API):
- Navigate to developer.automatic.com.
- Log in with the same credentials you use for Automatic's Dashboards to log into the developer site.
- Select “My Apps” and fill out the form. Use http://www.splunk.com as your app and follow their instructions for obtaining access to their REST API endpoints.
- It takes a few hours for the Automatic developer team to register your App and send you an email with the relevant information to get started.
- For me, this was very quick
- Log back into the developer web page and your App will be displayed with the relevant information.
- Navigate directly to http://automatic-oauth-example-nodejs.herokuapp.com and type in your Automatic user credentials. Write down the access code shown to you.
Steps to finish Splunk setup:
- Log back into your Splunk instance.
- Click on Settings -> Data Inputs -> Automatic Car Data
- Select the ‘New’ button
- Add your access token to the input asking for it
- Click Next -> Save to save this data input
It may take a couple of minutes for Splunk to reach out to Automatic’s API and start bringing in all your drive logs. You can watch them come in by going to the Automatic app (top left dropdown by the Splunk logo) and clicking on ‘Search’ in the main menu. This will automatically perform the search for you to see your car logs, you can also switch the time picker on the right to ‘Real-time All time’ to watch them come into Splunk in real time.
Once you see your car data coming into Splunk, you can click over to the Launchpad, Geographic, and Fuel dashboards on the main menu to check out some pre-built dashboards and visualizations.
If you have any comments or problems getting this setup, please feel free to comment below and I will try to respond as soon as I can. I would also love to hear any other custom visualizations and/or alerts you create!
Are you having an issue on-boarding data with Splunk?
Does your Splunk seem to underperform? Are you having trouble scaling?
We're here to help.