Success-Plan Services
Fabrizio Bertocci
Splunk is a very popular commercial data analytics platform. It is used to search, monitor, analyze and visualize machine-generated data gathered from websites, applications, sensors, devices, etc. that make up your IT infrastructure and business. RTI Research is now exploring ways to make it possible for you to easily use Splunk to analyze all of your Data Distribution Service (DDS) data.
Because DDS is data centric, we already know what the structure of the data is on the wire. This makes the whole process of getting your data into Splunk pretty straightforward. And that’s great news for DDS users, because once it’s in Splunk, users can quickly analyze it, create dashboards, and get real-time alerts. [If you are looking to debug your systems and applications, you should check out RTI Admin Console’s data visualization features.]
Figure 1: Plot of a Shapes demo coordinate on Admin Console and Splunk
In this blog, we will give a brief overview on how to get your DDS data into Splunk, and how to allow real-time processing and integration with existing Splunk applications. In the examples that follow, we are using a prototype Splunk adapter that we built. If you like it, let us know! This will help us to determine if we should improve it.
There are multiple ways to insert data into Splunk. In our case, we use a Splunk Modular Input that directly subscribes to DDS data. Once we receive it, we then pass it to Splunk for insertion:
Figure 2: Data sharing between RTI Connext DDS and Splunk
The modular input is a process that is controlled by the Splunk engine itself and can be instantiated through the Splunk Administration interface (below):
Figure 3. Configuration of the Modular Input can be done through the Splunk Administration interface
The Splunk Modular Input contains a generic DDS application written in Javascript. It was built using RTI Connext DDS Connector, the RTI scripting language polyglot frontend for DDS. This application reads the subscriber information from a basic XML configuration file, and it creates the required DDS entities that are needed to receive the data. (You could easily modify this file to import your data).
For every sample received, the data is transformed to a JSON object and passed to Splunk embedded in an XML stream containing the events to be recorded. These operations are completely transparent to the user. Internally, Splunk then parses this JSON object and converts all its values into indexable fields. Once the data is inserted and indexed into Splunk, you can do all the usual search and filtering of your DDS-generated data through Splunk.
The modular input also has the ability to specify one or more transformation and filter plugins that are invoked for every sample received. This plugin mechanism supports transforming or filtering out non-relevant samples from the received data stream. This way you can implement advanced filtering, data transformations, or even data augmentation (‘add fields’) by simply implementing a Javascript function. For example, the following function can be used for the RTI Shapes Demo data type. It is called for every sample received. It filters out all the samples from a BLUE shape and swaps x with y:
function transformSample(recvInfo) {
let sample = recvInfo.data;
if (sample.color == "BLUE") {
return null; // Don't process blue shapes
}
[sample.x, sample.y] = [sample.y, sample.x]; // Swap X and Y
return sample;
}
Figure 4: Using Splunk for advanced filtering of DDS data
The RTI Connext DDS Splunk Modular Input project also includes a simple transformation plugin that can be applied to a demonstration that inserts data from Shapes Demo. This simple plugin:
- Filters out update events of the shape object and inserts into Splunk only data samples when the object change direction (X or Y)
- Adds additional information about the direction (Right/Left, or Up/Down) of the object
Once created, Splunk receives real-time updates of the position of the objects published by Shapes demo, when they change direction. It’s pretty awesome!
Figure 5: Screenshot of a Splunk real-time query
Of course, this is just one sample of how Splunk and DDS work together to deliver visibility into the DDS data running within your system. Once this work becomes more mature, you could use it in your production-grade use cases to rapidly and dynamically select any DDS data, and then quickly ingest, monitor, analyze and visualize it. This not only applies to your system data but also to DDS logs and events. You will be able to use Splunk to monitor all of the DDS security events as well. It could be a really powerful capability.
Figure 6: Screenshot of Splunk receiving Shapes Demo data
Please let us know if you are as excited about this as we are!
The Splunk Modular Input integration with RTI Connext DDS is available for free as a github project from the RTI Connext Community: https://github.com/rticommunity/rticonnextdds-splunk-modinput. Please refer to the project's README.md file for additional information.
About the author
Fabrizio Bertocci is a principal engineer at RTI. He has been with RTI for over 10 years. During his tenure, he has contributed to several parts of the RTI Connext DDS core libraries and products. He is currently with RTI Research, exploring new solutions, technologies and applications for DDS. Before joining RTI, he worked with EDA company Mentor Graphics, embedded silicon vendor VLSI (now NXP), along with technology start-ups. Fabrizio holds a Computer Engineering degree from the University of Pisa (Italy).