03 Apr Index Temperature and Humidity Sensor Data into Splunk using HEC
It was noticed that the internal servers to observe the index temperature and humidity sensor data operating Splunk were not functioning effectively. Certain execution issues and throttling were noticed. To interpret why this was occurring we onboarded various types of logs and observed various parameters. Maintaining the right temperature and humidity in the server room is equally a crucial factor that can affect the performance. This post will steer you on how to observe the actuator’s temperature and humidity levels and HEC it to Splunk.
Hardware Needs:
1. Temperature and Humidity sensor – DHT11 Module
2. WIFI module devkit – NodeMCU
3. Jumper wires
Technology Needs:
1. Arduino IDE
2. Splunk
What is the HTTP POST request process?
POST is a request technique supported by HTTP that is utilized by the World Wide Web. As per the outline, the POST request technique calls that a server takes up the data in the body of the request message, mostly to store it. It is frequently used while uploading a file or presenting a completed web form. The header area in the POST request depicts the internet media type of the message’s body and other parameters involved, such as authentication.
What is HEC?
HEC or HTTP Event Collector is a feature of Splunk that is built-in by bearing developers in mind. HEC is nothing but a token-based HTTP server that allows the developers to POST the data/logs to index.
Flow Diagram:
PART 1: Setup HEC in Splunk
Here are the step by step instruction to set-up HEC in Splunk.
1) Click the settings and choose data inputs.
2) Choose HTTP Event Collector in local inputs.
3) Create “New Token” by selecting new token option.
4) Fill in the desired details and click ‘next’.
5) Configure the input setting.
6) Review the configuration
7) Congratulations! You have configured your HEC and generated the token successfully.
8) The list of HECs is available in Settings ➡ Data Inputs ➡ HTTP Event Collector
PART 2
This part shows the instructions to interface the sensor & Node MCU and POST data/logs in Splunk.
💽 Interfacing Hardware:
Using Jumper wires connect:
| NODEMCU | DHT11 |
| Vcc | Vcc |
| GND | GND |
| D1 | Data Pin |
Code:
| #include <ESP8266WiFi.h> | |
| #include <ESP8266HTTPClient.h> | |
| #include “DHT.h” | |
| #define DHTPIN 5 | |
| #define DHTTYPE DHT11 | |
| float t,h; | |
| DHT dht(DHTPIN, DHTTYPE); | |
| void setup() { | |
| Serial.begin(9600); //Serial connection | |
| dht.begin(); | |
| WiFi.begin(“xxxx”, “xxxx”); //WiFi connection | |
| while (WiFi.status() != WL_CONNECTED) { //Wait for the WiFI connection completion | |
| delay(500); | |
| Serial.println(“Waiting for connection”); | |
| } | |
| } | |
| void loop() { | |
| h = dht.readHumidity(); | |
| t = dht.readTemperature(); | |
| if(WiFi.status()== WL_CONNECTED){ //Check WiFi connection status | |
| HEC(); | |
| }else{ | |
| Serial.println(“Error in WiFi connection”); | |
| } | |
| delay(60000); //Send a request every 1 mins | |
| } | |
| void HEC(){ | |
| HTTPClient http; //Declare object of class HTTPClient | |
| temp=DHT | |
| http.begin(“http://<YourIPAddress/URL>:8088/services/collector”); //Specify request destination | |
| http.addHeader(“Content-Type”, “text/plain”); //Specify content-type header | |
| http.addHeader(“Authorization”, “Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”); | |
| String post=”{\”event\”:{\”Temperature\”:”+String(t)+”,\”Humidity\”:”+String(h)+”}}”; | |
| Serial.println(post); | |
| int httpCode = http.POST(post); //Send the request | |
| String payload = http.getString(); //Get the response payload | |
| Serial.println(httpCode); //Print HTTP return code | |
| Serial.println(payload); //Print request response payload | |
| http.end(); //Close connection | |
| } |
view rawHEC.ino hosted with ❤ by GitHub
How does the Code Work?
Let’s take a look at the code and understand how it works.
Firstly embrace all the required libraries. You can incorporate various libraries based on the board you use, functionalities and actuators interfacing.
- #include <ESP8266WiFi.h>
#include <ESP8266HTTPClient.h>
#include “DHT.h”
To communicate with the actuator DHT11 on GPIO5 i.e. D1, the below code is used.
- #define DHTPIN 5
#define DHTTYPE DHT11
float t,h;
DHT dht(DHTPIN, DHTTYPE);
To connect to WiFi.
- WiFi.begin(“xxxx“, “xxxx“); //WiFi connection
while (WiFi.status() != WL_CONNECTED) { //Wait for the WiFI connection completion
delay(500);
Serial.println(“Waiting for connection”);
}
Read the Sensor Value and verify the status of Wifi connection
- h = dht.readHumidity();
t = dht.readTemperature();
if(WiFi.status()== WL_CONNECTED){ //Check WiFi connection status
<HEC is done here>
}
HTTP post request:
Destination URL: This is where the post request has to be sent. Your splunk is presented with default port 8088 in this URL/IP address and is followed by services/collector. It will look like this: http://:8088/services/collector
Authorization code: The token that we got from Splunk after HEC setup is the authorization code, which has to be put in header.
Content type: It’s a type of content/data/body that we send.
Data: The data is provided in post variable here. This is the original data that is supposed to be indexed in Splunk.
For JSON setup (in Splunk) the data must be in the event ‘JSON’ object as mentioned below:
{“event”:{“Key”:Value}}
The red colored area is your data.
- void HEC(){
HTTPClient http; //Declare object of class HTTPClient
temp=DHT
http.begin(“http://<YoutIPAddress/URL>:8088/services/collector”); //Specify request destination
http.addHeader(“Content-Type”, “text/plain”); //Specify content-type header
http.addHeader(“Authorization”, “Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”);
String post=”{\”event\”:{\”Temperature\”:”+String(t)+”,\”Humidity\”:”+String(h)+”}}”;
Serial.println(post);
int httpCode = http.POST(post); //Send the request
String payload = http.getString(); //Get the response payload
Serial.println(httpCode); //Print HTTP return code
Serial.println(payload); //Print request response payload
http.end(); //Close connection
}
PART 3 : Visualization
⚠️ Alert –
📋 Report –
📊 Dashboard –
If you have any queries regarding this topic please drop your questions in the Comment Box Below and Follow us on 👍 Social Networks, Happy Splunking >😉
