Cyber Chasse- Index Temperature And Humidity Sensor

Index Temperature and Humidity Sensor Data into Splunk using HEC

It was noticed that the internal servers to observe the index temperature and humidity sensor data operating Splunk were not functioning effectively. Certain execution issues and throttling were noticed. To interpret why this was occurring we onboarded various types of logs and observed various parameters. Maintaining the right temperature and humidity in the server room is equally a crucial factor that can affect the performance. This post will steer you on how to observe the actuator’s temperature and humidity levels and HEC it to Splunk. 

Hardware Needs: 

1. Temperature and Humidity sensor – DHT11 Module 

2. WIFI module devkit – NodeMCU  

3. Jumper wires 

Technology Needs: 

1. Arduino IDE 

2. Splunk 

What is the HTTP POST request process?  

POST is a request technique supported by HTTP that is utilized by the World Wide Web. As per the outline, the POST request technique calls that a server takes up the data in the body of the request message, mostly to store it. It is frequently used while uploading a file or presenting a completed web form. The header area in the POST request depicts the internet media type of the message’s body and other parameters involved, such as authentication. 

What is HEC? 

HEC or HTTP Event Collector is a feature of Splunk that is built-in by bearing developers in mind. HEC is nothing but a token-based HTTP server that allows the developers to POST the data/logs to index. 

Flow Diagram: 

PART 1: Setup HEC in Splunk 

Here are the step by step instruction to set-up HEC in Splunk.  

1) Click the settings and choose data inputs. 

2) Choose HTTP Event Collector in local inputs. 

3) Create “New Token” by selecting new token option. 

4) Fill in the desired details and click ‘next’. 

5) Configure the input setting. 

6) Review the configuration 

7) Congratulations! You have configured your HEC and generated the token successfully. 

8) The list of  HECs is available in Settings Data InputsHTTP Event Collector 

PART 2 

This part shows the instructions to interface the sensor & Node MCU and POST data/logs in Splunk. 
 

💽 Interfacing Hardware: 

Using Jumper wires connect: 

NODEMCU DHT11 
Vcc Vcc 
GND GND 
D1 Data Pin 

Code: 

 #include <ESP8266WiFi.h> 
 #include <ESP8266HTTPClient.h> 
 #include “DHT.h” 
   
 #define DHTPIN  5 
 #define DHTTYPE DHT11 
 float t,h; 
   
 DHT dht(DHTPIN, DHTTYPE); 
 void setup() { 
   Serial.begin(9600);                     //Serial connection 
   dht.begin(); 
   WiFi.begin(“xxxx”, “xxxx”);      //WiFi connection  
   while (WiFi.status() != WL_CONNECTED) {   //Wait for the WiFI connection completion 
     delay(500); 
     Serial.println(“Waiting for connection”); 
   } 
 
   
 void loop() { 
   h = dht.readHumidity(); 
   t = dht.readTemperature(); 
   if(WiFi.status()== WL_CONNECTED){   //Check WiFi connection status 
     HEC(); 
   }else{ 
     Serial.println(“Error in WiFi connection”);    
   } 
    
   delay(60000);  //Send a request every 1 mins 
 
   
   
 void HEC(){ 
   HTTPClient http;    //Declare object of class HTTPClient 
   temp=DHT  
   http.begin(“http://<YourIPAddress/URL>:8088/services/collector”);      //Specify request destination 
   http.addHeader(“Content-Type”, “text/plain”);  //Specify content-type header 
   http.addHeader(“Authorization”, “Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”); 
   String post=”{\”event\”:{\”Temperature\”:”+String(t)+”,\”Humidity\”:”+String(h)+”}}”; 
   Serial.println(post); 
   int httpCode = http.POST(post);   //Send the request 
   String payload = http.getString();                  //Get the response payload 
   
   Serial.println(httpCode);   //Print HTTP return code 
   Serial.println(payload);    //Print request response payload 
   
   http.end();  //Close connection 
 

view rawHEC.ino hosted with ❤ by GitHub 

How does the Code Work? 

Let’s take a look at the code and understand how it works. 

 
Firstly embrace all the required libraries. You can incorporate various libraries based on the board you use, functionalities and actuators interfacing. 
 

  • #include <ESP8266WiFi.h> 
    #include <ESP8266HTTPClient.h> 
    #include “DHT.h” 

To communicate with the actuator DHT11 on GPIO5 i.e. D1, the below code is used. 
 

  • #define DHTPIN 5 
    #define DHTTYPE DHT11 
    float t,h; 
    DHT dht(DHTPIN, DHTTYPE); 

To connect to WiFi. 

  • WiFi.begin(“xxxx“, “xxxx“);                //WiFi connection 
    while (WiFi.status() != WL_CONNECTED) {          //Wait for the WiFI connection completion 
    delay(500); 
    Serial.println(“Waiting for connection”); 

Read the Sensor Value and verify the status of Wifi connection  

  • h = dht.readHumidity(); 
    t = dht.readTemperature(); 
     
    if(WiFi.status()== WL_CONNECTED){ //Check WiFi connection status 
    <HEC is done here> 

HTTP post request:  

 
Destination URL: This is where the post request has to be sent. Your splunk is presented with default port 8088 in this URL/IP address and is followed by services/collector. It will look like this: http://:8088/services/collector 

Authorization code: The token that we got from Splunk after HEC setup is the authorization code, which has to be put in header. 

Content type: It’s a type of content/data/body that we send. 

Data: The data is provided in post variable here. This is the original data that is supposed to be indexed in Splunk.  

For JSON setup (in Splunk) the data must be in the event ‘JSON’ object as mentioned below: 

{“event”:{“Key”:Value}}  

The red colored area is your data. 
 

  • void HEC(){ 
     
    HTTPClient http; //Declare object of class HTTPClient 
    temp=DHT 
    http.begin(“http://<YoutIPAddress/URL>:8088/services/collector”); //Specify request destination 
    http.addHeader(“Content-Type”, “text/plain”); //Specify content-type header 
    http.addHeader(“Authorization”, “Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”); 
    String post=”{\”event\”:{\”Temperature\”:”+String(t)+”,\”Humidity\”:”+String(h)+”}}”; 
    Serial.println(post); 
    int httpCode = http.POST(post); //Send the request 
    String payload = http.getString(); //Get the response payload 
     
    Serial.println(httpCode); //Print HTTP return code 
    Serial.println(payload); //Print request response payload 
     
    http.end(); //Close connection 

PART 3 : Visualization 

⚠️ Alert – 

📋 Report – 

📊Dashboard – 

 
If you have any queries regarding this topic please drop your questions in the Comment Box Below and Follow us on 👍 Social Networks, Happy Splunking >😉