Skip to content

Prepare JMX servers for the Splunk Add-on for JMX

Before you configure your inputs, prepare your JMX servers for connectivity with the Splunk platform. Depending on how you want to set up your inputs for each server, you may need to configure connectivity in different ways for different servers.

Connect to a local JVM using a process ID

When connecting directly to local JVM using a process ID, the JRE uses a native library called attach.dll on Windows and libattach.so on Linux. In Windows, the library is located at %JRE_HOME%\bin\attach.dll In Linux, the library is located at $JDK_HOME/jre/lib/i386/libattach.so

  1. Depending on your operating system, use one of the following methods:

    • If you are using Windows, add %JAVA_HOME%\jdk1.x.x_xx\jre\bin\ to the environment variable %PATH%.
    • If you are using Linux, the attach library is only packaged in the JRE that is part of a JDK install. If you do not have libattach.so, you can get it from the JDK($JDK_HOME/lib/) and copy it into the JRE’s lib ($JDK_HOME/jre/lib/) directory.

  2. (Optional) To use this method to connect to your local JVMs when you configure your data inputs for this add-on, select one of the three connection type options under Attach to process when you add a server. For more information, see Configure the inputs for the Splunk Add-on for JMX.

Get process id from service name

Use the following command to get the process id of any service:

ps -eafH | grep "java" | grep "{your_service_name}" | grep -v "grep" | awk '{print $2}'

Connect to a local or remote JMX server through system properties

To set up a JMX server for remote access, follow the instructions in the Oracle documentation: http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html#remote.

Select either rmi or iiop as your connection type when you configure your inputs if you use this method to connect to your local or remote JVMs. For more information, see Configure the inputs for the Splunk Add-on for JMX.

Connect to a local or remote JMX server using MX4J

The Splunk Add-on for JMX supports MX4J as the JMX implementation for remote connectors (rmi and iiop). You can also use any of the MX4J-specific JMX connectors (soap, burlap, hessian).

Note

If you use Java 8 or 11, remote method invocation (RMI) is the only supported set of MX4J protocols.

Select the MX4J-specific JMX connector that you use as your connection type when you configure your inputs if you use this method to connect to your local or remote JVMs. For more information, see Configure the inputs for the Splunk Add-on for JMX.

Note

If you are using any of the HTTPS connectors (soap+ssl, hessian+ssl, burlap+ssl), the root certification authority should be present in the trusted certificates, normally stored in the $JAVA_HOME/jre/lib/security/cacerts file.

To connect to a JMX server with SSL, follow these steps.

Prerequisite

Generate Server certificates

  1. Export the server certification to a file. Use the keytool utility provided by Java to generate the SSL certificate. The following example uses the filename server.cer:> keytool -export -keystore <server_key_store> -alias <key_alias> -file server.cer
  2. Copy the file to the machine running Splunk Enterprise.
  3. Create a keystore file, set your password, name it mx4j.ks and put it under $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin.
  4. Import server.cer into mx4j.ks using your password. > keytool -import -keystore mx4j.ks -alias <key_alias> -file server.cer By using this command, you can append other certificates in the mx4j.ks file for use by the Splunk Add-on for Java Management Extension.
  5. Add the password to access certificates in the mx4j.ks file through the UI from the menu for Splunk add-on for JMX Configuration > Java System Properties > TrustStore Password.
  6. Restart Splunk Enterprise.

Generate Client certificates

  1. Export the client certification to a file. Use the keytool utility provided by Java to generate the SSL certificate. The following example uses the filename server.cer:> keytool -export -keystore <client_key_store> -alias <key_alias> -file client.cer
  2. Copy the file to the machine running Splunk Enterprise.
  3. Create a keystore file, set your password, name it jmx_client.ks and put it under $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin.
  4. Import client.cer into jmx_client.ks using your password. > keytool -import -keystore jmx_client.ks -alias <key_alias> -file client.cer By using this command, you can append other certificates in the jmx_clientj.ks file for use by the Splunk Add-on for Java Management Extension.
  5. Add the password to access certificates in the jmx_client.ks file through the UI from the menu for Splunk add-on for JMX Configuration > Java System Properties > KeyStore Password.
  6. Restart Splunk Enterprise.

Note

Use client certificates when you want to have a fully secure RMI Registry between your server and client. You must update server configurations as well as any applicable properties.

Provide passwords for certificates stored in the Keystore and Truststore

Property Meaning Default value
TrustStore password The password to access the jmx_client.ks file under Splunk_TA_jmx/bin/. This would contain the client certificates.
KeyStore password The password to access the mx4j.ks file under Splunk_TA_jmx/bin/. This would contain the server certificates.
Certificate Length Maximum number of certificates that can be stored in a keystore. 10

Next, configure your inputs.