Skip to content

Configure NGINX status API input

NGINX Plus provides a real-time live activity monitoring interface that shows key load and performance metrics of your server infrastructure. These metrics are represented as a RESTful JSON interface and this live data can be ingested into Splunk as NGINX Status API input.

Configure the NGINX Status API input through Splunk Web.

  1. Identify whether your NGINX deployment uses encrypted or unencrypted communication. See Switch between encrypted and unencrypted communication in this topic for more information.
  2. Log in to Splunk Web.
  3. Select Settings, and then Data inputs, and then Splunk Add-on for NGINX.
  4. Click New.
  5. On the NGINX Status API Input page, enter the following fields:
    • Name: A unique name that identifies the NGINX Status API input
    • Log level: One of these log levels (with decreasing verbosity): debug, info, warning, error
    • NGINX URL: Location of the NGINX status JSON REST interface. For example, 127.0.0.1/api
    • NGINX API Types: Enter comma-separated NGINX Plus API types for which data needs to be fetched. Allowed values are processes, connections, slabs, http, stream, resolvers, and ssl.
    • NGINX Username (Optional) Add the NGINX username you use to access the NGINX status JSON REST interface.
    • NGINX Password (Optional) Add the NGINX password you use to access the NGINX status JSON REST interface.
  6. Optionally, select More settings and modify the detailed settings field values as needed.
  7. Click Next.
  8. Click Review.
  9. After you review the information, click Submit.

Switch between encrypted and unencrypted communication

Switch between encrypted and unencrypted communication. By default, all the communications from the Splunk Add-on for NGINX to your NGINX servers are encrypted by using HTTPS with SSL certificate validation enabled. If your NGINX server is configured with HTTPS and a valid CA signed certificate, then communications with your NGINX server work with the default configurations.

Configure the Splunk Add-on for NGINX to use a self-signed certificate

If your NGINX server is configured with HTTPS using a self-signed certificate, perform the following steps:

  1. Download the CA certificate of the NGINX server in PEM format.
  2. Move the CA certificate to the $SPLUNK_HOME/etc/apps/Splunk_TA_nginx/local directory.
  3. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_nginx/default/.
  4. Copy splunk_ta_nginx_settings.conf and paste in your deployment’s $SPLUNK_HOME/etc/apps/Splunk_TA_nginx/local folder.
  5. In $SPLUNK_HOME/etc/apps/Splunk_TA_nginx/local, open splunk_ta_nginx_settings.conf, and enter the path of the CA certificate file (including the file name) under the ssl_settings stanza.
  6. Save your changes.
  7. Restart the Splunk platform.

Switch from HTTPS to HTTP communications

Switch from HTTPS to HTTP communications when your NGINX server is configured with HTTP communications.

  1. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_nginx/local/, and open splunk_ta_nginx_settings.conf in a text editor.
  2. Under the ssl_settings stanza, change the value of the http_scheme field from HTTPS to HTTP.
  3. Save your changes.
  4. Restart your Splunk platform instance.

Validate data collection

After you configure monitoring, run the following search to check that you are ingesting the data that you expect:

sourcetype=nginx:plus:api