Welcome!

Java Authors: Jerry Melnick, Elizabeth White, Liz McMillan, Andreas Grabner, Tim Hinds

Related Topics: SOA & WOA, Java, Wireless, Web 2.0, Cloud Expo, Big Data Journal

SOA & WOA: Blog Feed Post

Custom API Analytics with Expressway and Splunk

Data analytics solutions seem as varied as the data they analyze

Splunk – An Ancillary Source of API Analytics
Data analytics solutions seem as varied as the data they analyze. However, Expressway users have found tremendous success extending it’s built in API Analytics capabilities with those of Splunk’s – a recognized 2013 Gartner Magic Quadrant Leader for Security Information and Event Management. Intel distributes a free Splunk Application that ingests Expressway’s transactional logs. The application provides in depth dashboards and metrics of message transactions & system utilization. Recently, one of my customers wanted an alternate way to integrate Splunk with Expressway that:

  1. Goes beyond transactional context Expressway Service Gateway’s (ESG) transactional logs provide.
  2. Sends data directly to Splunk from ESG Applications – instead of Splunk ingesting ESG logs.
  3. Does 1 and 2 with negligible overhead.

Coupling Splunk’s ability to ingest “any data from any source” with ESG’s integration capabilities and Intel optimized performance, this was snap.

Integration of ESG and Splunk

ESG_Splunk_Invoke

Splunk offers several options for data input, including files & directories, TCP, UDP, and scripts. ESG’s flexible interfaces easily accommodate a TCP connection (right) to Splunk.

ESG paramaratizes all aspects of an incoming request, both content and context. For API requests this includes:

  • HTTP headers
  • HTTP method
  • HTTP URI segments
  • request size
  • response size
  • response code
  • query parameters
  • inbound IP address
  • processing time
  • specific message content
  • transaction time
  • … any other data …

Sending this data directly to Splunk allows it to generate real-time metrics of ESG’s API utilization.

Customized & Enriched Information
Even a small amount of Expressway data allows Splunk to yield instant yet thorough API analytics.

API Analytics Splunk Dashboards

Splunk’s true value to Expressway users (API providers) come from its ability to easily generate secondary (tertiary, etc.) API analytics. For example, say transactions have a HTTP header whose values represent a unique application identifier. Now statistics (calls per operation, processing time per operation, etc.) can be further delineated by application.

Calls_by_Operation_per_Applicaiton Processing_Time_by_Operation_Per_Application

Analytical permutations become a function of the amount of data sent from Expressway. Splunk’s custom application management does the rest!

Summary
Expresway Service Gateway
– API security, high speed policy enforcement, data format & protocol mediation, with applicability across several industry verticals. Now seamless integration with Splunk, capable of proving in-depth transactional analytics – especially around API utilization. Be sure to keep an eye out in Splunk Apps for an Expressway API Analytics application – coming soon!

The post Custom API Analytics with Expressway and Splunk appeared first on Application Security.

Read the original blog entry...

More Stories By Application Security

This blog references our expert posts on application and web services security.