Why Unified Observability Is the Future of Infrastructure Management
Today’s organizations juggle a mix of physical equipment and digital services, spanning on-premises, cloud, SaaS, and remote locations. But as IT and OT environments grow more intertwined, so do the challenges of managing them. Siloed teams, fragmented data, and reactive monitoring are holding businesses back from true operational efficiency. What if you could gain a single, unified view of all your technology assets—no matter where they reside? Imagine proactively preventing outages, streamlining operations, and boosting cost efficiency with insights from across your IT and OT environments. In one of our latest blogs, we explore: • Why the convergence of IT and OT is reshaping infrastructure management • The business benefits of a unified observability approach across OT and IT • How leading organizations are breaking down silos for better decision making 👉 Read the full blog now!How to set up Splunk
This guide will provide step-by-step instructions on how to set up Splunk Indexes and an HTTP Event Collector, enabling you to easily view Fabric Events and Metrics. You will create two Indexes—one for Metrics and one for Events—and configure the settings for data retention and storage. You can use the Index and HTTP Event Collector Token Details in the following POST /fabric/v4/streamSubscriptions request. curl –X POST 'https://api.equinix.com/fabric/v4/streamSubscriptions' -H 'Content-Type: application/json' -H ' Authorization: Bearer <bearer token="">’ -d '{ "type": "STREAM_SUBSCRIPTION", "name": "<subscription_name>", "description": "subscription_desc", "stream": { "uuid": "<stream_id>" }, "sink": { "uri": "<protocol>://http-inputs-<host>.splunkcloud.com:<port>/<endpoint>", "type": "SPLUNK_HEC", "settings": { "eventIndex": "<name_of_eventindex>", "metricIndex": "<name_of_metricindex>", "source": "<name_of_splunk_hec>" }, "credential": { "type": "ACCESS_TOKEN", "accessToken": "Splunk <splunk_access_token>" } } }'</splunk_access_token></name_of_splunk_hec></name_of_metricindex></name_of_eventindex></endpoint></port></host></protocol></stream_id></subscription_name></bearer> Step-by-Step Instructions 1. Log in and Navigate to the Home Page Start by logging in to your Splunk instance. Once logged in, go to the Home page. 2. Access the Settings On the Home page, click on Settings in the top menu In the Settings menu, navigate to Indexes under the "Data" section. 3. Create an Event Index On the Indexes Page, click on New Index to create a new index. 3.1 Select Event Index Data Type Index Data Type: Events Index Data Type is selected by default. 3.2 Name the Event Index Name: Enter a name for your Event Index 3.3 Set Data Size Limit Data Size: Set the data size limit for the Index. For example, you can set it to 100MB. 3.4 Configure Retention Policy Retention Policy: Set the retention policy, i.e. 30 days. This means that data older than 30 days will be automatically deleted from the Index. 3.5 Set Dynamic Data Storage Dynamic Data Storage: Leave the settings as default for dynamic data storage. This ensures that your data is stored efficiently based on Splunk's default storage configuration. You will use above Event Index Name later in the POST /fabric/v4/streamSubscriptions request. 4. Create a Metric Index On the indexes page, click on New Index to create a new Index. 4.1 Select Metrics Index Data Type Index Data Type: Select Metrics Index Data Type. 4.2 Name the Metric Index Name: Enter a name for your Metric Index 4.3 Set Data Size Limit Data Size: Set the data size limit for the Index. For example, you can set it to 100 MB. 4.4 Configure Retention Policy Retention Policy: Set the retention policy, i.e. 30 days. Thsi means that data older than 30 days will be automatically deleted from the index. 4.5 Set Dynamic Data Storage Dynamic Data Storage: Leave the settings as default for dynamic data storage. This ensures that your data is stored efficiently based on Splunk's default storage configuration. You will use above Metric Index Name later in the POST /fabric/v4/streamSubscriptions request 5. Generate a HTTP Event Collector Token Value Ensure that the token values generated during this process are saved securely. These tokens may be required for further integration or for data ingestion processes. 5.1 Navigate to the Splunk Home Page On the Home Page, go to Settings in the top menu Under the "Data" section, click on Data Inputs 5.2 Select HTTP Event Collector In the Data Inputs section, select HTTP Event Collector 5.3 Create an HTTP Event Collector Token Click the New Token button to start the setup processes for the HTTP Event Collector 5.4 Name the HTTP Event Collector On the Add Data page, the only required input is the name. Name: Enter a name for your HTTP Event Collector. 5.5 Complete the Setup After naming your HTTP Event Collector, click Next on the Select Source Step. Click Next on the Input Settings Step to review your configurations. Finally, click Submit on the Review Step to complete the setup. 5.6 Add the Event and Metrix Indexes to the HTTP Event Collector In HTTP Event Collector, click "edit" on your HTTP Event Collector. Select your event and metric indexes that you have created. Set the event index as your default index. 5.7 Copy the Token Value Once the setup is complete, a Token value will be generated. Copy this Token value to your clipboard, as it will be needed later for the POST streamSubscription API. 6. Create a Splunk Subscription Now that the Indexes and HTTP Event Collector are set up, call the POST fabric/v4/streamSubscriptions request. Example: curl –X POST 'https://api.equinix.com/fabric/v4/streamSubscriptions' -H 'Content-Type: application/json' -H ' Authorization: Bearer <bearer token="">’ -d '{ "type": "STREAM_SUBSCRIPTION", "name": "<subscription_name>", "description": "subscription_desc", "stream": { "uuid": "<stream_id>" }, "sink": { "uri": "<protocol>://http-inputs-<host>.splunkcloud.com:<port>/<endpoint>", "type": "SPLUNK_HEC", "settings": { "eventIndex": "<name_of_eventindex>", "metricIndex": "<name_of_metricindex>", "source": "<name_of_splunk_hec>" }, "credential": { "type": "ACCESS_TOKEN", "accessToken": "Splunk <splunk_access_token>" } } }'</splunk_access_token></name_of_splunk_hec></name_of_metricindex></name_of_eventindex></endpoint></port></host></protocol></stream_id></subscription_name></bearer> 7. Search Events and Metrics Go to Home Page. Click on Search & Reporting. This will take you to a Splunk search page and search with your Event Index. E.g. index="". Refer to the "Fabric Observability with Client Sink Integration" document for detailed instructions on how to receive Events using a specific Sink Type. Additionally, refer to Splunk Documentation to Search and Query for Metrics. Example: | mstats avg(_value) prestats=t WHERE index="<name_of_metric_index>” AND metric_name="equinix.fabric.[port | connection | metro].*" span=1m by metric_name | timechart avg(_value) as "Avg" span=1m by metric_name</name_of_metric_index>
