Subscription Information
This feature is supported on the Self-Hosted platform, with a Pro, Pro X, Enterprise X, or Enterprise+ license.
JFrog supports integration with Splunk for log analytics and real-time observability. With this integration, you can:.
Monitor the operation of your JFrog Platform
Collect, visualize and analyze rich JFrog Xray violations data to assess the impact of license violations and vulnerabilities impacting your software
Prerequisites for Splunk
To enable Splunk to receive the unified log data, as well as, Xray violations data, you will need to set up the HTTP Event Collector(HEC) in your Splunk deployment. You can configure HEC in Splunk Enterprise.
Set Up Fluentd for Splunk
To set up Fluentd for Splunk, perform the following steps.
Install Fluentd logging agent on each JPD node, as shown in the Fluentd installation guide, for tailing the various JPD log files for new log lines to parse into fields.
Configure the installed Fluentd agent as per the configuration that matches the JFrog application running in the node, provided in the JFrog Splunk Log Analytics GitHub project.
View JFrog Platform Data in Splunk
Forward the aggregated log data and Xray violations data available through Fluentd to Splunk for searching, analyzing and visualizing the data. The JFrog Logs app for Splunk is available in Splunkbase.
Download and install the app to connect the JFrog Platform data to your existing Splunk account. Restart the Splunk instance after the app is installed from the Splunkbase. The app helps process extracted JFrog Platform logs and Xray violations data, and includes the following.
A diagnostic dashboard view for Artifactory and Xray
A violations dashboard summarizing license and security violations captured by Xray
View JFrog Log Data in Splunk
JFrog Platform log data is summarized in a diagnostic dashboard within the JFrog Logs app available in Splunkbase. This dashboard provides a diagnostic view for Artifactory and Xray.
 |
 |
 |
 |
Once the app is installed, the JFrog Logs dashboard presents timeline and count data for the following key operating metrics:
Log volumes, which can be filtered by type
Service errors
HTTP response codes
Accessed image
Accessed repositories
Data transfers in GB for uploads/downloads
Top 10 IPs for upload/download
Audit actions by username
Denied actions and logins by IP and username
Accepted deploys by username
If you need more, you can use the unified data to build your own custom dashboard widgets in Splunk, to gain the operating insights you need. For more detailed instructions on the Splunk integration, see the JFrog Splunk Log Analytics GitHub project.
View JFrog Xray Violations Data in Splunk
The Violations dashboard is provided as an additional tab under Xray within the JFrog Logs App, that is available in Splunkbase. This dashboard provides a comprehensive view of all the security and license violations impacting your software, along with insights on the most frequently impacted repositories, builds, release bundles, artifacts and components.
 |
Trending data on the volume, type and severity of vulnerabilities is provided to track the occurrence of critical vulnerabilities. Additional insight on most frequently impacted artifacts and components, as well as, most downloaded vulnerable artifacts and components, is also included.
 |
Drill down views make it easy for teams to get detailed information about a particular vulnerability of interest.
 |
All the log and Xray violations data come pre-mapped to the Splunk’s common information model which allows you to run queries, create custom visualizations and utilize this data with other tools within the Splunk ecosystem.
For more detailed instructions on the Splunk integration, see the JFrog Splunk Log Analytics GitHub project.
For integrations with lots of other log-vendors, see the log-analytics project on GitHub.