Custom API Analytics with Expressway and Splunk

Splunk – An Ancillary Source of API Analytics

Data analytics solutions seem as varied as the data they analyze. However, Expressway users have found tremendous success extending it’s built in API Analytics capabilities with those of Splunk’s – a recognized 2013 Gartner Magic Quadrant Leader for Security Information and Event Management. Intel distributes a free Splunk Application that ingests Expressway’s transactional logs. The application provides in depth dashboards and metrics of message transactions & system utilization. Recently, one of my customers wanted an alternate way to integrate Splunk with Expressway that:

  1. Goes beyond transactional context Expressway Service Gateway’s (ESG) transactional logs provide.
  2. Sends data directly to Splunk from ESG Applications – instead of Splunk ingesting ESG logs.
  3. Does 1 and 2 with negligible overhead.

Coupling Splunk’s ability to ingest “any data from any source” with ESG’s integration capabilities and Intel optimized performance, this was snap.

Integration of ESG and Splunk

ESG_Splunk_Invoke
Splunk offers several options for data input, including files & directories, TCP, UDP, and scripts. ESG’s flexible interfaces easily accommodate a TCP connection (right) to Splunk.

ESG paramaratizes all aspects of an incoming request, both content and context. For API requests this includes:

  • HTTP headers
  • HTTP method
  • HTTP URI segments
  • request size
  • response size
  • response code
  • query parameters
  • inbound IP address
  • processing time
  • specific message content
  • transaction time
  • … any other data …

Sending this data directly to Splunk allows it to generate real-time metrics of ESG’s API utilization.

Customized & Enriched Information

Even a small amount of Expressway data allows Splunk to yield instant yet thorough API analytics.

API Analytics Splunk Dashboards

Splunk’s true value to Expressway users (API providers) come from its ability to easily generate secondary (tertiary, etc.) API analytics. For example, say transactions have a HTTP header whose values represent a unique application identifier. Now statistics (calls per operation, processing time per operation, etc.) can be further delineated by application.

Calls_by_Operation_per_Applicaiton Processing_Time_by_Operation_Per_Application

Analytical permutations become a function of the amount of data sent from Expressway. Splunk’s custom application management does the rest!

Summary

Expresway Service Gateway – API security, high speed policy enforcement, data format & protocol mediation, with applicability across several industry verticals. Now seamless integration with Splunk, capable of proving in-depth transactional analytics – especially around API utilization. Be sure to keep an eye out in Splunk Apps for an Expressway API Analytics application – coming soon!

Joe Welsh

About Joe Welsh

Joe is a Proof of Concept Pre-Sales Engineer with Intel’s Application Security Software & Datacenter Software Divisions. He joined Intel after working as a Healthcare Integration and Software engineer. Joe’s current focus resides in helping provide integration solutions utilizing Intel’s flagship Expressway gateway security product line that includes: Intel Expressway Tokenization Broker, Service Gateway, and API Management products. When not working, Joe enjoys spending time with his family, the outdoors, music, live sports (soccer and hockey especially), and reading non-fiction.

Comments are closed.