Splunk Secure Mobile Access for iOS

Splunk Secure Mobile Access for iOS

By Tom Stanley
Posted in Infrastructure
On July 01, 2019

Splunk is shining its light on Dark Data and enabling companies to extract real business value from their machine data. As the value of that newly exposed information increases, it is important to be able to access it from anywhere, even from mobile devices. Although a Splunk mobile app has been available for a few years, connecting to an on-premises Splunk Enterprise deployment was difficult. The mobile device needed some type of VPN software to access Splunk dashboards, or there were more complicated methods involving a Splunk Mobile Access Server in a DMZ or, later, the Splunk Add-On for Mobile Access.

Splunk has now released its Splunk Connected Experiences suite of mobile applications, leveraging the new Splunk Cloud Gateway application, to provide secure access to on-premises Splunk Enterprise with no separate VPN software required. Instead, the Cloud Gateway app on Splunk Enterprise communicates with the mobile apps through a secure, transparent, cloud-based service maintained by Splunk. Users need only install any of the mobile apps on their device and register it with their Cloud Gateway app to authorize the device and establish a secure communications channel. The mobile apps available are Splunk Mobile, Splunk AR, and Splunk TV for Apple TV. Unfortunately, Splunk Mobile and Splunk AR are only available for iOS.

Splunk Cloud Gateway

This is a standard Splunk app that can be installed through Splunk’s Manage Apps interface. This provides the interface between Splunk Enterprise and the mobile service provided by Splunk. It provides for registering and managing mobile devices, enabling or disabling access from each of the mobile applications, configuring AR workspaces (views), and troubleshooting the solution. It should be installed on a search head or search head cluster, and is compatible with Splunk Cloud.

Splunk Mobile

This is the principal app for displaying dashboards and alerts on mobile devices. This is a simplification of the old Splunk app for mobile devices that limits the complexity of dashboards to make them more appropriate for the constrained mobile screen size by limiting the available visualizations and encouraging larger touch areas. There is support for all of the built-in Splunk visualization except maps, but no support for visualization add-ons. Single-value and textual table visualizations support drill-down to web URLs or other dashboards. There is an Apple Watch app which supports single values and line, bar, and pie charts only. Details can be found in the release notes for Splunk Cloud Gateway.

A standard feature of Splunk Enterprise when configuring an Alert is to assign one or more actions when the Alert is triggered, such as sending an e-mail or running a script. There is now an action called “Send to mobile.” This will trigger an alert in the Splunk Mobile app for users with the Splunk role you specify. You can assign an optional visualization to load in the Splunk Mobile app, and an optional response, which is a clickable URL. The response URL could, for example, take the mobile user to an HTML status/control page for a service outside of Splunk.

Splunk TV

If you have an Apple TV device in a NOC or SOC, you may be interested in the Splunk TV app. The Apple TV needs to be a 4th generation or 4K model running tvOS 11.4.1 or later (see Prerequisities for latest requirements). You install the “Splunk TV” app from the App Store on the Apple TV and register the device with the Splunk Cloud Gateway app in Splunk Enterprise. Within the app you can browse or search for dashboards to view, and set them as favorites for quick access. For hands-off environments, once a dashboard is selected, the app can cycle repeatedly through each panel with a configurable delay. If you need to present more information, you can create a dashboard group and have the app cycle through each complete dashboard view. Dashboards are limited to 9 panels in a 3x3 grid layout.

The Splunk TV app’s ability to connect to an on-premises Splunk instance, through the Splunk Cloud Gateway and without a direct network connection from the viewing location to the Splunk Enterprise deployment, allows greater flexibility in where corporate data can be displayed without compromising security.

Splunk AR (Augmented Reality)

If you’re looking for something a little more interactive for your mobile Splunk experience, you should look at Splunk AR. This app allows you to overlay single value or gauge visualizations on a live view from your mobile device’s camera. The visualizations can be selected by scanning a QR code or an NFC tag for close-up environments, by detecting Bluetooth lower energy (BLE) beacons for larger areas, or by entering geofences for even larger areas. These triggers can also bring up standard, non-AR, dashboards as in the Splunk Mobile app, if you prefer.

Imagine walking up to a rack of systems in a data center, scanning a QR code on the rack, and seeing CPU or temperature gauges for each device overlaid on the live view of the rack. Or tap an NFC tag on an IoT-enabled diesel generator and see values and visualizations for each component of the engine as you walk around it. A member of a building maintenance team could drive onto a corporate campus and have thermostat readings from each building overlay the view on a mobile screen. The ability to overlay Splunk data on live video opens up completely new interactive use cases for any industry.

Getting Started

You can download the Splunk Cloud Gateway app from Splunkbase or by browsing apps from within your Splunk Enterprise application manager. Documentation for Splunk Cloud Gateway and for using each of the mobile apps is available in the Splunk Connected Experiences documentation at Splunk. Get Splunk’s perspective, including some example screenshots and a fun-but-informative introductory video, in their blog, “Splunk Connected Experiences: The Power of Splunk Wherever You Are”. Gotham Technology Group is always ready to talk to you about how you can get started with Splunk or how you can integrate Splunk Connected Experiences with your existing Splunk Enterprise or Splunk Cloud deployment and start using your mobile device to shed light on your Dark Data.