Welcome to the Cyara Knowledge Center

Splunk is a powerful logging aggregator platform which displays large amounts of information on graphical dashboards. Splunk is ideal as an integration for Cyara Pulse Dashboards. 

The main sections of this walk-through are as follows:

1. Review Pulse Campaign and Global Dashboard
2. View Splunk Dashboard and demonstrate Cyara data being received by Splunk
3. Cyara Pulse App for Splunk
4. Overview of configuring Splunk Integration
   1. Security/Access considerations
   2. Setting up the Splunk HEC (Splunk Console)
   3. Configuring User Impersonation
   4. Configuring Cyara to Splunk Integration (Cyara Portal)
   5. Defining what data is passed in to Splunk

1. Review Pulse Campaign and Global Dashboard

Splunk integration is designed to be used with Pulse and allows for all test results being tracked by a specific dashboard to be sent to Splunk.

As Cyara Global Dashboard by default is an aggregation of all Pulse results, it is recommended to use Global Dashboard as a Splunk feed data source.

Navigate to the Campaigns Tab;

In this demonstration we will run two Pulse Campaigns;

• “Pulse – AB IVR monitoring – Contact Us” runs every 60 minutes to validate a call in an Amazon Connect Environment which is designed to randomly play different “Contact Us” information which will cause Test Case to log an “Expect To Hear” failure.
• “Pulse – Premier Financial Services Monitoring” runs every 15 minutes and simply monitors a Genesys Test Environment. This campaign monitoring is not designed to cause Test Case failures.

Proceed to loading the Global Dashboard by navigating to the Reports Tab and accessing the Global Dashboard.

2. View Splunk Dashboard and demonstrate Cyara data being received by Splunk

Login to Splunk Portal and you should be presented with the Pulse Overview dashboard of the “Cyara Pulse App for Splunk”. This app is setup as a default dashboard.

There are additional dashboards that are part of the app and can be accessed from the menu. "Pulse Overview", "Test Results - Time Chart", "Test Results - Summary", "Test Results - Detail"

"Test Results - Time Chart"

"Test Results - Summary"

"Test Results - Detail"

3. Cyara Pulse App for Splunk

The Cyara Pulse App helps you analyze your CX Monitoring results from Cyara in Splunk. It is a set of pre-configured dashboards that help you glean valuable insights from the Cyara data. By enabling you to trend Cyara Pulse CX monitoring results over time (both short-term and long-term), these pre-configured dashboards provide flexible visualizations to help you answer questions such as:

• Which customer journeys are failing most frequently?
• What are the most common issue categories impacting my customer’s experience?
• Which of my phone numbers being monitored are more prone to issues?
• How does the performance of one business unit compare to others?

The Cyara Pulse app for Splunk also gives you a running start at building your own dashboards. The included source code can be leveraged and the queries adapted for use in other dashboards where you want to correlate Cyara data with other critical systems within your contact/data center ecosystem, such as your contact center platform (example, Genesys, Amazon Connect, Twilio, Avaya, Cisco), your CRM, and any of the servers and networking devices that support your CX.

Cyara Pulse App for Splunk can be download and installed by any Splunk customer by visiting Splunkbase (Splunk’s app store) and searching for “Cyara” or by following this URL: https://splunkbase.splunk.com/app/5221/

4. Overview of configuring Splunk Integration

Configuration

At a high level, there are 3 steps to setup the Cyara to Splunk Integration:

1. Setup the Splunk HTTP Event Collector (HEC)
2. Create/configure an Impersonation User
3. Configure the Cyara to Splunk Integration

4.1 Security/Access considerations

When configuring Splunk integration from Cyara Cloud Portal to Splunk Enterprise (premise) your IT organization must enable firewall access from the Cyara Cloud to your Splunk Enterprise instance. Whitelist the Cyara integration FQDN to allow connections from the Cyara Cloud to your Splunk instance. The specific port to allow the communication on is defined by the Splunk HTTP Event Collector configuration (commonly 8088):

• US FQDN: egress-ips.cyaraportal.us
• AU FQDN: egress-ips.cyaraportal.com
• UK FQDN: egress-ips.cyaraportal.co.uk

4.2 Setting up the Splunk HEC (Splunk Console)

1. In your Splunk Instance choose Settings > Data Inputs.
2. From the Local Input types select Add New HTTP Event Collector
3. Configure the collector using the default values as follows
   • Name: (Enter a name to remember this integration, we recommend "Cyara Pulse Monitoring")
   • Indexer Acknowledgement should not be enabled (if this is set to enabled, the integration will result in a Bad Request)
   • Select Source Type
     1. Structured
     2. _json
   • Default Index: cyara
     1. Note: It is highly recommended to create and use an index named "cyara" as it is the default index being used in the Cyara Pulse App for Splunk. However, if you already have your Cyara data in a different index, you will need to modify a single
        search macro to include the alternate index. To do so, go to: Settings > Advanced Search > Search Macros > Default index, and change the definition field from index=cyara to the name of your index.

4. Click Review
5. Click Submit
6. The success screen will show a Token Value that you will need later for posting events to your collector.
7. Check that the event collector is enabled. To enable, navigate back to your Data Inputs section by clicking Settings > Data Inputs > HTTP Event Collector and click on "Enable" located in the Actions column.

4.3 Adding an Impersonation User (Cyara Portal)

Before configuring the integration, you need to configure "Impersonation." Impersonation defines an account user on whose behalf the integration will leverage Cyara APIs. While you can designate any actual user for the impersonation, it is recommended that you create a designated user just for that role (e.g. integration.user).

To add a new Impersonation User to your Cyara Platform, follow these steps.

1. Click on Tools > Integrations menu in the Cyara Portal.
2. Click on Impersonation in the drop-down menu on the right.
3. Select the user that should be impersonated (That Cyara Integrations will authenticate as when pushing/pulling data via the Cyara API).

Navigate to Tool tab in Cyara Portal and select Integrations

Before configuring Splunk Integration you must configure user “Impersonation”. User impersonation is required for integration to have access to the Cyara API on a behalf of an account specific user.

Select “Impersonation” from a pull-down menu.

It is required that the account, for which the configuration is being performed, already has defined users. You only need one impersonation user defined for the integration. 

4.4 Configuring Cyara to Splunk Integration (Cyara Portal)

Once you have configured the Impersonation User, you are now set to configure an integration with Splunk!

Follow the steps below:

1. In Cyara Portal navigate to Tools > Integrations in the Top Menu. (If "Integrations" doesn't appear in the Tools menu, confirm that you have Cyara Integrations enabled).
2. Click the New Integration button
3. Integration Details
   • Select Splunk from the Type dropdown menu
   • Enter a Name and a Description for this integration (We recommend Cyara Pulse Monitoring for the name, and a rich description of the type of service being monitored).
   • From the Impersonate User pull-down menu select the user that will be impersonated for the API access
   • Select which Pulse Dashboard should be used as the primary source of data to be pushed to Splunk. To ensure that all available Pulse results get pushed to Splunk you can select the predefined Global Dashboard. You can select other dashboards that you created, but remember that only events being monitored by that dashboard will be pushed to Splunk.
4. Splunk Details
   • For Api Uri, enter the Splunk API URL (example https://my_splunk_instance:8088/services/collector)
   • For Authorization Token, enter the token that was generated when you created HEC
   • Click the "Test Authentication" button to validate your Splunk Credentials. If access, API Url and Token are configured correctly you should see a ✓ indicating a successful validation.
5. Event Field Selection
   • This section maps Cyara Data Variables to the Data Fields that will be sent to Splunk in a JSON document
   • Starting with Cyara 20.3 release, all data field mapping will be pre-populated by default, so you do not have to make any changes (see example below)
6. Make sure that the newly configured integration is Enabled. By default, all integrations are disabled
7. Click on Save Details.
8. Your integration is complete.

4.5 Defining what data is passed in to Splunk

Further to the default settings required for the Splunk Integration setup as covered in the Cyara User Guide Article "Configuring Splunk Integration" The following are the details required for configuring Splunk connectivity.

Lastly, you must define what data will be passed in to Splunk.

The following is a full list of the data variables available to the integration.

Default Data Mapping

Starting with 20.3 release when creating new Splunk Integration, the data mapping will already be pre-populated for you to match the data mapping requirement of the Cyara Pulse App for Splunk.

Note: the “$FullTestReslt” variable can only be used by itself in a field, and never in combination with any other variables