This section of the repository lets you analyze AEM as a Cloud Service (AEMCS) CDN log files and visualize metrics through dashboards using the Splunk, a popular log analysis tool.
Splunk is a popular log analysis tool that helps aggregate, analyze logs, and create visualizations for monitoring, and troubleshooting purposes.
To quickstart the analysis, the following dashboards are provided:
- CDN Cache Hit Ratio: provides insights into the total cache hit ratio and total count of requests by HIT, PASS, and MISS status. Also provides top HIT, PASS, and MISS URLs.
- CDN Traffic Dashboard: provides insights into the traffic via CDN and Origin request rate, 4xx and 5xx error rates, and non-cached requests. Also provides max CND and Origin requests per second per client IP address and more insights to optimize the CDN configurations.
- WAF Dashboard: provides insights via analyzed, flagged, and blocked requests. Also provides top attacks by WAF Flag ID, top 100 attackers by client IP, country, and user agent and more insights to optimize the WAF configurations.
However, you can enhance and create additional dashboards to gain further insights and optimize the CDN configurations.
- Access to Splunk Cloud or Splunk Enterprise
- AEMCS log forwarding to Splunk is enabled, refer to the documentation for more details.
This repository provides three .xml dashboard files in the dashboards directory. You can use these dashboards to visualize the CDN log data in Splunk.
-
Login to your Splunk instance.
-
Click Create New Dashboard button.
-
Provide a placeholder name for the dashboard, and select Classic Dashboard option.
-
In Edit Dashboard view, select Source toggle and paste the content of the desired
.xmlfile from the cloned repository'sdashboardsdirectory.
-
Click Save button to save the dashboard.
-
If needed change the
IndexandSource Typeto match your log data in the filter section.
-
Repeat the steps for other dashboards.
