This article describes in detail the steps to:
- configure the iOS library
- install Splunk Enterprise and Splunk app to receive data forwarded from iOS mobile devices
- basic Splunk searches
CONFIGURE THE iOS LIBRARY
- Download the logging library from http://splunk-base.splunk.com/apps/92296/mobile-analytics-with-splunk-storm-ios or https://github.com/nicholaskeytholeong/splunk-storm-mobile-analytics/blob/master/ios/splunkmobileanalytics.zip
- Unzip it and drag the splunkmobileanalytics folder into the project
- Select Relative to Project at Reference Type, then click Add.
![]()
- In the AppDelegate interface file (AppDelegate.h), import Splunk.h, like so:
![]()
- In the AppDelegate implementation file (AppDelegate.m), provide the SPLUNK_HOST_URL and TCP_PORT values in the message
![]()
- You are set! Splunk Enterprise is now integrated seamlessly into your iOS mobile app!
INSTALL SPLUNK ENTERPRISE AND SPLUNK APP
- Download the latest Splunk Enterprise from http://www.splunk.com/download
- Install Splunk Enterprise (in this article we assume a very simple Splunk deployment – your Splunk instance is both a receiver and an indexer)
- Download the app “Mobile Analytics with Splunk” from Splunk Apps http://apps.splunk.com/app/1578
- You may also install the app automatically from Splunk UI if you wish
- The app will be listed if it is installed correctly
![]()
- Go to the TCP inputs page in Splunk UI. You will notice that Splunk is listening to port 9090
![]()
- You may change the incoming port at the Splunk Enterprise. To do this:
vi $SPLUNK_HOME/etc/apps/mobileanalytics/default/inputs.conf [tcp://<ANOTHER_PORT>]
** Don’t forget to update the port number in the AppDelegate.m with “ANOTHER_PORT“
- Restart your Splunk instance
BASIC SPLUNK SEARCHES
- Hypothetically this is your stacktrace of the uncaught exception in your mobile app
![]()
- Remember the data forwarding that we configured earlier? The search summary page will update itself with the received data from the iOS device
![]()
- This is a simple search to filter only iOS events sourcetype=”ios_crash_log”
![]()
- This is a sample search to count the different types of uncaught exceptions that caused the app to crash
![]()
We hope that you find this article useful to forward data from iOS apps and to configure Splunk Enterprise. Feedback and suggestions are always welcome.