All the work presented in this blog post is open source and available as part of our Splunk Connect for Ethereum repository examples, including the instrumentation of Besu as a Docker container, the configuration of Splunk, and two applications showing how to monitor Besu syncing to the chain.
Hyperledger Besu is a Java-based, enterprise-ready, mainnet-compatible Ethereum client hosted by the Hyperledger Foundation, and now Hyperledger Besu integrates with the OpenTelemetry project to deliver real-time, actionable insights into your Ethereum client performance.
In this post, we detail how Besu leverages OpenTelemetry, what kind of data is available, how to best ingest it, and how to extract insights with quick searches and elegant dashboards using Splunk. We’ll also go into details on how it applies to the critical use case of syncing to the chain. Finally, we show how it combines with our best-in-class Ethlogger to deliver a complete data insight experience.
Logs can be delivered to Splunk directly through simple configuration steps as JSON objects that offer rich parsing and querying capabilities.Besu instruments all incoming JSON-RPC calls through tracing, reporting all interactions and the JSON-RPC method called. We also instrument critical processes such as the block processing time.
Besu offers internal metrics showing the state of the client, from its memory use to the discovery of peers, its synchronization state and its highest block number.
This integration enables deep insights critical to Besu developers. During the initial sync, the client is tasked with peering with other participants and sync its data to match the blockchain. This benchmark is crucial when introducing breaking changes, such as the adoption of EIP-1559 constructs or Bonsai trees to represent transactions, or mundane, yet critical networking features such as exposing richer discovery information as exposed in EIP-868.
Splunk offers a comprehensive view that combines all forms of data to understand better where time is spent and what factors into the quickest sync. Peering effectively seems extremely important, and we witness that block processing time is mostly constant through the sync.
Next, we will need to compare this information with the number of transactions per block, to understand how replaying them impacts performance. Luckily, we have Ethlogger at our disposal which ingests all blocks and transactions from Besu into Splunk for analysis. We can use this basis to understand the number of active addresses on the network and form patterns of use of the testnet.
Here is a token transfer on the Goerli network:
Get started with Ethlogger now. You can find the latest and greatest documentation and examples in our Github repository. Don’t have a Besu node? No problem! Ethlogger can also interface with Infura and XDai (see this simple docker-compose example!).
If you’re ready to try Besu with Splunk Enterprise, you can find instructions here.
If you want the full gamut with the OpenTelemetry Collector, you can find that documentation in the official Besu docs.
The work presented in this blog post (a Docker compose set up, a Splunk instance with the application and dashboards presented here) is available in the Splunk Connect for Ethereum repository. Please feel free to send feedback as issues. To learn more about how Splunk is innovating with blockchain and distributed ledger technology, please make sure to reach out to the team at blockchain@splunk.com.
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.