Introducing Splunk Connect for Ethereum

Our Data-to-Everything vision is to bring data to every question, decision and action—blockchain data is no exception. Part of making that vision a reality is getting data into Splunk where you can start to investigate, monitor, analyze and act in order to turn data into doing.

Getting data in (GDI as we call it around here) is typically one of the thornier problems in analytics. Data stored in applications (like Ethereum nodes) is not optimized for analytics, plus you don’t want to have resource contention on your node. That’s why getting data into a data platform like Splunk is the first step towards blockchain observability. Also, making sure that your node is running and synchronizing properly is hard! In order to get more nodes on the network and to further drive decentralization, it's imperative that we make debugging security, stability and scalability issues on Ethereum nodes easier.

Introducing Splunk Connect for Ethereum. Now you can get data in easily from Ethereum compatible nodes. Over the last year, we’ve done a lot of work with Ethereum compatible blockchains like Quorum and xDai. We’re really excited to contribute our learnings for monitoring blockchains at scale to the open source Ethereum community.

Splunk Connect for Ethereum allows you to ingest metrics that describe how your node is performing as well as blocks, transactions, and events from the Ethereum ledger itself. We’ve written all the communication with the node from scratch and stripped out anything unrelated to getting data into Splunk. Whether you’re indexing mainnet with a block every 13 seconds or a permissioned Quorum deployment (check out the new Splunk App for Quorum!) network with much higher transaction volume, you can be assured that you’ll be getting maximum data with minimum overhead.

^{Search and dashboard examples in the Ethereum Basics App}

Another challenge with Ethereum data is understanding the binary data (ABIs) that are encoded in every transaction. Every contract call and event emitted from the Ethereum blockchain has a signature that tells you how to decode it. However, this signature does not encode the names of the function parameters. For example, two functions `transfer(address from, address to, uint256 value)` and `transfer(address to, address from, uint256 value)` would have the same signature (0xbeabacc8)! Ethereum is able to interpret this safely but it’s not very human friendly.

We’ve developed a way to “fingerprint” contracts using their bytecode in order to decode transaction data and restore the human readable parameter names. We think this will be incredibly useful for analysts working with blockchain data.

^{Searching through ethereum transactions in Splunk}

Blockchain is a wonderful and exciting new technology but it’s definitely not the easiest thing to learn or use. User experience and thorough documentation are extremely important in this ecosystem. With that in mind, you can spin up Splunk Connect for Ethereum with a single Docker CLI command! You can simply point it to your own node(s), or a provider such as Infura or Alchemy and start Splunking Ethereum mainnet. We have thorough documentation in Github and Docker Compose environments for spinning up various test networks. We even introspect the node you’re connecting to discover what consensus mechanism and implementation (Geth, Parity, Besu) you’re running so we can seamlessly connect to non-standard RPC endpoints (i.e. Quorum’s Raft or Istanbul endpoints).

Ready to get started? We also created an ethereum basics app with tips, tricks, and examples galore.

Wow, that was a lot for a first launch. But we also have a lot more exciting products and features planned for blockchain observability. Stay tuned and look out for us at ETHDenver where we’ll be helping all you buidl-ers out there get hands on with Ethereum analytics.

----------------------------------------------------
Thanks!
Stephen Luedtke