Configuring PMF Analytics Server
Some configuration for the PMF Analytics Server is required. Some of the configuration parameters apply to a single node, and some apply to the whole cluster, as indicated.
Jump to
Configuration properties
The PMF Analytics Server can start successfully without any additional configuration.
Configuration is done through JNDI properties on both the Persistent Mobile Foundation Server and the PMF Analytics Server. Additionally, the PMF Analytics Server supports the use of environment variables to control configuration. Environment variables take precedence over JNDI properties.
The Analytics runtime web application must be restarted for any changes in these properties to take effect. It is not necessary to restart the entire application server.
To set a JNDI property on WebSphere Application Server Liberty, add a tag to the server.xml file as follows.
<jndiEntry jndiName="{PROPERTY NAME}" value="{PROPERTY VALUE}}" />
Persistent Mobile Foundation Server
The following table shows the properties that can be set in the PMF server.
| Property | Description | Default Value |
|---|---|---|
| mfp/mfp.analytics.console.url | Set this property to the URL of your PMF Analytics Console. For example, http://hostname:port/analytics/console. Setting this property enables the analytics icon on the PMF Operations Console. | None |
| mfp/mfp.analytics.url | Required. The URL that is exposed by the PMF Analytics Server that receives incoming analytics data. For example, http://hostname:port/analytics-service/rest. | None |
| mfp/mfp.analytics.logs.forward | If this property it set to true, server logs that are recorded on the PMF are captured in Persistent Mobile Foundation Analytics. | true |
The following table shows the properties that can be set in the PMF Analytics Server.
| Property | Description | Default Value |
|---|---|---|
| analyticsconsole/mfp.analytics.url | Optional. Full URI of the Analytics REST services. In a scenario with a firewall or a secured reverse proxy, this URI must be the external URI, not the internal URI inside the local LAN. This value can contain * in places of the URI protocol, host name, or port, to denote the corresponding part from the incoming URL. ://:*/analytics-service, with the protocol, host name, and port dynamically determined | None |
| analytics/mfp.analytics.username | The user name that is used if the data entry point is protected with basic authentication. | None |
| analytics/mfp.analytics.password | The password that is used if the data entry point is protected with basic authentication. | None |
Persistent Mobile Foundation Admin Service
The following table shows the properties that can be set in the PMF Admin Service. These properties are required only for inapp feedback feature of analytics service.
| Property | Description | Default Value |
|---|---|---|
| mfpadmin/mfp.analytics.authorization.client.id | The identifier of the confidential client that handles OAuth authorization for the analytics inapp feedback API. Mandatory only if the inapp feedback feature enabled | None |
| mfpadmin/mfp.analytics.authorization.client.secret | The secret of the confidential client that handles OAuth authorization for the analytics inapp feedback API. Mandatory only if the inapp feedback feature enabled | None |
Persistent Mobile Foundation Analytics Server
The following table shows the properties that can be set in the PMF Analytics Server.
| Property | Description | Default Value |
|---|---|---|
| analytics/shards | The number of shards per index. This value can be set only by the first node that is started in the cluster and cannot be changed. | 1 |
| analytics/replicas_per_shard | The number of replicas for each shard in the cluster. This value can be changed dynamically in a running cluster. | 0 |
| analytics/tenant | The Analytics tenant name on OpenSearch. | worklight |
| analytics/analytics.authorization.server.url | The URL of the OAuth authorization server that is used by in-app feedback feature of analytics service. If the property is not set properly, the in-app feedback will not be able to sent to the analytics service. | None |
| analytics/analytics.authorization.client.id | The identifier of the confidential client that handles OAuth authorization for the analytics service. Mandatory only if in-app feedback feature is enabled in application. | None |
| analytics/analytics.authorization.client.secret | The secret of the confidential client that handles OAuth authorization for the analytics service. Mandatory only if in-app feedback feature is enabled in application. | None |
| analytics/analytics.security.plugin | The plugin implementation class for the confidential client that handles OAuth authorization for the analytics service. By default it should be assigned to com.ibm.mobile.analytics.server.extensions.plugins.OAuthSecurityPlugin. Mandatory only if in-app feedback feature is enabled in application. |
None |
| analytics/opensearch.maxDowntime.beforeShutdownInHours | Specifies the maximum duration, in hours, that the OpenSearch node can remain unreachable or in a non-operational state before the Analytics server shuts down to prevent degraded operation. | 6 |
In all cases where the key does not contain a period (like httpport but not http.enabled), the setting can be controlled by system environment variables where the variable name is prefixed with ANALYTICS_. When both the JNDI property and the system environment variable are set, the system environment variable takes precedence. For example, if you have both the analytics/httpport JNDI property and the ANALTYICS_httpport system environment variable set, the value for ANALYTICS_httpport is used.
Confidential client and scope mapping
Confidential clients are clients that are capable of maintaining the confidentiality of their authentication credentials. In-app feedback API protects resources such as adapters from unauthorized access by assigning a scope to the resource. Following steps are mandatory only if the in-app feedback feature is enabled in the application. For more details see confidential client and scope mapping
Registering the confidential client
Following step is required only if confidential client for analytics service is not added by default. Ignore if its already added.
In the navigation sidebar of the PMF Operations Console, click Runtime Settings → Confidential Clients. Click New to add a new entry. You must provide the following information:
- Display Name - An optional display name that is used to refer to the confidential client. For example: MyExternalServer.
- ID - A unique identifier for the confidential client (can be considered as a username). The ID can contain only ASCII characters.
- Secret - A private passphrase to authorize access from the confidential client (can be considered as an API key). The secret can contain only ASCII characters.
- Allowed Scope - A confidential client that uses ID and Secret combination is automatically granted the scope that is defined here. By default it should be authorization.introspect
Scope mapping
Map the analytics.mobileclient scope element to the application. Mandatory only if in-app feedback feature is enabled in the application.
- Load the PMF Operations Console and navigate to [your application] → Security → Scope-Elements Mapping, click New.
-
Enter MyExternalServer.mobileclient in the Scope element field. Then, click Add.
Document Time to Live (TTL)
TTL is effectively how you can establish and maintain a data retention policy. Your decisions have dramatic consequences on your system resource needs. The long you keep data, the more RAM, disk, and scaling is likely needed.
Each document type has its own TTL. Setting a document’s TTL enables automatic deletion of the document after it is stored for the specified amount of time.
Each TTL JNDI property is named analytics/TTL_[document-type]. For example, the TTL setting for NetworkTransaction is named analytics/TTL_NetworkTransaction.
These values can be set by using basic time units as follows.
- 1w = 1 week
- 1d = 1 day
- 1h = 1 hour
- 1m = 1 minute
- 1s = 1 second
List of supported document-types are as follows:
- TTL_PushNotification
- TTL_PushSubscriptionSummarizedHourly
- TTL_ServerLog
- TTL_AppLog
- TTL_NetworkTransaction
- TTL_AppSession
- TTL_AppSessionSummarizedHourly
- TTL_NetworkTransactionSummarizedHourly
- TTL_CustomData
- TTL_AppPushAction
- TTL_AppPushActionSummarizedHourly
- TTL_PushSubscription
By default, TTL value is set as 90 days if the TTL entry for the particular document-type is not defined in JNDI property.
Back up PMF Analytics data
Learn about how to back up your Persistent Mobile Foundation Analytics data.For more information, see OpenSearch 3.1 documentation - Snapshots.
▲