Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mbta/logger_splunk_backend

Logger backend for Splunk HTTP Event Collector
https://github.com/mbta/logger_splunk_backend

Last synced: about 1 month ago
JSON representation

Logger backend for Splunk HTTP Event Collector

Host: GitHub
URL: https://github.com/mbta/logger_splunk_backend
Owner: mbta
License: mit
Created: 2018-01-22T20:04:36.000Z (almost 7 years ago)
Default Branch: main
Last Pushed: 2024-09-19T16:30:22.000Z (4 months ago)
Last Synced: 2024-11-20T11:34:15.861Z (about 1 month ago)
Language: Elixir
Size: 58.6 KB
Stars: 2
Watchers: 28
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        LoggerSplunkBackend

=======================

## About

A backend for the [Elixir Logger](https://hexdocs.pm/logger/1.7.4/Logger.html)

that will send logs to the [Splunk cloud](https://data.splunkcloud.com) HTTP Event Collector (HEC).

It may also work for on-prem installations of Splunk, but that has not been tested.

## Supported options

* **host**: String.t. The URL of the Splunk HEC endpoint.

* **token**: String.t. The unique Splunk token.

* **index**: String.t. (optional) The Splunk index to log to.

* **format**: String.t. The logging format of the message. [default: `"[$level] $message"`].

* **level**: Atom.t. Minimum level for this backend. [default: `:debug`]

* **metadata**: Keyword.t | `:all`. Extra fields to be added when sending the logs. These will

be merged with the metadata sent in every log message. (default: `[]`)

* **max_buffer**: pos_integer. The number of messages to buffer before switching to a synchronous request.

## Using it with Mix

To use it in your Mix projects, first add it as a dependency:

```elixir

def deps do

  [{:logger_splunk_backend, "~> 2.0.0"}]

end

```

Then run mix deps.get to install it.

## Configuration Examples

### Runtime

```elixir

Logger.add_backend {Logger.Backend.Splunk, :debug}

Logger.configure {Logger.Backend.Splunk, :debug},

  host: "https://https-inputs-XXX.splunkcloud.com/services/collector",

  token: "Splunk-token-goes-here",

  level: :debug,

  format: "[$level] $message\n"

```

### Application config

```elixir

config :logger,

  backends: [{Logger.Backend.Splunk, :error_log}, :console]

config :logger, :error_log,

  host: "https://https-inputs-XXX.splunkcloud.com/services/collector",

  token: "Splunk-token-goes-here",

  level: :error,

  format: "[$level] $message\n"

```

## Log Examples

A log message such as `Logger.info("here is a message")` results in the following Splunk request:

```json

{

  "host": "node_sname@host",

  "event": "[info] here is a message",

  "time": 123456.789,

  "sourcetype": "httpevent"

}

```