Splunk is a software that enables one to monitor, search, visualize and also to analyze machine-generated data (best example are application logs, data from websites, database logs for a start) to big-data using a web style interface. It is advanced software that indexes and searches log files stored on a system or the like, alongside that, it is a scalable and potent software. Splunk bridges the gaps which a single simple log management software or a security information product or a single event management product can manage all by themselves.
In order to look at the various possibilities of logging examples, let us configure Splunk on to a Java project environment and check how we can leverage the use of Splunk. In order for us to achieve this, there a set of steps that we need to complete – and assuming that everything is complete, we will continue to look into a Java example and test our application with various combinations of logging with Splunk.
Do you want to become a certified splunk Professional? Then enroll in "Splunk Certification Training"Course. This course will help you to achieve excellence in this domain.
Considering that you are able to configure Splunk logging to your Java projects or any other programming languages that you intend to use Splunk with, we will proceed with the logging examples. This topic briefs you on the best possible ways as does when you create events for Splunk Software to index.
As per the steps mentioned above, the article in the time of its writings has chosen Logback as its logging library and provides the necessary artifacts to get yourself UP and Running with a working example in Java. Considering that your Splunk Enterprise is running on your localhost and on the default port of 15000, let us now configure a TCPAppender to Logback as it doesn’t ship one on its own. Below configuration shows the necessary configuration on the first hand to get yourself going.
logback.xml
<configuration>
<appender name="socket" class="com.splunk.logging.TcpAppender">
<RemoteHost>127.0.0.1</RemoteHost>
<Port>15000</Port>
<layout class="ch.qos.logback.classic.PatternLayout">
<pattern>%date{ISO8601} [%thread] %level: %msg%n</pattern>
</layout>
</appender>
<logger name="my.splunk.logger" additivity="false" level="INFO">
<appender-ref ref="socket"/>
</logger>
<root level="INFO">
<appender-ref ref="socket"/>
</root>
</configuration>
This configuration that has been provided above, will ensure that you create yourself with a log back library enabled logging on your Java project with the name my.splunk.logger which logs starting from your INFO messages to the highest level of ERROR messages.
Now we can create our own logging class by importing com.splunk.logging.SplunkCimLogEvent and use that class to create events for logging the necessary information at your will.
Frequently Asked Splunk Interview Questions & Answers
Log.debug(“orderStatus=error, errorcode=546, userId=%d, orderId=%s”, userId, orderId)
This is one of the best possible ways to add your debug details to your application log via Splunk or any other logging framework. For Splunk’s usage, it is highly recommended that you log information in meaningful key and value pairs as Splunk can put in its own set of features like Reporting in use to provide meaningful details on analyzing the same. It becomes very easy for any to use a simple search (for example, orderStatus=error
) to get the details all at once. Alongside that, if you want to use Splunk’s Reporting feature to grab a report based on the order status, then it gets very easy (example, success=96%
, error=3%
, cancelled=1%
).
One of the best possible ways to add key/value pairs to your logging is as shown below, the same example that is considered above has been modified for better understanding.
logger.info(new SplunkCimLogEvent(“KeyValuePairEvent”, “keyValuePairEventID”) {{
addField(“orderStatus”,”error”);
addField(“errorcode”,”546”);
}});
Cases and scenarios where you expect that there can be exceptions, you can always rely on the stack trace of the exception to debug the errored out scenario well. There is a way that you can achieve this using Splunk to add the stack-trace related details along with the key/value pairs as shown in the above example. But for now, we will concentrate on adding the necessary exception’s stack-trace in our logging source.
[Related Page: What Are Splunk Apps And Add-ons And Its Benefits?]
Using the addThrowableWithStacktrace() method formats the exception and adds it to your logging source.
logger.info(new SplunkCimLogEvent(“StacktraceEvent”, “stacktraceEventID”) {{
addThrowableWithStacktrace(exceptionObject);
}});
Cases when you want to log and check the authentication-related activities, or even trace back all the activities done by a specific user on your application – this comes into perfect usage. Use the setAuthAction()
method to specify the action performed on the resource. Let us see an example of its usage:
logger.info(new SplunkCimLogEvent(“AuthActionEvent”, “AuthActionEventID”) {{
setAuthAction(“LoggedIn”);
setAuthAction(“LoggedOut”);
}});
Conclusion:
In this article, we have tried to demystify what Splunk can do as standalone software and where its usages can be. We have also tried to understand how to use Splunk logging feature to analyze your application logs.
Hope this article has provided all the necessary details for you to understand the concept altogether. If you are willing to look for more details on this topic, we suggest you go through the Splunk documentation.
Name | Dates | |
---|---|---|
Splunk Training | Oct 12 to Oct 27 | View Details |
Splunk Training | Oct 15 to Oct 30 | View Details |
Splunk Training | Oct 19 to Nov 03 | View Details |
Splunk Training | Oct 22 to Nov 06 | View Details |
Madhuri is a Senior Content Creator at MindMajix. She has written about a range of different topics on various technologies, which include, Splunk, Tensorflow, Selenium, and CEH. She spends most of her time researching on technology, and startups. Connect with her via LinkedIn and Twitter .