Splunk HttpEventCollectorLogbackAppender 如何设置源和主机?
[英]Splunk HttpEventCollectorLogbackAppender how to set source and host?
问题描述
I'm using the Splunk HttpEventCollectorLogbackAppender to automatically send application logs to Splunk.
我正在使用 Splunk HttpEventCollectorLogbackAppender 自动将应用程序日志发送到 Splunk。 I've been trying to set the host, source, and sourcetype but am not having any luck getting them sent to Splunk.我一直在尝试设置主机、源和源类型,但没有任何运气将它们发送到 Splunk。
Is it possible to set the host, source, or sourcetype using the Splunk HttpEventCollectorLogbackAppender and if so, how do I do it?是否可以使用 Splunk HttpEventCollectorLogbackAppender 设置主机、源或源类型,如果可以,我该怎么做?
I've been trying to send JSON and it doesn't seem to be working.我一直在尝试发送 JSON,但它似乎不起作用。
Here's the documentation that tells you what options are available and it says that they need to be passed as a query string, but since i'm using the out of the box Splunk appender i'm not sure how to set those.这是告诉您哪些选项可用的文档,它说它们需要作为查询字符串传递,但由于我使用的是开箱即用的 Splunk appender,我不确定如何设置这些选项。
http://dev.splunk.com/view/event-collector/SP-CAAAE6P http://dev.splunk.com/view/event-collector/SP-CAAE6P
Splunk logback appender: Splunk logback appender:
...
<!-- SPLUNK appender -->
<appender name="SPLUNK" class="com.splunk.logging.HttpEventCollectorLogbackAppender">
<url>http://myurl:8088</url>
<token>mytoken</token>
<disableCertificateValidation>true</disableCertificateValidation>
<batch_size_count>1</batch_size_count>
<layout class="ch.qos.logback.classic.PatternLayout">
<pattern>%logger: %msg%n</pattern>
</layout>
</appender>
<root level="INFO">
<appender-ref ref="SPLUNK"/>
</root>
...
Example log line示例日志行
Logger logger = LoggerFactory.getLogger(MyClass.class);
logger.debug("I'm logging debug stuff");
2 个解决方案
解决方案1
6 已采纳 2016-12-15 08:34:33
Any setters on HttpEventCollectorLogbackAppender can be added to your logback configuration. HttpEventCollectorLogbackAppender上的任何 setter 都可以添加到您的 logback 配置中。
So to invoke setHost , setSource and setSourcetype you add them to your logback configuration like this:因此,要调用setHost 、 setSource和setSourcetype ,请将它们添加到您的 logback 配置中,如下所示:
<appender name="SPLUNK" class="com.splunk.logging.HttpEventCollectorLogbackAppender">
<url>http://myurl:8088</url>
<host>x</host>
<source>y</source>
<sourcetype>z</sourcetype>
<token>mytoken</token>
<disableCertificateValidation>true</disableCertificateValidation>
<batch_size_count>1</batch_size_count>
<layout class="ch.qos.logback.classic.PatternLayout">
<pattern>%logger: %msg%n</pattern>
</layout>
</appender>
解决方案2
0 2020-10-15 17:40:25
You can set this way: replace MyAppender, MyIndex, MySource and configure URL and Token in properties files, if you use the small batch size you would lose some events/log below is ideal configuration up to 100 TPS您可以这样设置:替换 MyAppender、MyIndex、MySource 并在属性文件中配置 URL 和 Token,如果您使用小批量大小,您将丢失一些事件/日志如下是理想的配置,最高 100 TPS
<Appender name="MYAppender"
class="com.splunk.logging.HttpEventCollectorLogbackAppender">
<url>${url}</url>
<token>${token}</token>
<index>MyIndex</index>
<sourcetype>MySource</sourcetype>
<eventBodySerializer>util.RawEventBodySerializer</eventBodySerializer>
<disableCertificateValidation>true</disableCertificateValidation>
<send_mode>parallel</send_mode>
<batch_size_bytes>102400</batch_size_bytes>
<batch_size_count>10</batch_size_count>
<batch_interval>60000</batch_interval>
<layout class="ch.qos.logback.classic.PatternLayout">
<pattern>%m%n</pattern>
</layout>
</Appender>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.