简体繁体 English

将日志从 python 推送到 Splunk

[英]Pushing logs from python to Splunk

原文 2021-11-15 12:12:14 7 1 python/ python-3.x/ splunk/ python-logging/ splunk-sdk

How can we push Python Application logs to Splunk.我们如何将 Python 应用程序日志推送到 Splunk。 what are the prerequisite.Should we first convert out logs in structured format(key-value based) before sending to Splunk?先决条件是什么。在发送到 Splunk 之前，我们是否应该先将日志转换为结构化格式（基于键值）？

There is a package splunk_handler for pushing logs to splunk but i could not found any documentation with practical working example.I just have gitbub page for this package but that does not have any practical implementation.有一个包 splunk_handler 用于将日志推送到 splunk，但我找不到任何带有实际工作示例的文档。我只有这个包的 gitbub 页面，但没有任何实际实现。

Please help on this请帮忙解决这个问题

1 个解决方案

There are a couple of ways to do that.有几种方法可以做到这一点。 The first is to install Splunk's Universal Forwarder (UF) and have it monitor the file(s) where the logs are written.第一个是安装 Splunk 的通用转发器 (UF) 并让它监控写入日志的文件。 The UF will handle sending the logs to Splunk. UF 将处理将日志发送到 Splunk。 You do not have to convert the logs, but may have to configure Splunk to interpret them correctly.您不必转换日志，但可能必须配置 Splunk 以正确解释它们。

The second method is to send the logs directly to Splunk's HTTP Event Collector (HEC).第二种方法是将日志直接发送到 Splunk 的 HTTP 事件收集器 (HEC)。 There is a Python class to do that available on GitHub at https://github.com/georgestarcher/Splunk-Class-httpevent .在https://github.com/georgestarcher/Splunk-Class-httpevent上的 GitHub 上提供了一个 Python 类来执行此操作。