使用 splunk_hec_handler 将 python 日志发送到 Splunk 时出现问题
[英]Issue in sending python logs to Splunk using splunk_hec_handler
问题描述
I am using Python logging library to push logs to splunk.
我正在使用Python 日志库将日志推送到 splunk。 This package use HEC method to push logs to splunk.此 package 使用 HEC 方法将日志推送到 splunk。
Issue I am facing is that out of many logger statements in my application, I want selectively only few logger statements to splunk not all.我面临的问题是,在我的应用程序中的许多记录器语句中,我希望有选择地只使用少数记录器语句而不是全部。 So i created one method below method which converts string logs in json (key/value) and pushes into splunk.因此,我创建了一种方法,该方法将 json(键/值)中的字符串日志转换并推送到 splunk。 So I am calling this method just after the logger statement I wish to push to splunk.所以我在我希望推送到 splunk 的记录器语句之后调用此方法。 But rest all the logger statements which i dont wish to send to splunk they are also getting pushed to splunk.但是 rest 所有我不想发送到 splunk 的记录器语句也被推送到 splunk。
Why is this happening?为什么会这样?
class Test:
def __init__(self):
self.logger = logging.getLogger('myapp')
def method_test(self,url,data,headers):
response = requests.post(url=url, data=json.dumps(data), headers=abc.headers)
##i dont want to push this below log message to splunk but this is also getting pushed to splunk
self.logger.debug(f"request code:{response.request.url} request body:{response.request.body}")
##I wish to send this below log to splunk
self.logger.debug(f"response code:{response.status_code} response body:{response.text}")
log_dic = {'response_code': response.status_code,'response_body': response.text}
splunklogger = self.logging_override(log_dic, self.splunk_host,
self.index_token, self.port,
self.proto, self.ssl_verify,
self.source)
splunklogger.info(log_dic)
return response
def logging_override(log_dict: dict, splunk_host,index_token,splunk_port,splunk_proto,ssl_ver,source_splnk):
"""
This function help in logging custom fields in JSON key value form by defining fields of our choice in log_dict dictionary
and pushes logs to Splunk Server
"""
splunklogger = logging.getLogger()
splunklogger.setLevel(logging.INFO)
stream_handler = logging.StreamHandler()
basic_dict = {"time": "%(asctime)s", "level": "%(levelname)s"}
full_dict = {**basic_dict, **log_dict}
stream_formatter = logging.Formatter(json.dumps(full_dict))
stream_handler.setFormatter(stream_formatter)
if not splunklogger.handlers:
splunklogger.addHandler(stream_handler)
splunklogger.handlers[0] = stream_handler
splunk_handler = SplunkHecHandler(splunk_host,
index_token,
port=splunk_port, proto=splunk_proto, ssl_verify=ssl_ver,
source=source_splnk)
splunklogger.addHandler(splunk_handler)
splunklogger.addHandler(splunk_handler)
return splunklogger
1 个解决方案
解决方案1
0 2021-12-13 03:41:36
I believe that the problem is with your calls to logging.getLogger , namely when you're configuring your app logger, you're specifying a logger name, but when you're configuring the splunk logger, you're not specifying any and therefore getting, configuring, and attaching the SplunkHandler to the root logger.我认为问题在于您对logging.getLogger的调用,即当您配置应用程序记录器时,您指定了记录器名称,但是当您配置 splunk 记录器时,您没有指定任何内容,因此获取、配置 SplunkHandler 并将其附加到根记录器。
As events come in to the lower level loggers by default they propagate their events to higher level loggers (eg the root logger) and thus get emitted to Splunk.默认情况下,当事件进入较低级别的记录器时,它们会将其事件传播到较高级别的记录器(例如根记录器),从而被发送到 Splunk。
I suspect an easy solution would be to look at your logger names... possibly put the Splunk logger at a lower level than your component?我怀疑一个简单的解决方案是查看您的记录器名称......可能将 Splunk 记录器置于比您的组件更低的级别? or look into the propagation of loggers.或查看记录器的传播。 The same docs page linked above talks a bit about logger objects and their propagation.上面链接的同一个文档页面讨论了一些关于记录器对象及其传播的内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.