使用 Splunk 监控 Amazon S3 日志?
[英]Monitoring Amazon S3 logs with Splunk?
问题描述
We have a large extended network of users that we track using badges.
我们拥有庞大的扩展用户网络,我们使用徽章对其进行跟踪。 The total traffic is in the neighborhood of 60 Million impressions a month.每月的总流量约为 6000 万次展示。 We are currently considering switching from a fairly slow, database-based logging solution (custom-built on PHP—messy...) to a simple log-based alternative that relies on Amazon S3 logs and Splunk.我们目前正在考虑从相当慢的、基于数据库的日志记录解决方案(基于 PHP 定制——凌乱……)切换到依赖 Amazon S3 日志和 Splunk 的基于日志的简单替代方案。
After using Splunk for some other analyisis tasks, I really like it.在将 Splunk 用于其他一些分析任务之后,我真的很喜欢它。 But it's not clear how to set up a source like S3 with the system.但是不清楚如何在系统中设置像 S3 这样的源。 It seems that remote sources require the Universal Forwarder installed, which is not an option there.似乎远程源需要安装 Universal Forwarder,这不是一个选项。
Any ideas on this?对此有何想法?
4 个解决方案
解决方案1
1 2014-03-08 21:46:31
Very late answer but I was looking for the same thing and found a Splunk app that does what you want, http://apps.splunk.com/app/1137/ .很晚的答案,但我正在寻找同样的东西,并找到了一个 Splunk 应用程序,它可以满足您的需求, http://apps.splunk.com/app/1137/ 。 I have yet not tried it though.我还没有尝试过。
解决方案2
0 2015-10-13 01:41:18
I would suggest logging j-son preprocessed data to a documentdb database.我建议将 j-son 预处理数据记录到 documentdb 数据库中。 For example, using azure queues or simmilar service bus messaging technologies that fit your scenario in combination with azure documentdb.例如,将适合您的场景的 azure 队列或类似的服务总线消息传递技术与 azure documentdb 结合使用。 So I'll keep your database based approach and modify it to be a schemaless easy to scale document based DB.因此,我将保留您基于数据库的方法并将其修改为无模式易于扩展的基于文档的数据库。
解决方案3
0 2016-08-28 21:38:25
I use http://www.insight4storage.com/ from AWS Marketplace to track my AWS S3 storage usage totals by prefix, bucket or storage class over time;我使用 AWS Marketplace 中的http://www.insight4storage.com/按前缀、存储桶或存储类别随时间跟踪我的 AWS S3 存储使用总量; plus it shows me the previous versions storage by prefix and per bucket.此外,它还按前缀和每个存储桶向我显示了以前的版本存储。 It has a setting to save the S3 data as splunk format logs that might work for your use case, in addition to its UI and webservice API.除了其 UI 和 Web 服务 API 之外,它还具有将 S3 数据保存为可能适用于您的用例的 splunk 格式日志的设置。
解决方案4
0 2020-02-16 04:39:32
You use Splunk Add-On for AWS .您使用Splunk Add-On for AWS 。
This is what I understand,这是我的理解
Create a Splunk instance.
创建 Splunk 实例。 Use the website version or the on-premise AMI of splunk to create an EC2 where splunk is running.使用网站版本或 splunk 的本地 AMI 创建运行 splunk 的 EC2。Install Splunk Add-On for AWS application on the EC2.
在 EC2 上为 AWS 应用程序安装 Splunk Add-On。Based on the input logs type (eg Cloudtrail logs, Config logs, generic logs, etc) configure the Add-On and supply AWS account id or IAM Role, etc parameters.
根据输入日志类型(例如 Cloudtrail 日志、配置日志、通用日志等)配置附加组件并提供 AWS 帐户 ID 或 IAM 角色等参数。The Add-On will automatically ping AWS S3 source and fetch the latest logs after specified amount of time (default to 30 seconds).
附加组件将在指定时间(默认为 30 秒)后自动 ping AWS S3 源并获取最新日志。
For generic use case (like ours), you can try and configure Generic S3 input for Splunk对于通用用例(如我们的),您可以尝试为 Splunk配置通用 S3 输入
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.