Git Product home page Git Product logo

fluent-plugin-splunk-ex's Introduction

Build Status Code Climate Coverage Status

Overview

This plugin will send your fluentd logs to a splunk server. It can send the data in either key/value (k1=v1 k2=v2) or json format for easy splunk parsing.

Installation

gem install fluent-plugin-splunk-ex

Configuration

Plugin

<match pattern>
  type splunk_ex
  host <splunk_host>          # default: localhost
  port <splunk_port>          # default: 9997 - but you'll want to change this
  output_format json|kv       # default: json
</match>

Splunk

You may need to open up a special TCP port just for the fluentd logs. To do that, go to Manager -> Data Inputs -> TCP -> New. Then decide the following:

  • Port
  • Source Name
  • Source Type
  • Index ( default works well )

After enabling these settings, you'll be able to see your fluentd logs appear in your Splunk search interface. The JSON format will be automagically parsed and indexed based on the keys passed in.

Because the plugin batch sends data to Splunk, you'll want to update your apps/search/local/props.conf file to specify that Splunk should split on newlines. If you do not update this setting, you find that all logs from a similar time slice will be stacked upon each other. Because the kv & json formats do not contain any newline characters, splitting on the newline will solve this problem. The values to add to this file are:

[<source_type_here>]
SHOULD_LINEMERGE = false

This will make sure that the new source type you just set up for fluentd will always split on the newline character.

Copyright

Copyright (c) 2014 Trevor Gattis

License

Apache License, Version 2.0

fluent-plugin-splunk-ex's People

Contributors

gtrevg avatar jmcshane avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

cccsv mgokhman-salesforce indrius lukranawetter digi691 jmcshane devopsksr gnanirahulnutakki

fluent-plugin-splunk-ex's Issues

Unable to send data to Splunk via td-agent

Im getting below error and data is not sent to Splunk.

2017-05-25 05:33:13 -0400 [error]: splunk_send - socket send retry (0) failed: private method `puts' called for nil:NilClass

FluentD 1.2.x / Ruby 2.5.1 support

I'm running fluent version 1.2.4 so have upgraded my Ruby version to 2.5.1 to support a number of other fluent plugins. When attempting to use this plugin on this version, I receive an error that indicates a problem with msgpack. Can you tell me how to fix, if possible?

Building native extensions. This could take a while...
ERROR: Error installing fluent-plugin-splunk-ex:
ERROR: Failed to build gem native extension.

current directory: /home/dev/.rvm/gems/ruby-2.5.1/gems/msgpack-0.5.12/ext/msgpack

/home/dev/.rvm/rubies/ruby-2.5.1/bin/ruby -r ./siteconf20180817-35088-1iu3y4m.rb extconf.rb
checking for ruby/st.h... yes
checking for st.h... yes
checking for rb_str_replace() in ruby.h... yes
checking for rb_intern_str() in ruby.h... yes
checking for rb_sym2str() in ruby.h... yes
checking for rb_str_intern() in ruby.h... yes
creating Makefile

current directory: /home/dev/.rvm/gems/ruby-2.5.1/gems/msgpack-0.5.12/ext/msgpack
make "DESTDIR=" clean

current directory: /home/dev/.rvm/gems/ruby-2.5.1/gems/msgpack-0.5.12/ext/msgpack
make "DESTDIR="
compiling buffer.c
compiling buffer_class.c
compiling core_ext.c
core_ext.c: In function ‘MessagePack_core_ext_module_init’:
core_ext.c:121:22: error: ‘rb_cFixnum’ undeclared (first use in this function)
rb_define_method(rb_cFixnum, "to_msgpack", Fixnum_to_msgpack, -1);
^
core_ext.c:121:22: note: each undeclared identifier is reported only once for each function it appears in
core_ext.c:122:22: error: ‘rb_cBignum’ undeclared (first use in this function)
rb_define_method(rb_cBignum, "to_msgpack", Bignum_to_msgpack, -1);
^
core_ext.c: At top level:
cc1: warning: unrecognized command line option "-Wno-self-assign" [enabled by default]
cc1: warning: unrecognized command line option "-Wno-constant-logical-operand" [enabled by default]
cc1: warning: unrecognized command line option "-Wno-parentheses-equality" [enabled by default]
cc1: warning: unrecognized command line option "-Wno-tautological-compare" [enabled by default]
make: *** [core_ext.o] Error 1

td-agent 'encode' warning

Hi Team,

I am getting an error in sending data from td-agent to splunk..

Though I am receiving data on splunk end, I believe some of the data are getting dropped because of the error, and I am not sure what's causing the error!

Error:

[warn]: suppressed same stacktrace
[warn]: record_reformer: Encoding::UndefinedConversionError "\xEF" from ASCII-8BIT to UTF-8 /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-splunk-ex-1.0.2/lib/fluent/plugin/out_splunk_ex.rb:83:in `encode'
[warn]: emit transaction failed: error_class=Encoding::UndefinedConversionError error="\"\\xEF\" from ASCII-8BIT to UTF-8" tag="XYZ"

problems installing fluent-plugin-splunk-ex on ubuntu buster/sid

I've tried to modify the /opt/td-agent/embedded/bin/gem to not use the embedded ruby, but it fails with the same error message

running: td-agent 3.5.1

Component Installed Version Version GUID Overridden From

cacerts 2019-10-16 sha256:5cd8052fcf548ba7e08899d8458a32942bf70450c9af67a0850b4c711804a2e4
config_guess master git:84f04b02a7e2fc8eaa9d52deee5f6d57b06fe447
fluentd 9c577a78e69fb3bc1fc1faf0ef425091b9180987 git:9c577a78e69fb3bc1fc1faf0ef425091b9180987 master
jemalloc 4.5.0 sha256:9409d85664b4f135b77518b0b118c549009dc10f6cba14557d170476611f6780 4.2.1
libedit 20120601-3.0 md5:e50f6a7afb4de00c81650f7b1a0f5aea
libffi 3.2.1 md5:83b89587607e3eb65c70d361f13bab43
libiconv 1.15 sha256:ccf536620a45458d26ba83887a983b96827001e92a13847b45e4925cc8913178
liblzma 5.2.3 md5:ef68674fb47a8b8e741b34e429d86e9d
libtool 2.4 md5:b32b04148ecdd7344abc6fe8bd1bb021
libxml2 2.9.9 sha256:94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871
libxslt 1.1.30 sha256:ba65236116de8326d83378b2bd929879fa185195bc530b9d1aba72107910b6b3
libyaml 0.1.7 sha256:8088e457264a98ba451a90b8661fcb4f9d6f478f7265d48322a196cec2480729
makedepend 1.0.5 md5:efb2d7c7e22840947863efaedc175747
ncurses 5.9 md5:8cb9c412e5f2d96bc6f459aa8c6282a1
nokogiri 3.5.1
openssl 1.0.2t sha256:14cb464efe7ac6b54799b34456bd69558a749a4931ecfd9cf9f71d7881cac7bc
pkg-config-lite 0.28-1 md5:61f05feb6bab0a6bbfab4b6e3b2f44b6
postgresql 9.6.9 sha256:b97952e3af02dc1e446f9c4188ff53021cc0eed7ed96f254ae6daf968c443e2e 9.2.10
preparation 1.0.0
ruby 2.4.9 sha256:f99b6b5e3aa53d579a49eb719dd0d3834d59124159a6d4351d1e039156b1c6ae
rubygems 3.5.1
td 3.5.1
td-agent 3.5.1
td-agent-cleanup 3.5.1
td-agent-files 3.5.1
util-macros 1.18.0 md5:fd0ba21b3179703c071bbb4c3e5fb0f4
version-manifest 0.0.1
xproto 7.0.25 md5:a47db46cb117805bd6947aa5928a7436
zlib 1.2.11 sha256:c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1

Failing installation:

gem install fluent-plugin-splunk-ex

Building native extensions. This could take a while...
ERROR: Error installing fluent-plugin-splunk-ex:
ERROR: Failed to build gem native extension.

current directory: /var/lib/gems/2.5.0/gems/msgpack-0.5.12/ext/msgpack

/usr/bin/ruby2.5 -r ./siteconf20191210-1208-ozz1t6.rb extconf.rb
checking for ruby/st.h... yes
checking for st.h... yes
checking for rb_str_replace() in ruby.h... yes
checking for rb_intern_str() in ruby.h... yes
checking for rb_sym2str() in ruby.h... yes
checking for rb_str_intern() in ruby.h... yes
creating Makefile

current directory: /var/lib/gems/2.5.0/gems/msgpack-0.5.12/ext/msgpack
make "DESTDIR=" clean

current directory: /var/lib/gems/2.5.0/gems/msgpack-0.5.12/ext/msgpack
make "DESTDIR="
compiling buffer.c
compiling buffer_class.c
compiling core_ext.c
core_ext.c: In function ‘MessagePack_core_ext_module_init’:
core_ext.c:121:22: error: ‘rb_cFixnum’ undeclared (first use in this function); did you mean ‘rb_isalnum’?
rb_define_method(rb_cFixnum, "to_msgpack", Fixnum_to_msgpack, -1);
^~~~~~~~~~
rb_isalnum
core_ext.c:121:22: note: each undeclared identifier is reported only once for each function it appears in
core_ext.c:122:22: error: ‘rb_cBignum’ undeclared (first use in this function); did you mean ‘rb_cFixnum’?
rb_define_method(rb_cBignum, "to_msgpack", Bignum_to_msgpack, -1);
^~~~~~~~~~
rb_cFixnum
Makefile:242: recipe for target 'core_ext.o' failed
make: *** [core_ext.o] Error 1

make failed, exit code 2

Gem files will remain installed in /var/lib/gems/2.5.0/gems/msgpack-0.5.12 for inspection.
Results logged to /var/lib/gems/2.5.0/extensions/x86_64-linux/2.5.0/msgpack-0.5.12/gem_make.out

Configure Certs for SSL

Can we configure certs in this plugin for encrypted communication with our splunk server?
Thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.