Using logs for applications is a good way to identify errors, threats, profiling and many more critical facts. That is why developers prefer Fluent Bit. If we can analyse, query and visualise data in a meaningful manner, then the results will be more productive. That’s where Splunk comes in. In this post, I concentrate on how to have these two magnificent tools link in order to get the optimum outcome.
First I’ll explain the environment that this setup was tested on.
Splunk is a software for searching, monitoring, and analysing machine-generated big data via a Web-style interface. First we will take a look at the configuration that has to be done in Splunk. I hope you have a basic understanding of Splunk-related terminologies that are used here.
Let’s start with creating an Index in Splunk.
First - Provide a name
Now we are good to go ahead with Fluent Bit related changes. It’s all about the configuration file.
[INPUT] Name dummy [FILTER] Name nest Match * Operation nest Wildcard * Nest_under event [FILTER] Name modify Match * Add index flb_index [OUTPUT] Name splunk Match * Host <your splunk server ip goes here> Port 8088 TLS Off TLS.Verify Off Splunk_Token <your splunk HEC token goes here> Splunk_Send_Raw On
I am not going to describe the configuration parameter included here, because it has been clearly explained in the Fluent Bit documentation.
Once you run the Fluent Bit configuration file, you will be able to query the index from Splunk application.
Results will look something like below.
Done! It is quite straightforward and easy as that. Hope you will also find it easy too!
Extreme Programming (XP) has been one of the most polarizing and most hyped programming paradigms in the software industry.Read more
Your time estimate is your promise to the client. If you do not keep it, you will lose their trust.Read more
As advisor and consultant to European e-health startups, I see so many aspiring entrepreneurs popping up everyday. Most fail.Read more
Have you heard about this technology?Read more
LEAVE A COMMENT