LoggerSplunkBackend

About

A backend for the Elixir Logger that will send logs to the Splunk cloud HTTP Event Collector (HEC).

It may also work for on-prem installations of Splunk, but that has not been tested.

Supported options

• host: String.t. The URL of the Splunk HEC endpoint.
• token: String.t. The unique Splunk token.
• index: String.t. (optional) The Splunk index to log to.
• format: String.t. The logging format of the message. [default: "[$level] $message"].
• level: Atom.t. Minimum level for this backend. [default: :debug]
• metadata: Keyword.t | :all. Extra fields to be added when sending the logs. These will be merged with the metadata sent in every log message. (default: [])
• max_buffer: pos_integer. The number of messages to buffer before switching to a synchronous request.

Using it with Mix

To use it in your Mix projects, first add it as a dependency:

def deps do
  [{:logger_splunk_backend, "~> 2.0.0"}]
end

Then run mix deps.get to install it.

Configuration Examples

Runtime

Logger.add_backend {Logger.Backend.Splunk, :debug}
Logger.configure {Logger.Backend.Splunk, :debug},
  host: "https://https-inputs-XXX.splunkcloud.com/services/collector",
  token: "Splunk-token-goes-here",
  level: :debug,
  format: "[$level] $message\n"

Application config

config :logger,
  backends: [{Logger.Backend.Splunk, :error_log}, :console]

config :logger, :error_log,
  host: "https://https-inputs-XXX.splunkcloud.com/services/collector",
  token: "Splunk-token-goes-here",
  level: :error,
  format: "[$level] $message\n"

Log Examples

A log message such as Logger.info("here is a message") results in the following Splunk request:

{
  "host": "node_sname@host",
  "event": "[info] here is a message",
  "time": 123456.789,
  "sourcetype": "httpevent"
}