At the end of a recent blog post on DevOps Splunk integration with Apprenda, I teased an additional Splunk integration targeted at developers, specifically for applications. Today we are pleased to announce that the beta version of this developer-focused integration is now complete.
The first integration I wrote about meets the needs of a number of uses cases we’ve seen in the wild. But that wasn’t enough. We wanted to create an integration with more fine-grained control of the type of information that will be stored in Splunk.
We also wanted to give Splunk administrators a method for separating data by index, versus having Splunk place everything in the main index. This gives operations teams a method for securing access to data in finer-grained groups.
Finally, we wanted to give developers an option to integrate with Splunk by enabling them to better utilize their existing logging investments in log4j and log4net.
This new integration will make use of the Splunk REST API in order to create and write to Splunk indexes. Out of the box, the integration supports an index-per-dev-team model, though it could certainly be modified by the Apprenda Client Services team to support other configurations.
With this in mind, a Splunk account will need to be created that has the ability to create indexes and write to the indexes it creates. It will also need to be configured to receive messages from external sources. Outside of Splunk, appropriate ports will need to be open between Apprenda application nodes and the Splunk Enterprise server.
This integration supports applications with existing calls to log4j and log4net. Existing appenders will be swapped out with libraries from the integration package by the application bootstrap policy. If the application doesn’t have log4net/log4j calls, functionality can be added by adding log4net/log4j functionality to your application or by using the Apprenda logging API, which will send log entries to Splunk when the integration is applied to your application.
At this point, the platform will use your existing log4net/log4j/Apprenda logging API calls to send data to the dev-team-name index in Splunk.
With this integration, applications will now be able to log to Splunk and fully use your existing investments to better serve your organization’s needs. If you plan to use this integration, we’d advise bookmarking this page, as any updates to the integration will be posted here.
Hi,
Thanks for the article.
Can this be implemented in ELK. any reference.
Thanks &REgards
Anwar,
You’re welcome. We actually took this early work and created a whole new feature to do log forwarding to systems like Splunk and ELK. If you’re interested in that, check out this project on our public github repository.
https://github.com/apprenda/apprenda-logstash-publisher