How to redirect logs from Native Client application on Pivotal Cloud Foundry to Splunk
search cancel

How to redirect logs from Native Client application on Pivotal Cloud Foundry to Splunk

book

Article ID: 294299

calendar_today

Updated On:

Products

VMware Tanzu Gemfire

Issue/Introduction

Some Gemfire users have deployed Native Client (NC) instances to Pivotal Cloud Foundry (PCF) and want to redirect Native Client logs to Splunk for monitoring. The following is the documentation they usually referred to for configuring Native Client logging:
https://docs.vmware.com/en/VMware-GemFire/10.0/gf/about_gemfire.html 

However, beyond the information provided from the above link, how do you specify the Native Client logs to redirect to Splunk? Can you just replace the lopath attribute with a Splunk url?

Environment

OS: Windows

Resolution

Setting the Splunk receiver's URL using the NC's 'log-file' property does not redirect NC logs to splunk since this only works on the file system locally. To monitor NC's log, you need to install a Splunk universal forwarder and associate it with Native Client following the steps below:
 

  1. Configure receiving on a Splunk Enterprise instance or cluster.
  2. Download and install the universal forwarder.
  3. Start the universal forwarder and accept the license agreement. Some installers do this for you.
  4. Change the credentials on the universal forwarder from their defaults.
  5. Configure the universal forwarder to send data to the Splunk Enterprise instance.
  6. Configure the universal forwarder to act as a deployment client.
  7. Configure the universal forwarder to collect data from the host it is on.

The following link contains more details on the above steps:

https://docs.splunk.com/Documentation/Forwarder/7.3.1/Forwarder/HowtoforwarddatatoSplunkEnterprise

Once the above steps are completed, to integrate PCF with Splunk Enterprise, the following steps needs to be completed:

1. Create a Cloud Foundry Syslog Drain for Splunk
https://docs.pivotal.io/pivotalcf/2-4/devguide/services/log-management.html
2. Prepare Splunk for Cloud Foundry
3. Verify that Integration was Successful

Specifically on streaming application logs (e.g. Native Client application logs) to Splunk, the following link might be helpful for more detailed information about the above steps:

https://docs.pivotal.io/pivotalcf/2-4/devguide/services/integrate-splunk.html


Powered by Wolken Software