A logging handler for Splunk. Lets you send information to Splunk directly from your Python code.
Make sure you replace the ***
with your credentials and specific API domain and run:
import logging
from splunk_logger import SplunkLogger
ACCESS_TOKEN = '***'
PROJECT_ID = '***'
API_DOMAIN = 'api-***.data.splunkstorm.com'
splunk_logger = SplunkLogger(access_token=ACCESS_TOKEN,
project_id=PROJECT_ID,
api_domain=API_DOMAIN)
logging.getLogger('').addHandler(splunk_logger)
logging.error('This is sent to splunk')
After a couple of seconds of waiting for Splunk to process the new information, you should be able to see something like this in the web interface:
{
data : "This is sent to splunk",
level : "ERROR",
line : 1,
module : "<stdin>"
}
When using the code in a real Python program, and not from the python console, the real line number and module name are used.
It is always a good idea to avoid hardcoded credentials in your source code. The module can fetch the credentials from a YAML file in the current directory or the user's home. The filename is named .splunk_logger
and has the following format:
credentials:
project_id: ***
access_token: ***
api_domain: api-***.data.splunkstorm.com
Once the file is in place, you can use the module as follows:
import logging
from splunk_logger import SplunkLogger
# No credentials specified here
splunk_logger = SplunkLogger()
logging.getLogger('').addHandler(splunk_logger)
logging.error('This is sent to splunk')
Another configuration source accepted by splunk logger is environment variables. Once again, you can use them to avoid hard-coding credentials in the source code:
SPLUNK_PROJECT_ID
SPLUNK_ACCESS_TOKEN
SPLUNK_API_DOMAIN
There are a couple of things which could be improved in this module
- The logger could be refactored to send the messages in an async manner, this will make
logging.foo()
calls return immediately instead of waiting for the log message to be sent. - Send messages in batches
Pull requests are more than welcome!
This package implements communication with Storm Splunk as specified here .
Report your issues and feature requests in Splunk Logger's issue tracker and I'll be more than glad to fix them.
- 30 Jun 2014: User needs to specify API endpoint domain. Fixes #2