Configuring Local Edition to Send Logs to Splunk

You can configure TIBCO Cloud™ API Management - Local Edition with Splunk to monitor log information.

Complete the following steps to send logs to Splunk.

1. Configure the log pod/container to send access logs to a separate fluentd or td-agent server using Forward output. Refer the access logs of Recipe for Forward.
2. On the external fluentd or td-agent server install the output plugin.

   For more information see fluentd documents and GitHub.

3. After setting up fluentd, edit the fluent.conf content at /etc/fluent/fluent.conf with the following content.

   <system>
     # trace equal to -vv option
     # debug equal to -v option
     log_level info
     #change the worker count as per requirement
     workers 5
   </system>
    
   <worker 0-4>
     <source>
       @type  forward
       port  24224
      </source>
      <match tml-enriched-logs>
           @type splunk_hec
           host <splunk host_name>
           port <port>
           token 00000000-0000-0000-0000-000000000000
    
           # metadata parameter
           default_source tml-access-log
           default_index tml-access-log
      </match>
   </worker>

   Note: You can edit the settings as per information available on GitHub and can also use the other configurable parameters given on this page.
4. Restart the fluentd service.

Splunk now can be used to see data on index that is provided in the above fluentd's configuration.