In order to send application logs to Splunk to need to setup a sidecar for the Gateway Manager using the official Splunk Universal Forwarder Image. Apiida’s API Gateway Manager saves its log files to /var/www/html/var/logs/*. In order to push these logs to Splunk you need to mount this directory to a shared volume that can be accessed by the Gatewayy Manger (needing write permissions) and the Splunk sidecar.
This is an example docker-compose file, that works starting Spring21.2 release. For prior releases (or other scenarios like OpenShift deployments) refer to the documentation of your container environment on how to setup data sharing between containers.
Code Block |
---|
version: '3'
services:
aagmdb:
image: mariadb:10.4
ports:
- "3307:3306"
environment:
- 'MYSQL_ROOT_PASSWORD=327KHJ4aHPRnqW9c'
- 'MYSQL_DATABASE=aagm'
- 'MYSQL_USER=aagm_user'
- 'MYSQL_PASSWORD=ag72iUphcpE9K9hY'
restart: always
volumes:
- aagmdb-vol:/var/lib/mysql
aagm:
image: apiida/aagm:latest
ports:
- '443:10443'
restart: always
volumes:
- ./opt/aagm:/opt/aagm:rw
- aagmlog-vol:/var/www/html/var/logs:rw
depends_on:
- aagmdb
links:
- aagmdb
splunk-forwarder:
image: splunk/universalforwarder
volumes:
- aagmlog-vol:/var/log/aagm
environment:
- 'SPLUNK_START_ARGS=--accept-license'
- 'SPLUNK_PASSWORD=SuperSecurePassword123!'
volumes:
aagmdb-vol:
aagmlog-vol: |
After starting the images you can bash into the Splunk container and configure the Universal Forwarder like described in Splunk’s documentation. AAGM’s log files are available at /var/log/aagm within the Splunk container.