Sending application logs to Splunk

In order to send application logs to Splunk to need to setup a sidecar for the Gateway Manager using the official Splunk Universal Forwarder Image. Apiida’s API Gateway Manager saves its log files to /var/www/html/var/logs/*. In order to push these logs to Splunk you need to mount this directory to a shared volume that can be accessed by the Gateway Manger (needing write permissions) and the Splunk sidecar.

This is an example docker-compose file, that works starting the Spring21.2 release. For prior releases (or other scenarios like OpenShift deployments) refer to the documentation of your container environment on how to setup data sharing between containers.

version: '3'
services:

  aagmdb:
    image: mariadb:10.4
    ports: 
      - "3307:3306"
    environment:
      - 'MYSQL_ROOT_PASSWORD=327KHJ4aHPRnqW9c'
      - 'MYSQL_DATABASE=aagm'
      - 'MYSQL_USER=aagm_user'
      - 'MYSQL_PASSWORD=ag72iUphcpE9K9hY'
    restart: always
    volumes:
      - aagmdb-vol:/var/lib/mysql

  aagm:
    image: apiida/aagm:latest
    ports:
      - '443:10443'
    restart: always
    volumes:
      - ./opt/aagm:/opt/aagm:rw
      - aagmlog-vol:/var/www/html/var/logs:rw
    depends_on:
      - aagmdb
    links:
      - aagmdb

  splunk-forwarder: 
    image: splunk/universalforwarder
    volumes: 
      - aagmlog-vol:/var/log/aagm
    environment: 
      - 'SPLUNK_START_ARGS=--accept-license'
      - 'SPLUNK_PASSWORD=SuperSecurePassword123!'


volumes:
  aagmdb-vol:
  aagmlog-vol:

After starting the images you can bash into the Splunk container and configure the Universal Forwarder like described in Splunk’s documentation. AAGM’s log files are available at /var/log/aagm within the Splunk container if you use the above settings.

APIIDA API Gateway Manager

APIIDA API Gateway Manager

Sending application logs to Splunk

Related pages