/
Sending application logs to Splunk

APIIDA API Gateway Manager

Sending application logs to Splunk

In order to send application logs to Splunk to need to setup a sidecar for the Gateway Manager using the official Splunk Universal Forwarder Image. Apiida’s API Gateway Manager saves its log files to /var/www/html/var/logs/*. In order to push these logs to Splunk you need to mount this directory to a shared volume that can be accessed by the Gateway Manger (needing write permissions) and the Splunk sidecar.

This is an example docker-compose file, that works starting the Spring21.2 release. For prior releases (or other scenarios like OpenShift deployments) refer to the documentation of your container environment on how to setup data sharing between containers.

version: '3' services: aagmdb: image: mariadb:10.4 ports: - "3307:3306" environment: - 'MYSQL_ROOT_PASSWORD=327KHJ4aHPRnqW9c' - 'MYSQL_DATABASE=aagm' - 'MYSQL_USER=aagm_user' - 'MYSQL_PASSWORD=ag72iUphcpE9K9hY' restart: always volumes: - aagmdb-vol:/var/lib/mysql aagm: image: apiida/aagm:latest ports: - '443:10443' restart: always volumes: - ./opt/aagm:/opt/aagm:rw - aagmlog-vol:/var/www/html/var/logs:rw depends_on: - aagmdb links: - aagmdb splunk-forwarder: image: splunk/universalforwarder volumes: - aagmlog-vol:/var/log/aagm environment: - 'SPLUNK_START_ARGS=--accept-license' - 'SPLUNK_PASSWORD=SuperSecurePassword123!' volumes: aagmdb-vol: aagmlog-vol:

After starting the images you can bash into the Splunk container and configure the Universal Forwarder like described in Splunk’s documentation. AAGM’s log files are available at /var/log/aagm within the Splunk container if you use the above settings.

 

Related pages