Is anyone sending edge platform (not api proxy) lo...

david_ryan · 04-13-2016 10:11 AM

sarthak

Yes I believe so.

If you scroll down to the comment from @gbhandari here: https://community.apigee.com/articles/13298/log-messages-into-splunk.html you will see he is specifically talking about sending system logs to splunk.

david_ryan

sarthak - Just resurrecting this conversion. I'd like to avoid installing splunk agents on all of the servers (quite a few of them to install and manage). We're looking specifically into using the Splunk HTTP Event Collector (http://dev.splunk.com/view/event-collector/SP-CAAAE6M) to send platform/system logs to Splunk. It seems there is a way possibly to configure logback to send logs to HEC so I'm wondering if this is possible in the OPDK?

sarthak

@Maudrit @Paul Mibus @Christin do you guys know answer to @David Ryan's question here?

paulmibus

There are two main ways to do this: Either have a Splunk agent pull all logs under /opt/apigee/var/log into Splunk directly, or forward local logs to a Splunk syslog destination. The post at https://community.apigee.com/articles/30200/sending-apigee-service-logs-to-a-remote-syslog-des.html details one way to do the latter.

Sending logs directly to a syslog target is not recommended since we use a mix of log4j, logback, and custom logging solutions and our config management system does not work with manual config file edits.

Is anyone sending edge platform (not api proxy) logs to splunk for centralized logging?