-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Webservice Target for Splunk
Rolf Kristensen edited this page Nov 24, 2019
·
5 revisions
- You have to authorize against splunk see header attribute
- Your content must be wrapped in
<parameter name="event">
<target xsi:type="WebService"
name="Splunk"
url="http(s)://SPLUNKSERVER/services/collector/event"
protocol="JsonPost"
encoding="utf-8"
preAuthenticate="true">
<header name='Authorization' layout='Splunk YOURTOKEN' />
<!--
OR from config
<header name='Authorization' layout='Splunk ${configsetting:name=Splunk.Token}' />
-->
<parameter name='sourcetype' layout='_json'/>
<parameter name="event">
<layout xsi:type="JsonLayout">
<attribute name="Exception" encode="false" layout="${exception:format=@}" />
<attribute name="Logger" layout="${logger}" />
<attribute name="Level" layout="${level}"/>
<attribute name="Date" layout="${longdate}"/>
</layout>
</parameter>
</target>
Setup Splunk Input:
- From the Splunk
Settings
, selectData Inputs
- Click
Add new
for TCP (or UDP) - Configure the TCP (or UDP) port to use
- On the page
Input Settings
you can (optionally) specify various things about the data you are going to be sending. There are two particularly useful settings here, thesourcetype
andindex
- Click Review and then Submit
Setup NLog Network Target:
<target xsi:type="Network"
name="Splunk"
address="tcp://<splunk-address>:<splunk-port>"
newLine="true"
layout="${level}|${logger}|${message}|{exception:format=tostring}">
</target>
Splunk supports SYSLOG format for TCP/UDP, so maybe try out NLog.Targets.Syslog
Notice that UDP-protocol has restrictions for log-message size, so they can become discarded.
- Troubleshooting Guide - See available NLog Targets and Layouts: https://nlog-project.org/config
- Getting started
- How to use structured logging
- Troubleshooting
- FAQ
-
All targets, layouts and layout renderers
Popular: - Using NLog with NLog.config
- Using NLog with appsettings.json