title |
---|
splunk-hec-logging |
The splunk-hec-logging
plugin is used to forward the request log of Apache APISIX
to Splunk HTTP Event Collector (HEC)
for analysis and storage. After the plugin is enabled, Apache APISIX
will obtain request context information in Log Phase
serialize it into Splunk Event Data format and submit it to the batch queue. When the maximum processing capacity of each batch of the batch processing queue or the maximum time to refresh the buffer is triggered, the data in the queue will be submitted to Splunk HEC
.
For more info on Batch-Processor in Apache APISIX please refer to: Batch-Processor
Name | Requirement | Default | Description |
---|---|---|---|
endpoint | required | Splunk HEC endpoint configuration info | |
endpoint.uri | required | Splunk HEC event collector API | |
endpoint.token | required | Splunk HEC authentication token | |
endpoint.channel | optional | Splunk HEC send data channel identifier, refer to: About HTTP Event Collector Indexer Acknowledgment | |
endpoint.timeout | optional | 10 | Splunk HEC send data timeout, time unit: (seconds) |
ssl_verify | optional | true | enable SSL verification, option as per OpenResty docs
|
The plugin supports the use of batch processors to aggregate and process entries(logs/data) in a batch. This avoids frequent data submissions by the plugin, which by default the batch processor submits data every 5
seconds or when the data in the queue reaches 1000
. For information or custom batch processor parameter settings, see Batch-Processor configuration section.
The following is an example of how to enable the splunk-hec-logging
for a specific route.
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins":{
"splunk-hec-logging":{
"endpoint":{
"uri":"http://127.0.0.1:8088/services/collector",
"token":"BD274822-96AA-4DA6-90EC-18940FB2414C",
"channel":"FE0ECFAD-13D5-401B-847D-77833BD77131",
"timeout":60
},
"buffer_duration":60,
"max_retry_count":0,
"retry_delay":1,
"inactive_timeout":2,
"batch_max_size":10
}
},
"upstream":{
"type":"roundrobin",
"nodes":{
"127.0.0.1:1980":1
}
},
"uri":"/splunk.do"
}'
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins":{
"splunk-hec-logging":{
"endpoint":{
"uri":"http://127.0.0.1:8088/services/collector",
"token":"BD274822-96AA-4DA6-90EC-18940FB2414C"
}
}
},
"upstream":{
"type":"roundrobin",
"nodes":{
"127.0.0.1:1980":1
}
},
"uri":"/splunk.do"
}'
splunk-hec-logging
plugin$ curl -i http://127.0.0.1:9080/splunk.do?q=hello
HTTP/1.1 200 OK
...
hello, world
Disabling the splunk-hec-logging
plugin is very simple, just remove the JSON
configuration corresponding to splunk-hec-logging
.
$ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/hello",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
}'
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。