pythonpython-3.xsplunkpython-loggingsplunk-sdk

Pushing logs from python to Splunk


How can we push Python Application logs to Splunk. what are the prerequisite.Should we first convert out logs in structured format(key-value based) before sending to Splunk?

There is a package splunk_handler for pushing logs to splunk but i could not found any documentation with practical working example.I just have gitbub page for this package but that does not have any practical implementation.

Please help on this


Solution

  • There are a couple of ways to do that. The first is to install Splunk's Universal Forwarder (UF) and have it monitor the file(s) where the logs are written. The UF will handle sending the logs to Splunk. You do not have to convert the logs, but may have to configure Splunk to interpret them correctly.

    The second method is to send the logs directly to Splunk's HTTP Event Collector (HEC). There is a Python class to do that available on GitHub at https://github.com/georgestarcher/Splunk-Class-httpevent .