Home‎ > ‎News‎ > ‎

Splunk in the Cloud

posted 31 Jul 2013, 04:40 by Jan Larsson   [ updated 27 Sept 2013, 01:52 ]
Now you can use the logserver Splunk not only for free but also as a cloud service. If you're not familiar with splunk, it's the best log server ever created.

Check it out at http://www.splunkstorm.com

Using curl in a cronjob I now upload my 'access_combined' log every hour to get it indexed, very smooth and convenient.

Code

ACCESS_TOKEN='<value from splunk API>'
PROJECT_ID='<value from splunk API>'
SOURCETYPE='access_combined'
ADDRESS="https://api.splunkstorm.com/1/inputs/http?index=${PROJECT_ID}&sourcetype=${SOURCETYPE}"
FILENAME='/var/log/apache2/access.log'
curl -u x:${ACCESS_TOKEN} ${ADDRESS} -H "Content-Type: text/plain" --data-binary @$FILENAME

Save the code as 'send_to_splunk.sh' and create a cronjob

# sudo crontab -e
# make it run every hour
00 * * * *    /path/send_to_splunk.sh


Comments