Installing splunk and forwarder

app.js

var express = require('express');
var app = express();
var router = express.Router();

router.use(function(req, res, next) {
  console.log('sample_app: %s %s', req.method, req.url);
  next();
});

router.use(function(req, res, next) {
  res.send('Hello World');
});

app.use('/', router);

app.listen(3000);

instructions.md

Installing the splunk server

1. Download the appropriate distro: http://www.splunk.com/download
2. Start splunk: sudo /opt/splunk/bin/splunk start
3. It will ask for a password. The default is admin/changeme
4. Enable splunk to listen on an external port sudo /opt/splunk/bin/splunk enable listen 9997

Installing splunk forwarder

1. Download the appropriate distro: http://www.splunk.com/download/universalforwarder
2. Configure the forwarder to connect to splunk server: sudo /opt/splunkforwarder/bin/splunk add forward-server 192.168.0.5:9997
3. Start the forwarder: sudo /opt/splunkforwarder/bin/splunk start
4. When prompted for password, use the same as the splunk server: admin/changeme
5. Ask the splunk forwarder to monitor syslog: sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/syslog

Starting a nodejs application

1. Install slc: npm install -g strongloop
2. Run your application with atleast cluster=1: sudo slc run --cluster 1 --syslog

Run requests against the sample app (using the app files on this gist)

1. curl http://localhost:3000?msg=this_is_a_test
2. Now you should be able to search for this_is_a_test on the splunk console

package.json

{
  "version": "0.0.1",
  "main": "app.js",
  "bin": "server.js",
  "scripts": {
    "start": "node app.js"
  },
  "dependencies": {
    "express": "4.x"
  },
  "optionalDependencies": {
  },
  "name": "sample_app"
}