Created
September 12, 2018 16:42
-
-
Save mesmacosta/585c20facea2ba0daaf10dcf09743fdd to your computer and use it in GitHub Desktop.
Simple examples to demonstrate using the SplunkJavaLogging framework
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.splunk.dev.logging.examples; | |
import org.slf4j.Logger; | |
import org.slf4j.LoggerFactory; | |
import com.dtdsoftware.splunk.logging.SplunkLogEvent; | |
import com.dtdsoftware.splunk.logging.SplunkLogEventFactory; | |
/** | |
* Simple examples to demonstrate using the SplunkJavaLogging framework | |
* For these examples I am using the SLF4J facade, and you can plug in jdk logging, log4j or logback as the underlying implementation. | |
* | |
* @author ddallimore | |
* | |
*/ | |
public class SplunkJavaLoggingExamples { | |
public static void main(String[] args) { | |
simpleLogExample(); | |
splunkLogEventExample(); | |
throwableExample(); | |
splunkLogEventFactoryExample(); | |
} | |
/** | |
* Just log as usual, and wire up a Splunk REST/TCP appender to forward the event to Splunk | |
*/ | |
private static void simpleLogExample() { | |
// get your logger | |
Logger logger = LoggerFactory.getLogger("splunk.logger"); | |
// log a regular string | |
logger.info("REST for the wicked"); | |
logger.error("Something bad happened"); | |
} | |
/** | |
* Format the log message to adhere to Splunk best practice logging semantics | |
*/ | |
private static void splunkLogEventExample() { | |
// get your logger | |
Logger logger = LoggerFactory.getLogger("splunk.logger"); | |
// create a SplunkLogEvent with a date and values quoted | |
SplunkLogEvent event = new SplunkLogEvent("Failed Login", "someID"); | |
// other constructor use cases | |
// don't prepend a date and don't quote values | |
// SplunkLogEvent event = new | |
// SplunkLogEvent("Failed Login","someID",false,false); | |
// don't add an event name & id in the constructor | |
// SplunkLogEvent event = new SplunkLogEvent(); | |
// add SPLUNK CIM fields either using setter methods | |
event.setAuthApp("myapp"); | |
event.setAuthUser("jane"); | |
// add a custom field | |
event.addPair("somefieldname", "foobar"); | |
// log a splunk log event generated string | |
logger.info(event.toString()); | |
} | |
/** | |
* Log an Error/Exception/Throwable and handle the stacktrace elements in | |
* Splunk as a multi value field | |
*/ | |
private static void throwableExample() { | |
// get your logger | |
Logger logger = LoggerFactory.getLogger("splunk.logger"); | |
try { | |
throwThrowable(); | |
} catch (Throwable e) { | |
SplunkLogEvent event = new SplunkLogEvent("Throwable caught", ""); | |
event.addThrowable(e); | |
logger.info(event.toString()); | |
} | |
try { | |
throwError(); | |
} catch (Throwable e) { | |
SplunkLogEvent event = new SplunkLogEvent("Error caught", ""); | |
event.addThrowable(e); | |
logger.info(event.toString()); | |
} | |
try { | |
throwException(); | |
} catch (Throwable e) { | |
SplunkLogEvent event = new SplunkLogEvent("Exception caught", ""); | |
event.addThrowable(e); | |
logger.info(event.toString()); | |
} | |
} | |
public static void throwException() throws Exception { | |
throw new Exception("Here is a caught Exception"); | |
} | |
public static void throwError() { | |
throw new Error("Error, Error, Error"); | |
} | |
public static void throwThrowable() throws Throwable { | |
throw new Throwable("Something bad happened"); | |
} | |
/** | |
* Create SplunkLogEvent templates for better pattern reuse throughout your application | |
*/ | |
private static void splunkLogEventFactoryExample() { | |
// get your logger | |
Logger logger = LoggerFactory.getLogger("splunk.logger"); | |
// create a reusable template for login events | |
SplunkLogEvent loginEvent = new SplunkLogEvent(); | |
// add a custom field | |
loginEvent.addPair("event", "login"); | |
//register the template | |
SplunkLogEventFactory.addTemplate("login", loginEvent); | |
// create a reusable template for logout events | |
SplunkLogEvent logoutEvent = new SplunkLogEvent(); | |
// add a custom field | |
logoutEvent.addPair("event", "logout"); | |
//register the template | |
SplunkLogEventFactory.addTemplate("logout", logoutEvent); | |
try { | |
//get an object instance from a template | |
SplunkLogEvent event = SplunkLogEventFactory.getInstanceFromTemplate("login"); | |
event.setAuthSrc("192.168.1.100"); | |
event.setAuthUser("fred"); | |
// log a splunk log event generated string | |
logger.info(event.toString()); | |
//get an object instance from a template | |
event = SplunkLogEventFactory.getInstanceFromTemplate("logout"); | |
event.setAuthUser("fred"); | |
// log a splunk log event generated string | |
logger.info(event.toString()); | |
} catch (Exception e) { | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment