Skip to content
This repository has been archived by the owner on Jun 23, 2022. It is now read-only.

maciur/TrafficComet.Splunk

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits

TrafficComet.Splunk.LogWriter.Abstracts

TrafficComet.Splunk.LogWriter.Abstracts

 
 

TrafficComet.Splunk.LogWriter.Documents

TrafficComet.Splunk.LogWriter.Documents

 
 

TrafficComet.Splunk.LogWriter

TrafficComet.Splunk.LogWriter

 
 

samples/SimpleWebApi/TrafficComet.WebApiTest

samples/SimpleWebApi/TrafficComet.WebApiTest

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

TrafficComet.Splunk.sln

TrafficComet.Splunk.sln

 
 

Repository files navigation

TrafficComet.Splunk

Tool for saving information about (request/response) traffic from website written in .Net Core 2.1 in Splunk

Simple Instalation

Run command in Nuget Package Manager

Install-Package TrafficComet.Splunk.LogWriter

Edit Startup file like below :

public class Startup
{
  	public IConfiguration Configuration { get; }
  
	public void ConfigureServices(IServiceCollection services)
	{
		services.AddMvc();
		services.AddTrafficCometSplunkLogWriter(Configuration);
		services.AddTrafficCometSplunkHealthChecker();
	}

	public void Configure(IApplicationBuilder app, IHostingEnvironment env)
	{
		app.UseTrafficComet();
		app.UseMvc();
	}
}

Add configuration to appsettings.js :

  "TrafficComet": {
    "Writers": {
      "Splunk": {
        "Services": {
          "EventsAtOnce": 10
        },
        "Collectors": {
          "Http": {
            "Url": "URL of Splunk Http Collector",
            "EndPoint": "services/collector",
            "HealthEndPoint": "services/collector/health",
            "Token": "Token from Splunk Http Collector",
            "Index": "Name of index where all logs will be stored",
            "RequestsIndexPrefix": "requests",
            "ResponsesIndexPrefix": "responses"
          },
          "Folder": {
            "Path": "Where Traffic Coment will save json log files when Splunk or Http Collector is down",
            "RootFolder": "root",
            "RequestsFolder": "requests",
            "ResponsesFolder": "responses"
          }
        }
      }
    },
    "Middleware": {
      "Root": {
        "ApplicationId": "WebApiTest"
      }
    }
  }

Splunk Configuration

Indexes

Create a new 3 indexes in Splunk:

  • Root index - index should have same name like value in Splunk.Collectors.Http.Index property from config file,
  • Second index for requests logs - {index-root-name}-{value from RequestsIndexPrefix from config file}
  • Third index for responses logs - {index-root-name}-{value from ResponsesIndexPrefix from config file}

HEC

Create and configure HEC in Splunk https://docs.splunk.com/Documentation/Splunk/7.2.3/Data/UsetheHTTPEventCollector

Files & Directories

Configure Splunk to load logs from Directory https://docs.splunk.com/Documentation/Splunk/7.2.3/Data/MonitorfilesanddirectorieswithSplunkWeb

  • Load logs from Splunk.Collectors.Folder.Path to root index
  • Load logs from Splunk.Collectors.Folder.RequestsFolder to {index-root-name}-{value from RequestsIndexPrefix from config file}
  • Load logs from Splunk.Collectors.Folder.ResponsesFolder to {index-root-name}-{value from ResponseIndexPrefix from config file}

About

Plugin for TrafficComet to use Splunk as storage for traffic logs

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages