Skip to content

marklogic-community/marklogic-monitoring-for-splunk

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
4 branches 2 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
gradle/wrapper
 
 
src/main
 
 
.gitignore
 
 
LICENSE
 
 
NOTICE
 
 
README.md
 
 
build.gradle
 
 
gradle.properties
 
 
gradlew
 
 
gradlew.bat
 
 
settings.gradle
 
 
MarkLogic Monitoring for Splunk Installation Configuration Inputs Macros Getting Help License

README.md

MarkLogic Monitoring for Splunk

MarkLogic Monitoring for Splunk provides configurations and pre-built dashboards that deliver real-time visibility into Error, Access, and Audit log events to monitor and analyze MarkLogic logs with Splunk.

Monitoring dashboard

Installation

Install this app the same way you would install any Splunk app:

  • Automatically from SplunkBase through Browse more apps
  • Manually: download the marklogic.spl file and install it in your Splunk instance

Configuration

The MarkLogic Monitoring app has source and sourcetype configurations with field extractions for the MarkLogic Error, Access, and Audit logs.

Forward your MarkLogic logs to Splunk, and consider whether you want to create a separate index for MarkLogic log events.

Inputs

Below are example stanzas that can be applied to your inputs.conf in order to monitor MarkLogic log events and send to a marklogic Splunk index.

#### Linux path for MarkLogic logs
[monitor:///var/opt/MarkLogic/Logs]
disabled = 0
whitelist = .*Log\.txt$
#index = marklogic

#### Mac OS X path for MarkLogic logs
[monitor://*/MarkLogic/Data/Logs]
disabled = 0
whitelist = .*Log\.txt$
#index = marklogic

#### Windows path for MarkLogic logs
[monitor://*\MarkLogic\Data\Logs]
disabled = 0
whitelist = .*Log\.txt$
#index = marklogic

Macros

The MarkLogic Monitoring dashboard queries make use of macros in order to construct base queries that target MarkLogic log events from the MarkLogic sourcetypes for Error, Access, and Audit logs

  • marklogic_index - search criteria limited to (index=main OR index=marklogic)
  • marklogic_access - restricts searches to the MarkLogic *_AccessLog.txt events
  • marklogic_audit - restricts searches to the MarkLogic AuditLog.txt events
  • marklogic_error - restricts searches to the *ErrorLog.txt events

You can change these by modifying the marklogic, marklogic_index, marklogic_error, marklogic_access, and marklogic_audit macros under Settings > Advanced search > Search macros.

Getting Help

Submit issues or feature requests at https://github.com/marklogic-community/marklogic-monitoring-for-splunk/issues

License

The MarkLogic Monitoring app is licensed under the Apache License 2.0. Details can be found in the LICENSE file.

About

MarkLogic Monitoring for Splunk provides configurations and pre-built dashboards that deliver real-time visibility into Error, Access, and Audit log events to monitor and analyze MarkLogic logs with Splunk.

splunkbase.splunk.com/app/4312/

Resources

Readme

License

View license

Stars

3 stars

Watchers

7 watching

Forks

1 fork
Report repository

Releases 2

v1.1.0 Latest
Oct 31, 2019
+ 1 release

Packages

No packages published

Contributors 2

  •  
  •  

Languages