JSON logging, to Splunk

Jernej Porenta jernej.porenta at arnes.si
Mon Oct 6 14:00:49 CEST 2014


On 06/10/14 13:19, Patrick Proniewski wrote:
> On 6 oct. 2014, at 09:00, Patrick Proniewski <Patrick.Proniewski at univ-lyon2.fr> wrote:
>
>> On 5 oct. 2014, at 23:07, Mark Martinec <Mark.Martinec+amavis at ijs.si> wrote:
>>
>>> 2014-10-05 20:17, Jernej Porenta wrote:
>>>> a while ago, Mark Martinec wrote a script that pulls Redis logs out to
>>>> standard output, which can be easily fed into splunk.
>>>> With a little help of a skilled perl programmer, I am totally sure you
>>>> can extend attached script to do whatever you want ;)
>>>
>>> Indeed, my little program offers all that: locking and queuing is
>>> handled by Redis, so the consumer process (e.g. Splunk) would be
>>> nicely decoupled from amavisd. Even better would be to persuade
>>> Splunk folks to provide an input module to pull JSON records from
>>> a Redis queue directly.
>>
>> It looks very promising! I'll test ASAP and keep you posted. Thank you.
>
>
>
> After some testing, it appears the script won't quit. That's a problem for Splunk as it waits for a clean return from the script to process data.
> How should I edit the script to make sure it quits cleanly after pulling redis records?

You can make script output appending a file (maybe even a fifo file) and 
Splunk to read from that file instead of running script from Splunk...

cheers, Jernej


More information about the amavis-users mailing list