A Python logging handler that sends your logs to Splunk
Project description
Splunk Handler
Splunk Handler is a Python Logger for sending logged events to an installation of Splunk Enterprise.
This logger requires the destination Splunk Enterprise server to have enabled and configured the Splunk HTTP Event Collector.
A Note on Using with AWS Lambda
AWS Lambda has a custom implementation of Python Threading, and does not signal when the main thread exits. Because of this, it is possible to have Lambda halt execution while logs are still being processed. To ensure that execution does not terminate prematurely, Lambda users will be required to invoke splunk_handler.force_flush directly as the very last call in the Lambda handler, which will block the main thread from exiting until all logs have processed.
from splunk_handler import force_flush
def lambda_handler(event, context):
do_work()
force_flush() # Flush logs in a blocking manner
Installation
Pip:
pip install splunk_handler
Manual:
python setup.py install
Usage
from splunk_handler import SplunkHandler
Then use it like any other regular Python logging handler.
Example:
import logging
from splunk_handler import SplunkHandler
splunk = SplunkHandler(
host='splunk.example.com',
port='8088',
token='851A5E58-4EF1-7291-F947-F614A76ACB21',
index='main'
#hostname='hostname', # manually set a hostname parameter, defaults to socket.gethostname()
#source='source', # manually set a source, defaults to the log record.pathname
#sourcetype='sourcetype', # manually set a sourcetype, defaults to 'text'
#verify=True, # turn SSL verification on or off, defaults to True
#timeout=60, # timeout for waiting on a 200 OK from Splunk server, defaults to 60s
#flush_interval=15.0, # send batch of logs every n sec, defaults to 15.0, set '0' to block thread & send immediately
#queue_size=5000, # a throttle to prevent resource overconsumption, defaults to 5000
#debug=False, # turn on debug mode; prints module activity to stdout, defaults to False
#retry_count=5, # Number of retry attempts on a failed/erroring connection, defaults to 5
#retry_backoff=2.0, # Backoff factor, default options will retry for 1 min, defaults to 2.0
)
logging.getLogger('').addHandler(splunk)
logging.warning('hello!')
I would recommend using a JSON formatter with this to receive your logs in JSON format. Here is an open source one: https://github.com/madzak/python-json-logger
Logging Config
Sometimes it's a good idea to create a logging configuration using a Python dict
and the logging.config.dictConfig function. This method is used by default in Django.
Here is an example dictionary config and how it might be used in a settings file:
import os
# Splunk settings
SPLUNK_HOST = os.getenv('SPLUNK_HOST', 'splunk.example.com')
SPLUNK_PORT = int(os.getenv('SPLUNK_PORT', '8088'))
SPLUNK_TOKEN = os.getenv('SPLUNK_TOKEN', '851A5E58-4EF1-7291-F947-F614A76ACB21')
SPLUNK_INDEX = os.getenv('SPLUNK_INDEX', 'main')
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'json': {
'()': 'pythonjsonlogger.jsonlogger.JsonFormatter',
'format': '%(asctime)s %(created)f %(exc_info)s %(filename)s %(funcName)s %(levelname)s %(levelno)s %(lineno)d %(module)s %(message)s %(pathname)s %(process)s %(processName)s %(relativeCreated)d %(thread)s %(threadName)s'
}
},
'handlers': {
'splunk': {
'level': 'DEBUG',
'class': 'splunk_handler.SplunkHandler',
'formatter': 'json',
'host': SPLUNK_HOST,
'port': SPLUNK_PORT,
'token': SPLUNK_TOKEN,
'index': SPLUNK_INDEX,
'sourcetype': 'json',
},
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
}
},
'loggers': {
'': {
'handlers': ['console', 'splunk'],
'level': 'DEBUG'
}
}
}
Then, do logging.config.dictConfig(LOGGING) to configure your logging.
Note: I included a configuration for the JSON formatter mentioned above.
Retry Logic
This library uses the built-in retry logic from urllib3 (a retry counter and a backoff factor). Should the defaults not be desireable, you can find more information about how to best configure these settings in the urllib3 documentation.
Contributing
Feel free to contribute an issue or pull request:
- Check for existing issues and PRs
- Fork the repo, and clone it locally
- Create a new branch for your contribution
- Push to your fork and submit a pull request
License
This project is licensed under the terms of the MIT license.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file splunk_handler-2.1.1.tar.gz.
File metadata
- Download URL: splunk_handler-2.1.1.tar.gz
- Upload date:
- Size: 7.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.4.3 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f7266f31a6cfd6a3eb9f85cafef0da469154f6c0364ff0a240d6777bb62c3411 |
|
| MD5 | ef079abdb07c4e6fcaff2a3392365bee |
|
| BLAKE2b-256 | 99ea32710a12ecb2dd714a633b96726a8a9a877b21b04fb902740f74a2d2f85b |
File details
Details for the file splunk_handler-2.1.1-py2.py3-none-any.whl.
File metadata
- Download URL: splunk_handler-2.1.1-py2.py3-none-any.whl
- Upload date:
- Size: 7.7 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.4.3 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8b61f5a5a9795571e8820fb3f707a8d1f7cf4a493cf0cff71637e2b5c2ac7f6a |
|
| MD5 | 4bbed6a5fb39500a9b8e8fc852571e6e |
|
| BLAKE2b-256 | bf77fde231cca7bacc7d6a9f2aaec3ec046b5f1b519d303738588213589e15d4 |
