Varnishlog and Splunk
marc.fournier at camptocamp.com
Fri Apr 26 11:11:24 CEST 2013
Excerpts from Graham Lyons's message of 2013-04-25 12:16:01 +0200:
> Has anyone had any experience of putting output from varnishlog into
> Splunk? My experience of Splunk so far has involved access log type
> sources with events on separate lines, which is obviously quite different
> to what comes out of varnishlog.
> If there's any prior art it would interesting to hear.
I have no experience with splunk, but I know such a plugin has been added
to logstash recently: https://github.com/logstash/logstash/pull/422
Leaving the splunk vs logstash debate for another time, what I'd like to
point out is that the way it was done for logstash is probably the way to
go for splunk too: grab the varnish API bindings for your favorite language
and directly push the logs to splunk as structured data, instead of trying
to parse and recompose the multi-line output of varnishlog.
More information about the varnish-misc