Varnishlog and Splunk

jonathan.huot at thomsonreuters.com jonathan.huot at thomsonreuters.com
Tue Apr 30 15:29:30 CEST 2013 

Hi Graham,

Splunk didn’t care with separate lines or not, it’s all about regexp. You can setup your Splunk events by adding any separator you want. It can be a line feeds or any separator (ReqStart/ReqEnd)
Currently, we’re fetching records (about 10 lines for each record) using Splunk without any issues.

However, I will suggest you to use varnishncsa instead of varnishlog because the main purpose of ncsa is to write one line for each requests. You can setup the “-F “ option to add more HTTP headers if needed.


Jonathan Huot
Phone: +33(0)1.47.62.78.65

From: varnish-misc-bounces at varnish-cache.org [mailto:varnish-misc-bounces at varnish-cache.org] On Behalf Of Graham Lyons
Sent: jeudi 25 avril 2013 12:16
To: varnish-misc at varnish-cache.org
Subject: Varnishlog and Splunk

Hello,

Has anyone had any experience of putting output from varnishlog into Splunk? My experience of Splunk so far has involved access log type sources with events on separate lines, which is obviously quite different to what comes out of varnishlog.

If there's any prior art it would interesting to hear.

Thanks,
Graham.



----------------------------

http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.

---------------------

This email was sent to you by Thomson Reuters, the global news and information company. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Thomson Reuters.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20130430/f029e1dd/attachment.html>

More information about the varnish-misc mailing list