Pode icon indicating copy to clipboard operation
Pode copied to clipboard

Published 20 hours ago verified publisher icon Badgerati

Add Native Logging to Splunk

Open jbaechtelMT opened this issue 2 years ago • 3 comments

It would be great to have a logging option to write logs directly to Splunk

jbaechtelMT avatar Oct 06 '22 02:10 jbaechtelMT

Hi @jbaechtelMT,

Splunk I haven't considered before, but Azure Log Analytics and AWS Cloudwatch I've though about. I'll have to go through the Splunk docs some time :)

Badgerati avatar Oct 06 '22 18:10 Badgerati

Incase this helps, I have this test code to send data to Splunk when spinning up a copy in Docker (it's very particular about the datetime format):

$data = Get-Process | Select-Object name, id, cpu | Select-Object -First 10
$key = 'blah'
$Uri = "http://localhost:8088/services/collector"
$HostName = $env:computername
$DateTime = (Get-Date)
$unixEpochStart = New-Object -TypeName DateTime -ArgumentList 1970, 1, 1, 0, 0, 0, ([DateTimeKind]::Utc)
$unixEpochTime = [int]($DateTime.ToUniversalTime() - $unixEpochStart).TotalSeconds
$Body = ConvertTo-Json -InputObject @{event = $data; host = $HostName; time = $unixEpochTime } -Compress
Invoke-RestMethod -Uri $uri -Method Post -Headers @{Authorization = "Splunk $Key" } -Body $Body

robinmalik avatar Oct 10 '22 16:10 robinmalik

Having a handy logger function that could write logs async (so as not to block responses) would be really helpful. Maybe the end user could supply the function to process the logs. That would allow Splunk or whatever desired logger to work. Setting up and maintaining the runspace that would take in the logs would probably be handy for Pode to set up.

HeyItsGilbert avatar May 23 '24 01:05 HeyItsGilbert