A logging handler for Splunk. Lets you send information to Splunk directly from your Python code.

Splunk logger

A logging handler for Splunk. Lets you send information to Splunk directly from your Python code.

Usage

Make sure you replace the *** with your credentials and specific API domainand run:

import loggingfrom splunk_logger import SplunkLoggerACCESS_TOKEN = '***'PROJECT_ID = '***'API_DOMAIN = 'api-***.data.splunkstorm.com'splunk_logger = SplunkLogger(access_token=ACCESS_TOKEN,                             project_id=PROJECT_ID,                             api_domain=API_DOMAIN)logging.getLogger('').addHandler(splunk_logger)logging.error('This is sent to splunk')

After a couple of seconds of waiting for Splunk to process the new information,you should be able to see something like this in the web interface:

{    data : "This is sent to splunk",    level : "ERROR",    line : 1,    module : "<stdin>"}

When using the code in a real Python program, and not from the python console,the real line number and module name are used.

Configuration file

It is always a good idea to avoid hardcoded credentials in your source code.The module can fetch the credentials from a YAML file in the current directoryor the user's home. The filename is named .splunk_logger and has the followingformat:

credentials:    project_id: ***    access_token: ***    api_domain: api-***.data.splunkstorm.com

Once the file is in place, you can use the module as follows:

import loggingfrom splunk_logger import SplunkLogger# No credentials specified heresplunk_logger = SplunkLogger()logging.getLogger('').addHandler(splunk_logger)logging.error('This is sent to splunk')

Configuration through environment variables

Another configuration source accepted by splunk logger is environment variables.Once again, you can use them to avoid hard-coding credentials in the source code:

• SPLUNK_PROJECT_ID
• SPLUNK_ACCESS_TOKEN
• SPLUNK_API_DOMAIN

Enhancements

There are a couple of things which could be improved in this module

• The logger could be refactored to send the messages in an async manner,this will make logging.foo() calls return immediately instead of waitingfor the log message to be sent.
• Send messages in batches

Pull requests are more than welcome!

References

This package implements communication with Storm Splunk as specified here .

Reporting bugs

Report your issues and feature requests in Splunk Logger's issuetracker and I'llbe more than glad to fix them.

Change log

• 30 Jun 2014: User needs to specify API endpoint domain. Fixes #2