Docs ยป Supported integrations in Splunk Observability Cloud ยป Configure application receivers for databases ยป Logparser

Logparser ๐Ÿ”—

Caution

Smart Agent monitors are being deprecated. To tail log files use the OpenTelemetry Collector and the Telegraf Tail Input plugin . See how in Monitor services with Telegraf Input plugins and OpenTelemetry.

The Splunk Distribution of the OpenTelemetry Collector uses the Smart Agent receiver with the telegraf/logparser monitor type to tail log files.

This integration is based on the Telegraf logparser plugin, and all emitted metrics have the plugin dimension set to telegraf-logparser.

Benefits ๐Ÿ”—

After you configure the integration, you can access these features:

Installation ๐Ÿ”—

Follow these steps to deploy this integration:

  1. Deploy the Splunk Distribution of the OpenTelemetry Collector to your host or container platform:

  2. Configure the integration, as described in the Configuration section.

  3. Restart the Splunk Distribution of the OpenTelemetry Collector.

Configuration ๐Ÿ”—

To use this integration of a Smart Agent monitor with the Collector:

  1. Include the Smart Agent receiver in your configuration file.

  2. Add the monitor type to the Collector configuration, both in the receiver and pipelines sections.

Example ๐Ÿ”—

To activate this integration, add the following to your Collector configuration:

receivers:
  smartagent/logparser:
    type: telegraf/logparser
    ...  # Additional config

To complete the integration, include this monitor type as a member of a logs pipeline. Use the SignalFx exporter to make event submission requests. Use the Resource Detection processor to ensure that host identity and other useful information is made available as event dimensions. For example:

service:
  pipelines:
    logs:
      receivers:
        - smartagent/logparser
      processors:
        - resourcedetection
      exporters:
        - signalfx

The following example shows a sample YAML configuration:

receivers:
  smartagent/logparser:
    type: telegraf/logparser
    files:
     - '$file'
    watchMethod: poll
    # Specifies the file watch method ("inotify" or "poll").
    fromBeginning: true
    # Specifies to read from the beginning.
    measurementName: test-measurement
    # This is the metric name prefix.
    patterns:
     - "%{COMMON_LOG_FORMAT}"
    # Specifies the Apache Common Log Format (CLF).
    timezone: UTC

Configuration options ๐Ÿ”—

The following table shows the configuration options for this monitor type:

Option

Required

Type

Description

files

yes

list of strings

Paths to files to be tailed

watchMethod

no

string

Method for watching changes to files (โ€œinotifyโ€ or โ€œpollโ€). The

default value is poll.

fromBeginning

no

bool

Whether to start tailing from the beginning of the file. The

default value is false.

measurementName

no

string

Name of the measurement

patterns

no

list of strings

A list of patterns to match.

namedPatterns

no

list of strings

A list of named grok patterns to match.

customPatterns

no

string

Custom grok patterns. (grok only)

customPatternFiles

no

list of strings

List of paths to custom grok pattern files.

timezone

no

string

Specifies the timezone. The default is UTC time. Other options

are Local for the local time on the machine, UTC, and Canada/Eastern (unix style timezones).

Metrics ๐Ÿ”—

The Splunk Distribution of OpenTelemetry Collector does not do any built-in filtering of metrics coming out of this monitor type.

Troubleshooting ๐Ÿ”—

If you are a Splunk Observability Cloud customer and are not able to see your data in Splunk Observability Cloud, you can get help in the following ways.

Available to Splunk Observability Cloud customers

Available to prospective customers and free trial users

  • Ask a question and get answers through community support at Splunk Answers .

  • Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups in the Get Started with Splunk Community manual.

This page was last updated on Dec 09, 2024.