Hello, Excerpts from Graham Lyons's message of 2013-04-25 12:16:01 +0200: > > Has anyone had any experience of putting output from varnishlog into > Splunk? My experience of Splunk so far has involved access log type > sources with events on separate lines, which is obviously quite different > to what comes out of varnishlog. > > If there's any prior art it would interesting to hear.
I have no experience with splunk, but I know such a plugin has been added to logstash recently: https://github.com/logstash/logstash/pull/422 Leaving the splunk vs logstash debate for another time, what I'd like to point out is that the way it was done for logstash is probably the way to go for splunk too: grab the varnish API bindings for your favorite language and directly push the logs to splunk as structured data, instead of trying to parse and recompose the multi-line output of varnishlog. Cheers, Marc _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
