Hi Graham,
Splunk didn’t care with separate lines or not, it’s all about regexp. You can
setup your Splunk events by adding any separator you want. It can be a line
feeds or any separator (ReqStart/ReqEnd)
Currently, we’re fetching records (about 10 lines for each record) using Splunk
without any issues.
However, I will suggest you to use varnishncsa instead of varnishlog because
the main purpose of ncsa is to write one line for each requests. You can setup
the “-F “ option to add more HTTP headers if needed.
Jonathan Huot
Phone: +33(0)1.47.62.78.65
From: [email protected]
[mailto:[email protected]] On Behalf Of Graham Lyons
Sent: jeudi 25 avril 2013 12:16
To: [email protected]
Subject: Varnishlog and Splunk
Hello,
Has anyone had any experience of putting output from varnishlog into Splunk? My
experience of Splunk so far has involved access log type sources with events on
separate lines, which is obviously quite different to what comes out of
varnishlog.
If there's any prior art it would interesting to hear.
Thanks,
Graham.
----------------------------
http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and may contain personal
views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on
it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.
---------------------
This email was sent to you by Thomson Reuters, the global news and information
company. Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be the views of
Thomson Reuters.
_______________________________________________
varnish-misc mailing list
[email protected]
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
