topic Parsing logs from Python Docker container sent to Splunk HEC in Splunk Dev https://community.splunk.com/t5/Splunk-Dev/Parsing-logs-from-Python-Docker-container-sent-to-Splunk-HEC/m-p/429318#M7674 <P>I'm sending all my docker containers logs to my local Splunk server.</P> <P>One of these containers is running a Python server (using Flask/nginx).</P> <P>For debugging and log file reasons, my Python logs are foramtted with a standard line: <CODE>%(asctime)s - %(name)s - %(levelname)s - %(message)s</CODE></P> <P>I can see the log line clearly in Splunk, however, I would also want to parse the timestamp, log-level etc. In addition, it seems that stack traces are split to multiple messages.</P> <P><IMG src="https://i.stack.imgur.com/RKsdD.png" alt="screenshot" /></P> <P>Note that not all messages from the host sent to this server are from Python, but the other ones don't require additional formatting.</P> <P>So:</P> <UL> <LI><P>How can I configure Splunk to parse my messages according to my log format?</P></LI> <LI><P>How can I merge the stack trace logs to a single message (I'm guessing that it should be done on consuming)</P></LI> <LI><P>Can I define formatting for the Python messages without damaging the 'other' messages?</P></LI> </UL> Thu, 18 Oct 2018 15:54:41 GMT reallyliri 2018-10-18T15:54:41Z Parsing logs from Python Docker container sent to Splunk HEC https://community.splunk.com/t5/Splunk-Dev/Parsing-logs-from-Python-Docker-container-sent-to-Splunk-HEC/m-p/429318#M7674 <P>I'm sending all my docker containers logs to my local Splunk server.</P> <P>One of these containers is running a Python server (using Flask/nginx).</P> <P>For debugging and log file reasons, my Python logs are foramtted with a standard line: <CODE>%(asctime)s - %(name)s - %(levelname)s - %(message)s</CODE></P> <P>I can see the log line clearly in Splunk, however, I would also want to parse the timestamp, log-level etc. In addition, it seems that stack traces are split to multiple messages.</P> <P><IMG src="https://i.stack.imgur.com/RKsdD.png" alt="screenshot" /></P> <P>Note that not all messages from the host sent to this server are from Python, but the other ones don't require additional formatting.</P> <P>So:</P> <UL> <LI><P>How can I configure Splunk to parse my messages according to my log format?</P></LI> <LI><P>How can I merge the stack trace logs to a single message (I'm guessing that it should be done on consuming)</P></LI> <LI><P>Can I define formatting for the Python messages without damaging the 'other' messages?</P></LI> </UL> Thu, 18 Oct 2018 15:54:41 GMT https://community.splunk.com/t5/Splunk-Dev/Parsing-logs-from-Python-Docker-container-sent-to-Splunk-HEC/m-p/429318#M7674 reallyliri 2018-10-18T15:54:41Z