Getting Data In

Do we read log data from inmemory?

Yamini
New Member

I would like to write log data to java inmemory using Memory Handlers in Java Application. Can we read these log data from java application?

Thanks,
Mini

Tags (1)
0 Karma
1 Solution

dwaddle
SplunkTrust
SplunkTrust

So generally the answer here is a resounding "no you cannot." Remember that on almost all modern operating systems, the kernel enforces a process boundary wall. It is not trivial for process 1 to reach over, under, or around that wall to read the memory of your Java process.

Yes, there is the concept of SYSV shared memory or memory mapped files - but these generally require lots of coordination and agreement between processes so that locks are taken when the shared memory is being updated and so that the layout of the shared memory is understood and makes sense to both processes. The layout of the Java heap and in-memory objects is not entirely clear to non-Java processes and different JVMs format both heaps and objects differently!

It is just too much to ask Splunk to be able to yoink log events out of the address space of another process. Write them to a file, or a socket, or use the HTTP event collector and a log4j output .. just not memory, please.

(It is also entirely possible I have misunderstood your question)

View solution in original post

Yamini
New Member

Thank you for reply.

I have heard that we have splunkjavalogging library. which may solve my problem.

Why I am going for memory is, for some conerns I could not write logs to file.

Using SplunkLogging we can directly write logs to Splunk sever.

Thanks & Regards,
Yamini

0 Karma

dwaddle
SplunkTrust
SplunkTrust

So generally the answer here is a resounding "no you cannot." Remember that on almost all modern operating systems, the kernel enforces a process boundary wall. It is not trivial for process 1 to reach over, under, or around that wall to read the memory of your Java process.

Yes, there is the concept of SYSV shared memory or memory mapped files - but these generally require lots of coordination and agreement between processes so that locks are taken when the shared memory is being updated and so that the layout of the shared memory is understood and makes sense to both processes. The layout of the Java heap and in-memory objects is not entirely clear to non-Java processes and different JVMs format both heaps and objects differently!

It is just too much to ask Splunk to be able to yoink log events out of the address space of another process. Write them to a file, or a socket, or use the HTTP event collector and a log4j output .. just not memory, please.

(It is also entirely possible I have misunderstood your question)

Rob
Splunk Employee
Splunk Employee

How do you normally access the log data in-memory? Do you pipe it STDOUT? or is there a file that is eventually generated? Also, what do you do when the application/host unexpectedly fails to keep the log files for troubleshooting?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...