Getting Data In

How to add API name in splunk logs

MS23
Explorer

Hi team,

I am very new to Splunk usage, just started using it recently.

we are consuming around 60+ integration APIs in our Application.

Whenever any API fails the logs should print with API name+error in Splunk logs, How to achieve it?

Example- Getcustomerdetails failed with 500 error

 

Labels (3)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust

It sounds like you need the application team to explain what the logs mean and where you can extract the information from the logs that you are interested in. If it isn't already in the logs, then there may be some development work required by the application team to make it present in the logs.

Ideally, you need to understand the data you are dealing with.

View solution in original post

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Logs produced by your application can be ingested into Splunk. As part of the ingestion process, these logs are given a timestamp and fields from the log entries can be extracted. You can also extract fields as part of the search process. You can use Splunk to search your logs for the failures you mention and extract the API name from the logs (assuming it is in the log data). You can use these searches in dashboards, report and alerts, etc.

How far have you got with using Splunk? Do you have your application logs already being ingested into Splunk or are you looking for information about how to do this?

MS23
Explorer

@ITWhisperer thank you for the reply.

Yes, the logs have been ingested but we need to populate the API field name in the logs.

Do we need any developer who understands the API-consuming application or a Splunk team can refine this requirement in the Splunk logs based on the data ingested as mentioned below?

Please advise

 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

It sounds like you need the application team to explain what the logs mean and where you can extract the information from the logs that you are interested in. If it isn't already in the logs, then there may be some development work required by the application team to make it present in the logs.

Ideally, you need to understand the data you are dealing with.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Request for Professional Development: Attending .conf26

Winning Over the Boss: Your Pass to .conf26 conf26 is going to be here before you know it. If don't already ...