- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi team,
I am very new to Splunk usage, just started using it recently.
we are consuming around 60+ integration APIs in our Application.
Whenever any API fails the logs should print with API name+error in Splunk logs, How to achieve it?
Example- Getcustomerdetails failed with 500 error
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It sounds like you need the application team to explain what the logs mean and where you can extract the information from the logs that you are interested in. If it isn't already in the logs, then there may be some development work required by the application team to make it present in the logs.
Ideally, you need to understand the data you are dealing with.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Logs produced by your application can be ingested into Splunk. As part of the ingestion process, these logs are given a timestamp and fields from the log entries can be extracted. You can also extract fields as part of the search process. You can use Splunk to search your logs for the failures you mention and extract the API name from the logs (assuming it is in the log data). You can use these searches in dashboards, report and alerts, etc.
How far have you got with using Splunk? Do you have your application logs already being ingested into Splunk or are you looking for information about how to do this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ITWhisperer thank you for the reply.
Yes, the logs have been ingested but we need to populate the API field name in the logs.
Do we need any developer who understands the API-consuming application or a Splunk team can refine this requirement in the Splunk logs based on the data ingested as mentioned below?
Please advise
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It sounds like you need the application team to explain what the logs mean and where you can extract the information from the logs that you are interested in. If it isn't already in the logs, then there may be some development work required by the application team to make it present in the logs.
Ideally, you need to understand the data you are dealing with.