Solved: Send files from to Splunk server from Jenkins

bp1980 · ‎04-09-2019

Hello,

I want to send report files which is in XML format from Jenkins to Splunk server. I am using Jenkins send files to Splunk server option. In Splunk i see that as Jenkins looks for Json format parsing of the files will fail.
Is there any way to send the files ?
Can I use curl commands to send the files?

jeffland · ‎04-15-2019

Generally, to transfer data to Splunk from a separate host a preferred method is deploying the Splunk Universal Forwarder on the originating machine. This will allow you to monitor files and directories using forwarder-local inputs and send the contents to your Splunk instance. Find a step-by-step instruction on everything you need to do here. You'll probably want to make yourself familiar with source types as those are used to tell Splunk how to interpret your data and you'll need to set a sourcetype for your inputs. For example, you might have to or want to define how to determine the timestamp of your events.
However, there are many apps and add ons available available on splunkbase.com which can contain predefined sourcetypes and helpful dashboards for analysis and more, from people who have already done what you want to do, or sometimes even straight from vendors. You might want to check out this particular app which might contain what you are looking for (I haven't looked at it, it just came up searching for jenkins).
If it doesn't cover your use case, it might be a good idea to download one of the report files you are interested in onto your local machine and use the Upload method in Settings > Add Data. This will give you a preview of your settings for the file and allow you to configure the sourcetype in the UI. If you have any trouble, feel free to ask further and more specific questions, or check out the splunk slack channels at splk.it/slack.

View solution in original post

gunag · ‎02-28-2020

how to get the logs from bitbucket to splunk, help me how to configure that in Splunk cloud free trial version

jeffland · ‎04-15-2019

Generally, to transfer data to Splunk from a separate host a preferred method is deploying the Splunk Universal Forwarder on the originating machine. This will allow you to monitor files and directories using forwarder-local inputs and send the contents to your Splunk instance. Find a step-by-step instruction on everything you need to do here. You'll probably want to make yourself familiar with source types as those are used to tell Splunk how to interpret your data and you'll need to set a sourcetype for your inputs. For example, you might have to or want to define how to determine the timestamp of your events.
However, there are many apps and add ons available available on splunkbase.com which can contain predefined sourcetypes and helpful dashboards for analysis and more, from people who have already done what you want to do, or sometimes even straight from vendors. You might want to check out this particular app which might contain what you are looking for (I haven't looked at it, it just came up searching for jenkins).
If it doesn't cover your use case, it might be a good idea to download one of the report files you are interested in onto your local machine and use the Upload method in Settings > Add Data. This will give you a preview of your settings for the file and allow you to configure the sourcetype in the UI. If you have any trouble, feel free to ask further and more specific questions, or check out the splunk slack channels at splk.it/slack.

bp1980 · ‎04-16-2019

Hello,
I tried to send xml file using splunk app for Jenkins but its not working. Its only parsing Jenkins configuration xml file and not user defined xml file.

bp1980 · ‎04-17-2019

Hello,
xml file sent from Jenkins has below format. When this file is sent via Jenkins, splunk consider it as json format as it sent by Jenkins and trows error during parsing.

I have removed the < from be-gaining.

section name="Test Reports" fontcolor="black">
table>
tr>
td title="TestName" value="test case 1"/>
td title ="Result" value="SUCCESS" />
td title="Info" value="Test run sucess"/>
/tr>
/table>
/section>

jeffland · ‎04-17-2019

Please use the code formatting option to paste code (including xml), otherwise it will get mangled by the answers forum autoformat. Leave a blank line and indent every line by four spaces.
I'm guessing from what is available there. Find help on the settings below in the props.conf docs (these settings reside in props.conf). First of all, your events are multi-line, so you need a custom line breaker. The reports don't seem to have a timestamp, so we'll use the file modification time. Also, you are probably interested in the fields TestName, Result and Info. I'm assuming your reports always look like this (meaning there are no other fields). Your sourcetype would look like this:

[jenkins_user_defined_report]
LINE_BREAKER = /section>(\s*)
SHOULD_LINEMERGE = false
DATETIME_CONFIG = NONE
EXTRACT-testname = TestName"\svalue="(?<TestName>[^"]+)"
EXTRACT-result= Result"\svalue="(?<Result>[^"]+)"
EXTRACT-info = Info"\svalue="(?<Info>[^"]+)"
KV_MODE = none

You'll need to define these on your central splunk instance and set your input to use this sourcetype on the forwarder for everything to work.

jeffland · ‎04-16-2019

As I said, things might be available on splunkbase if someone has worked on the same thing and published their work there. If you're working with a user defined xml file, you will probably have to create a sourcetype and some SPL for analysis yourself. Feel free to provide sanitized sample data and we'll help you with that.

bp1980 · ‎04-15-2019

Does anyone know how to send files.

Send files from to Splunk server from Jenkins

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!