We are using a RabbitMQ server (amqp) as data source. Our previous experiments led us to the Splunk AMQP Messaging Modular Input add-on and we have already received messages.
The RabbitMQ server is supplied on the other side by a Linux Syslog-ng service. This creates the AMQP message as follows.
An AMQP message is sent in which all relevant data are fed into the header data of the message properties.
DATE: Oct 6 14:10:06
MESSAGE: syslog-ng starting up; version='3.5.6'
The payload or message body of the message, on the other hand, is empty. Splunk does not interpret this data easily.
We need the information as Splunk must be configured to correctly interpret the AMQP messages / Best practices if the application is known.
... View more