Send logs to Splunk
Configure the Kong Splunk Log plugin to forward request logs to a Splunk instance.
Prerequisites
-
The Kong Splunk Log plugin is installed.
-
You have a Splunk access token.
-
The
SPLUNK_HOSTenvironment variable is set in the environment and added tonginx.conf.
Environment variables
-
SPLUNK_ENDPOINT: The Splunk collector endpoint. For example,https://hec-splunk.company.com/services/collector. -
SPLUNK_TOKEN: Your Splunk access token.
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: kong-splunk-log
config:
splunk_endpoint: ${{ env "DECK_SPLUNK_ENDPOINT" }}
splunk_access_token: ${{ env "DECK_SPLUNK_TOKEN" }}
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
Make the following request:
curl -i -X POST http://localhost:8001/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "kong-splunk-log",
"config": {
"splunk_endpoint": "'$SPLUNK_ENDPOINT'",
"splunk_access_token": "'$SPLUNK_TOKEN'",
"method": "POST",
"content_type": "application/json",
"timeout": 10000,
"retry_count": 5,
"queue_size": 20,
"flush_timeout": 30,
"keepalive": 60000
}
}
'
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: kong-splunk-log
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
labels:
global: 'true'
config:
splunk_endpoint: '$SPLUNK_ENDPOINT'
splunk_access_token: '$SPLUNK_TOKEN'
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
plugin: kong-splunk-log
" | kubectl apply -f -
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_kong_splunk_log" "my_kong_splunk_log" {
enabled = true
config = {
splunk_endpoint = var.splunk_endpoint
splunk_access_token = var.splunk_token
method = "POST"
content_type = "application/json"
timeout = 10000
retry_count = 5
queue_size = 20
flush_timeout = 30
keepalive = 60000
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "splunk_token" {
type = string
}
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: kong-splunk-log
service: serviceName|Id
config:
splunk_endpoint: ${{ env "DECK_SPLUNK_ENDPOINT" }}
splunk_access_token: ${{ env "DECK_SPLUNK_TOKEN" }}
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "kong-splunk-log",
"config": {
"splunk_endpoint": "'$SPLUNK_ENDPOINT'",
"splunk_access_token": "'$SPLUNK_TOKEN'",
"method": "POST",
"content_type": "application/json",
"timeout": 10000,
"retry_count": 5,
"queue_size": 20,
"flush_timeout": 30,
"keepalive": 60000
}
}
'
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: kong-splunk-log
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
splunk_endpoint: '$SPLUNK_ENDPOINT'
splunk_access_token: '$SPLUNK_TOKEN'
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
plugin: kong-splunk-log
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the service resource:
kubectl annotate -n kong service SERVICE_NAME konghq.com/plugins=kong-splunk-log
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_kong_splunk_log" "my_kong_splunk_log" {
enabled = true
config = {
splunk_endpoint = var.splunk_endpoint
splunk_access_token = var.splunk_token
method = "POST"
content_type = "application/json"
timeout = 10000
retry_count = 5
queue_size = 20
flush_timeout = 30
keepalive = 60000
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
service = {
id = konnect_gateway_service.my_service.id
}
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "splunk_token" {
type = string
}
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: kong-splunk-log
route: routeName|Id
config:
splunk_endpoint: ${{ env "DECK_SPLUNK_ENDPOINT" }}
splunk_access_token: ${{ env "DECK_SPLUNK_TOKEN" }}
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "kong-splunk-log",
"config": {
"splunk_endpoint": "'$SPLUNK_ENDPOINT'",
"splunk_access_token": "'$SPLUNK_TOKEN'",
"method": "POST",
"content_type": "application/json",
"timeout": 10000,
"retry_count": 5,
"queue_size": 20,
"flush_timeout": 30,
"keepalive": 60000
}
}
'
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: kong-splunk-log
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
splunk_endpoint: '$SPLUNK_ENDPOINT'
splunk_access_token: '$SPLUNK_TOKEN'
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
plugin: kong-splunk-log
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the httproute or ingress resource:
kubectl annotate -n kong httproute konghq.com/plugins=kong-splunk-log
kubectl annotate -n kong ingress konghq.com/plugins=kong-splunk-log
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_kong_splunk_log" "my_kong_splunk_log" {
enabled = true
config = {
splunk_endpoint = var.splunk_endpoint
splunk_access_token = var.splunk_token
method = "POST"
content_type = "application/json"
timeout = 10000
retry_count = 5
queue_size = 20
flush_timeout = 30
keepalive = 60000
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
route = {
id = konnect_gateway_route.my_route.id
}
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "splunk_token" {
type = string
}