- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Connect your Splunk log monitoring to be able to:
To receive your reports from Splunk into Datadog, you need to have the datadog
python library installed on your splunk server:
pip install datadog
Once it is done, get your api key and an application key and drop the following dog-splunk.sh
script into $SPLUNK_HOME/bin/scripts
export API_KEY=YOURAPIKEYHERE
export APP_KEY=YOURAPPKEYHERE
dog --api-key $API_KEY --application-key $APP_KEY event post \
"Found $SPLUNK_ARG_1 events in splunk" \
"Matching $SPLUNK_ARG_2 based on $SPLUNK_ARG_5," \
" from report $SPLUNK_ARG_4. More details at $SPLUNK_ARG_6." \
--aggregation_key $SPLUNK_ARG_3 --type splunk
Make sure the script is executable and owned by the splunk
user and group.
Once the script is in place, create a new report or navigate to an existing report. Click the Edit Schedule and check the checkbox to Schedule the Report. When you get to the option to Run a Script, enter dog-splunk.sh
in the Filename textbox. Click Save and you should see the results start appearing in your Event Stream.
If you see an error code on each run of runshellscript
in splunkd.log
, try adding > dog_splunk_trace.txt 2>&1
to the end of the last command. This creates a $SPLUNK_HOME/etc/apps/search/bin/dog_splunk_trace.txt
file, which provides more detail about the problem.
If the trace file has something like the usage help for the dog
command followed by dog: error: unrecognized arguments: OR failed OR severe
, add single quotes around \$SPLUNK_ARG_3
on the last line.
If the trace file includes a Traceback that ends with pkg_resources.DistributionNotFound
or something similar, add three unset
s to the top of your dog-splunk.sh
script:
#!/bin/bash
unset PYTHONHOME
unset PYTHONPATH
unset LD_LIBRARY_PATH
export API_KEY=YOURAPIKEYHERE
export APP_KEY=YOURAPPKEYHERE
dog --api-key $API_KEY --application-key $APP_KEY event post \
"Found $SPLUNK_ARG_1 events in splunk" \
"Matching $SPLUNK_ARG_2 based on $SPLUNK_ARG_5," \
" from report $SPLUNK_ARG_4. More details at $SPLUNK_ARG_6." \
--aggregation_key $SPLUNK_ARG_3 --type splunk
The script file uses variables made available by Splunk. If you would like to customize the message, see the following table of variables:
$SPLUNK_ARG_0 | Script Name |
$SPLUNK_ARG_1 | Number of events returned |
$SPLUNK_ARG_2 | Search terms |
$SPLUNK_ARG_3 | Fully qualified query string |
$SPLUNK_ARG_4 | Name of saved search |
$SPLUNK_ARG_5 | Trigger reason (for example, “The number of events was greater than 1”) |
$SPLUNK_ARG_6 | Browser URL to view the saved search |
$SPLUNK_ARG_7 | option removed in version 3.6 |
$SPLUNK_ARG_8 | File in which the results for this search are stored (contains raw results) |
You can modify the text of the events by for example using datadog’s @mention to notify people of these reports.
This documentation verified on October 28, 2015 using the Splunk Enterprise AMI on AWS