Forwarding logs to the Splunk Server
This section describes how to enable PCF to forward the logs to the Splunk server.
Splunk is a third-party monitoring application that stores the log files and provides index-based search capability. You can configure PCF to send the logs securely to a Splunk server which could be an external server.
Important | The Splunk server is a third-party component. Cisco does not take the responsibility of installing, configuring, or maintaining this server. |
Use the following configuration to forward the logs to the Splunk server.
config
debug splunk
batch-count no_events_batch
batch-interval-msbatch_interval_ms
batch-size-bytes batch_size
hec-tokenhec_token
hec-url hec_url
end
The following is an example configuration:
configure
debug splunk hec-url https://splunk.10.86.73.80.nip.io:8088
debug splunk hec-token 68a81ab4-eae9-4361-92ea-b948f31d26ef
debug splunk batch-interval-ms 100
debug splunk batch-count 10
debug splunk batch-size-bytes 102400
end
NOTES:
-
debug splunk – Enters the configuration debug mode.
-
batch-count no_events_batch – Specifies the maximum number of events to be sent in each batch.
-
batch-interval-ms batch_interval_ms – Configures the interval in milliseconds at which a batch event is sent.
-
batch-size-bytes batch_size – Specifies the maximum size in bytes of each batch of events.
-
hec-token hec_token – Indicates the HTTP Event Collector (HEC) token for the Splunk server.
-
hec-url hec_url – Configures the protocol, hostname, and HTTP Event Collector port of the Splunk server. The default port is 8088.