Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Nifi 0.7 putsplunk processor to send log files to splunk for nifi alerts?

Labels:
avatar
author-rank bigspark
Expert Contributor

Created ‎08-23-2016 11:04 AM

Iam new to Alerting & Monitoring. If we want to setup alerts for nifi using splunk can we use putsplunk nifi processor or send log files directly to splunk?

Currently we are having applications use splunk where they send the log files directly to splunk for alerting. Which is the effective way to acheive monitoring and alerting for nifi using splunk? Thank you

3,208 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank bbende author-rank
Master Guru

Created ‎08-23-2016 02:49 PM

You probably have a couple of options...

I don't think you want the same NiFi instance that is running your main dataflow, also using PutSplunk to monitor itself. If you had TailFile -> PutSplunk, where TailFile was tailing the same instance, it would potentially create a cycle where the more your tailed and sent to splunk, the more logs produced, the more you tailed, the more logs you produced, etc.

I would suggest a second NiFi instance (maybe even the MiNiFi Java agent) to monitor the logs of the main instance.

Another possibly simpler solution... configure the NiFi logback.xml to add a UDP/TCP appender that can send logs to Splunk. This way anything NiFi logs to nifi-app.log will get forwarded to Splunk.

Last option, slightly different than logging, NiFi has a concept called a ReportingTask that can be used send metrics and statistics to other systems. If that was the information you were interested in, you could implement a custom ReportingTask to send data to Splunk.

View solution in original post

2,510 Views
4 REPLIES 4

avatar
author-rank bbende author-rank
Master Guru

Created ‎08-23-2016 02:49 PM

You probably have a couple of options...

I don't think you want the same NiFi instance that is running your main dataflow, also using PutSplunk to monitor itself. If you had TailFile -> PutSplunk, where TailFile was tailing the same instance, it would potentially create a cycle where the more your tailed and sent to splunk, the more logs produced, the more you tailed, the more logs you produced, etc.

I would suggest a second NiFi instance (maybe even the MiNiFi Java agent) to monitor the logs of the main instance.

Another possibly simpler solution... configure the NiFi logback.xml to add a UDP/TCP appender that can send logs to Splunk. This way anything NiFi logs to nifi-app.log will get forwarded to Splunk.

Last option, slightly different than logging, NiFi has a concept called a ReportingTask that can be used send metrics and statistics to other systems. If that was the information you were interested in, you could implement a custom ReportingTask to send data to Splunk.

2,511 Views

avatar
author-rank pradhumankumar_
Rising Star

Created ‎02-22-2017 11:12 AM

@Bryan Bende

Hi Bryan,

How to use logback.xml for logging into Splunk. Any suggestion or link or example would be helpful.

Thanks,

2,510 Views
0 Kudos

avatar
author-rank bbende author-rank
Master Guru

Created ‎02-22-2017 03:36 PM

You would need to setup an appender in logback.xml that could talk to a Splunk input. One example would be a SocketAppender to send to a TCP input in Splunk.

https://github.com/bbende/jsonevent-producer/blob/master/src/main/resources/logback.xml#L8-L11

2,510 Views
0 Kudos

avatar
author-rank pradhumankumar_
Rising Star

Created ‎02-23-2017 05:57 AM

@Bryan Thanks Bryn. I will try this and will let you know if this works or not.

2,510 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements