Package io.quarkiverse.logging.splunk

Class SplunkConfig

  • @ConfigRoot(phase=RUN_TIME,
            name="log.handler.splunk")
public class SplunkConfig
extends Object
    Configuration for Splunk HEC logging

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  SplunkConfig.SendMode
      Mirrors com.splunk.logging.HttpEventCollectorSender.SendMode

    • Field Summary

      Fields 
      Modifier and Type Field Description
      Duration batchInterval
      Batching delay before sending a group of events.
      long batchSizeBytes
      Maximum total size in bytes of events in a batch.
      long batchSizeCount
      Maximum number of events in a batch.
      Optional<String> channel
      A GUID to identify an HEC client and guarantee isolation at HEC level in case of slow clients.
      boolean disableCertificateValidation
      Disable TLS certificate validation with HEC endpoint
      boolean enabled
      Determine whether to enable the handler
      String format
      The log format, defining which metadata are inlined inside the log main payload.
      boolean includeException
      Whether to send the thrown exception message as a structured metadata of the log event (as opposed to %e in a formatted message, it does not include the exception name or stacktrace)
      boolean includeLoggerName
      Whether to send the logger name as a structured metadata of the log event (equivalent of %c in a formatted message)
      boolean includeThreadName
      Whether to send the thread name as a structured metadata of the log event (equivalent of %t in a formatted message)
      Level level
      The splunk handler log level.
      long maxRetries
      Maximum number of retries in case of I/O exceptions with HEC connection.
      Optional<String> metadataHost
      Overrides the host name metadata value.
      Optional<String> metadataIndex
      The optional name of the index by which the event data is to be stored.
      Optional<String> metadataSource
      The source value to assign to the event data.
      String metadataSourceType
      The source type value to assign to the event data https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/FormateventsforHTTPEventCollector#Event_metadata
      SplunkConfig.SendMode sendMode
      The strategy to send events to HEC.
      Optional<String> token
      The application token to authenticate with HEC, the token is mandatory if the extension is enabled https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/FormateventsforHTTPEventCollector#HEC_token
      String url
      Splunk HEC endpoint base url.

    • Constructor Summary

      Constructors 
      Constructor Description
      SplunkConfig()  

    • Field Detail

      • enabled

        @ConfigItem(defaultValue="true")
public boolean enabled
        Determine whether to enable the handler

      • level

        @ConfigItem(defaultValue="ALL")
public Level level
        The splunk handler log level. By default it is not more strict than the root handler level.

      • url

        @ConfigItem(defaultValue="https://localhost:8088/")
public String url
        Splunk HEC endpoint base url.

        The actual endpoint is expected at path /services/collector/events/1.0

      • disableCertificateValidation

        @ConfigItem(defaultValue="false")
public boolean disableCertificateValidation
        Disable TLS certificate validation with HEC endpoint

      • token

        @ConfigItem
public Optional<String> token
        The application token to authenticate with HEC, the token is mandatory if the extension is enabled https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/FormateventsforHTTPEventCollector#HEC_token

      • sendMode

        @ConfigItem(defaultValue="sequential")
public SplunkConfig.SendMode sendMode
        The strategy to send events to HEC.

        In sequential mode, there is only one HTTP connection to HEC and the order of events is preserved, but performance is lower. In parallel mode, event batches are sent asynchronously over multiple HTTP connections, and events with the same timestamp (that has 1 millisecond resolution) may be indexed out of order by Splunk.

      • channel

        @ConfigItem
public Optional<String> channel
        A GUID to identify an HEC client and guarantee isolation at HEC level in case of slow clients. https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/AboutHECIDXAck#About_channels_and_sending_data

      • batchInterval

        @ConfigItem(defaultValue="10s")
public Duration batchInterval
        Batching delay before sending a group of events. If 0, the events are sent immediately.

      • batchSizeCount

        @ConfigItem(defaultValue="10")
public long batchSizeCount
        Maximum number of events in a batch. By default 10, if 0 no batching.

      • batchSizeBytes

        @ConfigItem(defaultValue="10")
public long batchSizeBytes
        Maximum total size in bytes of events in a batch. By default 10KB, if 0 no batching.

      • maxRetries

        @ConfigItem(defaultValue="0")
public long maxRetries
        Maximum number of retries in case of I/O exceptions with HEC connection.

      • format

        @ConfigItem(defaultValue="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n")
public String format
        The log format, defining which metadata are inlined inside the log main payload.

        Specific metadata (hostname, category, thread name, ...), as well as MDC key/value map, can also be sent in a structured way.

      • includeException

        @ConfigItem(defaultValue="false")
public boolean includeException
        Whether to send the thrown exception message as a structured metadata of the log event (as opposed to %e in a formatted message, it does not include the exception name or stacktrace)

      • includeLoggerName

        @ConfigItem(defaultValue="false")
public boolean includeLoggerName
        Whether to send the logger name as a structured metadata of the log event (equivalent of %c in a formatted message)

      • includeThreadName

        @ConfigItem(defaultValue="false")
public boolean includeThreadName
        Whether to send the thread name as a structured metadata of the log event (equivalent of %t in a formatted message)

      • metadataHost

        @ConfigItem(defaultValueDocumentation="The equivalent of %h in a formatted message")
public Optional<String> metadataHost
        Overrides the host name metadata value.

      • metadataSource

        @ConfigItem
public Optional<String> metadataSource
        The source value to assign to the event data. For example, if you're sending data from an app you're developing, you could set this key to the name of the app. https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/FormateventsforHTTPEventCollector#Event_metadata

      • metadataSourceType

        @ConfigItem(defaultValue="_json")
public String metadataSourceType
        The source type value to assign to the event data https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/FormateventsforHTTPEventCollector#Event_metadata

        A given source type may have indexed fields extraction enabled, which is the case of the default built-in _json.

      • metadataIndex

        @ConfigItem
public Optional<String> metadataIndex
        The optional name of the index by which the event data is to be stored. If set, it must be within the list of allowed indexes of the token (if it has the indexes parameter set). https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/FormateventsforHTTPEventCollector#Event_metadata

    • Constructor Detail

      • SplunkConfig

        public SplunkConfig()