Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Splunk Handler is a Python Logger for sending logged events to an installation of Splunk Enterprise.
This logger requires the destination Splunk Enterprise server to have enabled and configured the Splunk HTTP Event Collector.
AWS Lambda has a custom implementation of Python Threading, and does not signal when the main thread exits. Because of this, it is possible to have Lambda halt execution while logs are still being processed. To ensure that execution does not terminate prematurely, Lambda users will be required to invoke splunk_handler.force_flush directly as the very last call in the Lambda handler, which will block the main thread from exiting until all logs have processed.
from splunk_handler import force_flush
def lambda_handler(event, context):
do_work()
force_flush() # Flush logs in a blocking manner
Pip:
pip install splunk_handler
Manual:
python setup.py install
from splunk_handler import SplunkHandler
Then use it like any other regular Python logging handler.
Example:
import logging
from splunk_handler import SplunkHandler
splunk = SplunkHandler(
host='splunk.example.com',
port='8088',
token='851A5E58-4EF1-7291-F947-F614A76ACB21',
index='main'
#allow_overrides=True # whether to look for _<param in log data (ex: _index)
#debug=True # whether to print module activity to stdout, defaults to False
#flush_interval=15.0, # send batch of logs every n sec, defaults to 15.0, set '0' to block thread & send immediately
#force_keep_ahead=True # sleep instead of dropping logs when queue fills
#hostname='hostname', # manually set a hostname parameter, defaults to socket.gethostname()
#protocol='http', # set the protocol which will be used to connect to the splunk host
#proxies={
# 'http': 'http://10.10.1.10:3128',
# 'https': 'http://10.10.1.10:1080',
# }, set the proxies for the session request to splunk host
#
#queue_size=5000, # a throttle to prevent resource overconsumption, defaults to 5000, set to 0 for no max
#record_format=True, whether the log format will be json
#retry_backoff=1, the requests lib backoff factor, default options will retry for 1 min, defaults to 2.0
#retry_count=5, number of retry attempts on a failed/erroring connection, defaults to 5
#source='source', # manually set a source, defaults to the log record.pathname
#sourcetype='sourcetype', # manually set a sourcetype, defaults to 'text'
#verify=True, # turn SSL verification on or off, defaults to True
#timeout=60, # timeout for waiting on a 200 OK from Splunk server, defaults to 60s
)
logging.getLogger('').addHandler(splunk)
logging.warning('hello!')
I would recommend using a JSON formatter with this to receive your logs in JSON format. Here is an open source one: https://github.com/madzak/python-json-logger
Sometimes it's a good idea to create a logging configuration using a Python dict
and the logging.config.dictConfig
function. This method is used by default in Django.
Here is an example dictionary config and how it might be used in a settings file:
import os
# Splunk settings
SPLUNK_HOST = os.getenv('SPLUNK_HOST', 'splunk.example.com')
SPLUNK_PORT = int(os.getenv('SPLUNK_PORT', '8088'))
SPLUNK_TOKEN = os.getenv('SPLUNK_TOKEN', '851A5E58-4EF1-7291-F947-F614A76ACB21')
SPLUNK_INDEX = os.getenv('SPLUNK_INDEX', 'main')
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'json': {
'()': 'pythonjsonlogger.jsonlogger.JsonFormatter',
'format': '%(asctime)s %(created)f %(exc_info)s %(filename)s %(funcName)s %(levelname)s %(levelno)s %(lineno)d %(module)s %(message)s %(pathname)s %(process)s %(processName)s %(relativeCreated)d %(thread)s %(threadName)s'
}
},
'handlers': {
'splunk': {
'level': 'DEBUG',
'class': 'splunk_handler.SplunkHandler',
'formatter': 'json',
'host': SPLUNK_HOST,
'port': SPLUNK_PORT,
'token': SPLUNK_TOKEN,
'index': SPLUNK_INDEX,
'sourcetype': 'json',
},
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
}
},
'loggers': {
'': {
'handlers': ['console', 'splunk'],
'level': 'DEBUG'
}
}
}
Then, do logging.config.dictConfig(LOGGING)
to configure your logging.
Note: I included a configuration for the JSON formatter mentioned above.
Here is an example file config, and how it might be used in a config file:
[loggers]
keys=root
[handlers]
keys=consoleHandler,splunkHandler
[formatters]
keys=simpleFormatter
[logger_root]
level=%(loglevel)s
handlers=consoleHandler,splunkHandler
[handler_consoleHandler]
class=StreamHandler
level=%(loglevel)s
formatter=simpleFormatter
args=(sys.stdout,)
[handler_splunkHandler]
class=splunk_handler.SplunkHandler
level=%(loglevel)s
formatter=simpleFormatter
args=('my-splunk-host.me.com', '', os.environ.get('SPLUNK_TOKEN_DEV', 'changeme'), 'my_index')
kwargs={'url':'https://my-splunk-host.me.com/services/collector/event', 'verify': False}
[formatter_simpleFormatter]
format=[%(asctime)s] %(levelname)s - %(module)s: %(message)s
datefmt=%m/%d/%Y %I:%M:%S %p %Z
This library uses the built-in retry logic from urllib3 (a retry counter and a backoff factor). Should the defaults not be desireable, you can find more information about how to best configure these settings in the urllib3 documentation.
Feel free to contribute an issue or pull request:
This project is licensed under the terms of the MIT license.
FAQs
A Python logging handler that sends your logs to Splunk
We found that splunk-handler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.