Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Info
The feature is available in FIXEdge version 6.7.0 and higher or in Fix Antenna C++ version 2.26 and higher.

Features

Integration with Splunk supports the following features:

  • Log messages forwarding to the Splunk
  • Connection with Splunk is supported over TCP
  • Splunk agent can be used
  • Configurable timestamp

Interaction model

Interaction between FIX engine and Splunk/Splunk agent is maintained via Log4Cplus library:

Image Modified

Info

The described functionality was successfully tested with version 7.2.0 of Splunk

Configuring

1

...

.

...

Configure Logging

To forward log messages to Splunk specify Log4Cplus for Log.Deviceproperty in FIXEdge.properties (for FIXEdge) or engine.properties (for FIXAntenna) file and configure log4cplus parameters as follows:

...

In this case logging will be performed with both creating standard log files and forwarding to Splunk (Log.Device = File Log4Cplus - see description of Log.Device parameter). 

Also the example contains configuration of an extended log layout that includes severity, threadID and other additional fields (log4cplus.appender.Splunk.layout parameter). 

Info

More information about log4cplus configuration can be found here Log4Cplus Usage

...

2. Configure Splunk

  1. In Splunk Web interface configure inputs (From Splunk Home, select Settings → Add Data → Data inputs):

2. Add new input to TCP (From Data inputs, select TCP → Add new):

3. Select data source - choose listening port (the same port number should be set in FIXEdge.properties log4cplus.appender.Splunk.port parameter) and then click "Next":

Image Modified

4. Configure input settings - Select source type → Application → log4j and then click "Review":

5. Check out configuration and click "Submit":

Image Modified

6. Click "Start Searching":

7. After starting FIXEdge session you will see FIXEdge logging in Splunk:

Image Modified