How to integrate FIXEdge with Splunk

Owned by Andrei Bakhteev (Unlicensed)
Last updated: Feb 12, 2021 by Artem Kleshchev (Unlicensed)
3 min read

The feature is available in FIXEdge version 6.7.0 and higher or in Fix Antenna C++ version 2.26 and higher.

Features

Integration with Splunk supports the following features:

  • Log messages forwarding to the Splunk
  • Connection with Splunk is supported over TCP
  • Splunk agent can be used
  • Configurable timestamp

Interaction model

Interaction between FIX engine and Splunk/Splunk agent is maintained via Log4Cplus library:

The described functionality was successfully tested with version 7.2.0 of Splunk

Configuring

1. Configure Logging

To forward log messages to Splunk specify Log4Cplus for Log.Device property in FIXEdge.properties (for FIXEdge) or engine.properties (for FIXAntenna) file and configure log4cplus parameters as follows:

FIXEdge.properties or engine.properties changes
# add Log4Cplus device for duplication logs to the log4cplus
Log.Device = File Log4Cplus
 
#------------- configure log4plus for forwarding to the Splunk -----------------------
log4cplus.rootLogger = TRACE,Splunk
log4cplus.appender.Splunk=log4cplus::SocketTCPAppender
#set host/port Splunk
log4cplus.appender.Splunk.port=<PORT>
log4cplus.appender.Splunk.host=<HOST>
# using pattern for add information in log messages about
log4cplus.appender.Splunk.layout=log4cplus::PatternLayout
log4cplus.appender.Splunk.layout.ConversionPattern=%d{%FT%T.%q}Z Severity=%-5p ThreadID=%t Category=%c %m%n

In this case logging will be performed with both creating standard log files and forwarding to Splunk (Log.Device = File Log4Cplus - see description of Log.Device parameter). 

Also the example contains configuration of an extended log layout that includes severity, threadID and other additional fields (log4cplus.appender.Splunk.layout parameter). 

More information about log4cplus configuration can be found here Log4Cplus Usage

2. Configure Splunk

  1. In Splunk Web interface configure inputs (From Splunk Home, select Settings → Add Data → Data inputs):

2. Add new input to TCP (From Data inputs, select TCP → Add new):

3. Select data source - choose listening port (the same port number should be set in FIXEdge.properties log4cplus.appender.Splunk.port parameter) and then click "Next":

4. Configure input settings - Select source type → Application → log4j and then click "Review":

5. Check out configuration and click "Submit":

6. Click "Start Searching":

7. After starting FIXEdge session you will see FIXEdge logging in Splunk: