Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Features

Integration with Splunk supports the following features:

  • Log messages forwarding to the Splunk
  • Connection with Splunk is supported over TCP
  • Splunk agent can be used
  • Configurable timestamp

Interaction model

Interaction between FIX engine and Splunk/Splunk agent is maintained via Log4Cplus library:


Info

The described functionality was successfully tested with version 7.2.0 of Splunk

Configuring

1. Upgrade software

Upgrade FEdge to version 6.7 or FA to version 2.26. If you are using FA rebuild your application with the new version of FA.

2. Configure Logging

To forward log messages to Splunk specify Log4Cplus for Log.Deviceproperty in FIXEdge.properties (for FIXEdge) or engine.properties (for FIXAntenna) file and configure log4cplus parameters as follows:

Code Block
languagepowershell
titleFIXEdge.properties or engine.properties changes
# add Log4Cplus device for duplication logs to the log4cplus
Log.Device = File Log4Cplus
 
#------------- configure log4plus for forwarding to the Splunk -----------------------
log4cplus.rootLogger = TRACE,Splunk
log4cplus.appender.Splunk=log4cplus::SocketTCPAppender
#set host/port Splunk
log4cplus.appender.Splunk.port=<PORT>
log4cplus.appender.Splunk.host=<HOST>
# using pattern for add information in log messages about
log4cplus.appender.Splunk.layout=log4cplus::PatternLayout
log4cplus.appender.Splunk.layout.ConversionPattern=%d{%FT%T.%q}Z Severity=%-5p ThreadID=%t Category=%c %m%n

In this case logging will be performed with both creating standard log files and forwarding to Splunk (Log.Device = File Log4Cplus - see description of Log.Device parameter). 

Also the example contains configuration of an extended log layout that includes severity, threadID and other additional fields (log4cplus.appender.Splunk.layout parameter). 

Info

More information about log4cplus configuration can be found here Log4Cplus Usage

3. Configure Splunk

  1. In Splunk Web interface configure inputs (From Splunk Home, select Settings → Add Data → Data inputs):

2. Add new input to TCP (From Data inputs, select TCP → Add new):

3. Select data source - choose listening port (the same port number should be set in FIXEdge.properties log4cplus.appender.Splunk.port parameter) and then click "Next":

4. Configure input settings - Select source type → Application → log4j and then click "Review":

5. Check out configuration and click "Submit":

6. Click "Start Searching":

7. After starting FIXEdge session you will see FIXEdge logging in Splunk: