[rabbitmq-discuss] RabbitMQ and Splunk
Simon MacMullen
simon at rabbitmq.com
Mon Nov 1 10:56:01 GMT 2010
On 30/10/10 01:13, Michael Vierling wrote:
> We're developing a Splunk plugin for RabbitMQ. Splunk is an excellent
> log search engine and we highly recommend it. Anyway, while Splunk can
> ingest almost any log files, it prefers a key-value pair format. You can
> see this page for more details:
>
> http://www.splunk.com/wiki/Apps:Common_Information_Model
>
> So in that spirit, I'd like to propose the following patch to the
> rabbitmqadmin script, which ships with your management 2.1.1 plugin.
> This patch adds a key-value pair Splunk compatible option (kvp) to the
> script. It would be very helpful if this could be incorporated into the
> official Management plugin.
<snip>
Hi Michael.
First of all, it's nice to know someone's using rabbitmqadmin - I think
you're the first to ask about it...
In order to accept your patch, I'd need to get you to sign our
contributor agreement (yes, even for something this small). Or I could
reimplement it; that might be easier.
But before that, can we clear up a few issues:
* I'd like to not call it kvp since it's really timestamp - key/value,
which seems quite Splunk-specific.
* I hadn't thought of using rabbitmqadmin to generate log files. I
assume the idea is to provide historic data for trends etc. Does Splunk
always work like this?
* How do quotes (and non-ASCII characters) need to be escaped? The link
does not explain.
* I assume you're not proposing to use any of the "standard fields"?
Cheers, Simon
--
Simon MacMullen
Staff Engineer, RabbitMQ
SpringSource, a division of VMware
More information about the rabbitmq-discuss
mailing list