Learn about the Wavefront Splunk Integration.

Splunk Logs Integration

Usually the best way to send metrics to a monitoring system is to use a metrics library. However, sometimes you have a legacy system, or a system that is difficult to modify, and you want to garner metrics from Splunk logs.

Wavefront supports sending log data to your Wavefront proxy with TCP. This method is supported in Wavefront proxy 4.4 and higher. Once your data arrives at the proxy, the proxy converts your Splunk log data to metrics by parsing log lines with grok patterns (regular expressions) that you specify in a proxy configuration file.

Splunk Log Data Setup

Step 1. Set up Wavefront Proxy

If you do not have a Wavefront proxy installed on your network, install a proxy.

Step 2. Configure the Wavefront Proxy to Ingest Log Data and Set up Data Flow

Follow the instructions in Log Data Metrics Integration for configuring the grok patterns to extract metrics from log data and sending data using TCP.