You can use the HTTP Log plugin to send Kong Gateway logs to Splunk.
Note: The following example uses Splunk 9.0.2. If you are using a different version of Splunk, check the Splunk documentation for the appropriate method.
Prerequisites
You have a Splunk authorization token.
Send raw text to HEC
To send raw text, use the /services/collector/raw
Splunk endpoint.
For example, assuming that Splunk is running at https://example.splunkcloud.com:8088/
and its secure token is 123456
,
you can enable an HTTP Log plugin instance using the following configuration:
Make the following request:
curl -X POST http://localhost:8001/services/{serviceName|Id}/plugins \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "http-log",
"config": {
"headers": {
"Authorization": "Splunk 123456"
},
"http_endpoint": "https://example.splunkcloud.com:8088/services/collector/raw",
"method": "POST",
"timeout": 3000,
"retry_count": 1
}
}
'
Replace SERVICE_NAME|ID
with the id
or name
of the service that this plugin configuration will target.
First, create a KongPlugin resource:
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: http-log-example
plugin: http-log
config:
headers:
Authorization: Splunk 123456
http_endpoint: https://example.splunkcloud.com:8088/services/collector/raw
method: POST
timeout: 3000
retry_count: 1
" | kubectl apply -f -
Next, apply the KongPlugin
resource to an ingress by annotating the service
as follows:
kubectl annotate service SERVICE_NAME konghq.com/plugins=http-log-example
Replace SERVICE_NAME
with the name of the service that this plugin configuration will target.
You can see your available ingresses by running kubectl get service
.
Note: The KongPlugin resource only needs to be defined once and can be applied to any service, consumer, or route in the namespace. If you want the plugin to be available cluster-wide, create the resource as aKongClusterPlugin
instead ofKongPlugin
.
Add this section to your declarative configuration file:
plugins:
- name: http-log
service: SERVICE_NAME|ID
config:
headers:
Authorization: Splunk 123456
http_endpoint: https://example.splunkcloud.com:8088/services/collector/raw
method: POST
timeout: 3000
retry_count: 1
Replace SERVICE_NAME|ID
with the id
or name
of the service that this plugin configuration will target.
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "kpat_YOUR_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_http_log" "my_http_log" {
enabled = true
config = {
headers = {
Authorization = "Splunk 123456"
}
http_endpoint = "https://example.splunkcloud.com:8088/services/collector/raw"
method = "POST"
timeout = 3000
retry_count = 1
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
service = {
id = konnect_gateway_service.my_service.id
}
}
Make the following request:
curl -X POST http://localhost:8001/routes/{routeName|Id}/plugins \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "http-log",
"config": {
"headers": {
"Authorization": "Splunk 123456"
},
"http_endpoint": "https://example.splunkcloud.com:8088/services/collector/raw",
"method": "POST",
"timeout": 3000,
"retry_count": 1
}
}
'
Replace ROUTE_NAME|ID
with the id
or name
of the route that this plugin configuration will target.
First, create a KongPlugin resource:
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: http-log-example
plugin: http-log
config:
headers:
Authorization: Splunk 123456
http_endpoint: https://example.splunkcloud.com:8088/services/collector/raw
method: POST
timeout: 3000
retry_count: 1
" | kubectl apply -f -
Next, apply the KongPlugin
resource to an ingress by annotating the ingress
as follows:
kubectl annotate ingress INGRESS_NAME konghq.com/plugins=http-log-example
Replace INGRESS_NAME
with the name of the ingress that this plugin configuration will target.
You can see your available ingresses by running kubectl get ingress
.
Note: The KongPlugin resource only needs to be defined once and can be applied to any service, consumer, or route in the namespace. If you want the plugin to be available cluster-wide, create the resource as aKongClusterPlugin
instead ofKongPlugin
.
Add this section to your declarative configuration file:
plugins:
- name: http-log
route: ROUTE_NAME|ID
config:
headers:
Authorization: Splunk 123456
http_endpoint: https://example.splunkcloud.com:8088/services/collector/raw
method: POST
timeout: 3000
retry_count: 1
Replace ROUTE_NAME|ID
with the id
or name
of the route that this plugin configuration will target.
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "kpat_YOUR_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_http_log" "my_http_log" {
enabled = true
config = {
headers = {
Authorization = "Splunk 123456"
}
http_endpoint = "https://example.splunkcloud.com:8088/services/collector/raw"
method = "POST"
timeout = 3000
retry_count = 1
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
route = {
id = konnect_gateway_route.my_route.id
}
}
Make the following request:
curl -X POST http://localhost:8001/consumers/{consumerName|Id}/plugins \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "http-log",
"config": {
"headers": {
"Authorization": "Splunk 123456"
},
"http_endpoint": "https://example.splunkcloud.com:8088/services/collector/raw",
"method": "POST",
"timeout": 3000,
"retry_count": 1
}
}
'
Replace CONSUMER_NAME|ID
with the id
or name
of the consumer that this plugin configuration will target.
First, create a KongPlugin resource:
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: http-log-example
plugin: http-log
config:
headers:
Authorization: Splunk 123456
http_endpoint: https://example.splunkcloud.com:8088/services/collector/raw
method: POST
timeout: 3000
retry_count: 1
" | kubectl apply -f -
Next, apply the KongPlugin
resource to an ingress by annotating the KongConsumer
object as follows:
kubectl annotate KongConsumer CONSUMER_NAME konghq.com/plugins=http-log-example
Replace CONSUMER_NAME
with the name of the consumer that this plugin configuration will target.
You can see your available consumers by running kubectl get KongConsumer
.
To learn more about KongConsumer
objects, see Provisioning Consumers and Credentials.
Note: The KongPlugin resource only needs to be defined once and can be applied to any service, consumer, or route in the namespace. If you want the plugin to be available cluster-wide, create the resource as aKongClusterPlugin
instead ofKongPlugin
.
Add this section to your declarative configuration file:
plugins:
- name: http-log
consumer: CONSUMER_NAME|ID
config:
headers:
Authorization: Splunk 123456
http_endpoint: https://example.splunkcloud.com:8088/services/collector/raw
method: POST
timeout: 3000
retry_count: 1
Replace CONSUMER_NAME|ID
with the id
or name
of the consumer that this plugin configuration will target.
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "kpat_YOUR_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_http_log" "my_http_log" {
enabled = true
config = {
headers = {
Authorization = "Splunk 123456"
}
http_endpoint = "https://example.splunkcloud.com:8088/services/collector/raw"
method = "POST"
timeout = 3000
retry_count = 1
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
consumer = {
id = konnect_gateway_consumer.my_consumer.id
}
}
Make the following request:
curl -X POST http://localhost:8001/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "http-log",
"config": {
"headers": {
"Authorization": "Splunk 123456"
},
"http_endpoint": "https://example.splunkcloud.com:8088/services/collector/raw",
"method": "POST",
"timeout": 3000,
"retry_count": 1
}
}
'
Create a KongClusterPlugin resource and label it as global:
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: <global-http-log>
annotations:
kubernetes.io/ingress.class: kong
labels:
global: "true"
config:
headers:
Authorization: Splunk 123456
http_endpoint: https://example.splunkcloud.com:8088/services/collector/raw
method: POST
timeout: 3000
retry_count: 1
plugin: http-log
Add a plugins
entry in the declarative configuration file:
plugins:
- name: http-log
config:
headers:
Authorization: Splunk 123456
http_endpoint: https://example.splunkcloud.com:8088/services/collector/raw
method: POST
timeout: 3000
retry_count: 1
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "kpat_YOUR_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_http_log" "my_http_log" {
enabled = true
config = {
headers = {
Authorization = "Splunk 123456"
}
http_endpoint = "https://example.splunkcloud.com:8088/services/collector/raw"
method = "POST"
timeout = 3000
retry_count = 1
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}
Based on this configuration, the HTTP Log plugin sends the logs to https://example.splunkcloud.com:8088/services/collector/raw
with a secure token.
Logs are sent as JSON objects. See the Log Format reference for details.