Community Plugin: This plugin is developed, tested, and maintained by a third-party contributor.
Kong provides many great logging tools out of the box - this is a modified version of the Kong HTTP logging plugin that has been refactored and tailored to work with Splunk.
Example Log in Splunk UI

Installation
Recommended:
$ luarocks install kong-splunk-log
Other:
$ git clone https://github.com/Optum/kong-splunk-log.git /path/to/kong/plugins/kong-splunk-log
$ cd /path/to/kong/plugins/kong-splunk-log
$ luarocks make *.rockspec
Configuration
The plugin requires an environment variable SPLUNK_HOST
. This is how we define the host=""
Splunk field in the example log picture embedded above in our README.
Example Plugin Configuration

If not already set, it can be done so as follows:
$ export SPLUNK_HOST="gateway.company.com"
One last step is to make the environment variable accessible by an nginx worker. To do this, simply add this line to your nginx.conf
Maintainers
jeremyjpj0916
rsbrisci
Feel free to open issues, or refer to our Contribution Guidelines if you have any questions.
Configuration Reference
This plugin is compatible with DB-less mode.
Example plugin configuration
Enable on a service
Enable on a route
Enable globally
The following examples provide some typical configurations for enabling
the kong-splunk-log
plugin on a
service.
Admin API
Kubernetes
Declarative (YAML)
Make the following request:
curl -X POST http://localhost:8001/services/SERVICE_NAME|SERVICE_ID/plugins \
--data "name=kong-splunk-log" \
--data "config.splunk_endpoint=https://hec-splunk.company.com/services/collector" \
--data "config.splunk_access_token=aaaaaaaa-bbbb-cccc-dddd-ffffffffffff" \
--data "config.method=POST" \
--data "config.content_type=application/json" \
--data "config.timeout=10000" \
--data "config.retry_count=5" \
--data "config.queue_size=20" \
--data "config.flush_timeout=30" \
--data "config.keepalive=60000"
Replace SERVICE_NAME|SERVICE_ID
with the id
or name
of the service that this plugin configuration will target.
First, create a KongPlugin
resource:
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: kong-splunk-log-example
config:
splunk_endpoint: https://hec-splunk.company.com/services/collector
splunk_access_token: aaaaaaaa-bbbb-cccc-dddd-ffffffffffff
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
plugin: kong-splunk-log
Next, apply the KongPlugin resource to a
service by annotating the
service as follows:
apiVersion: v1
kind: Service
metadata:
name: SERVICE_NAME|SERVICE_ID
labels:
app: SERVICE_NAME|SERVICE_ID
annotations:
konghq.com/plugins: kong-splunk-log-example
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
name: SERVICE_NAME|SERVICE_ID
selector:
app: SERVICE_NAME|SERVICE_ID
Replace SERVICE_NAME|SERVICE_ID
with the id
or name
of the service that this plugin configuration will target.
Note: The KongPlugin resource only needs to be defined once
and can be applied to any service, consumer, or route in the namespace. If you
want the plugin to be available cluster-wide, create the resource as a
KongClusterPlugin
instead of KongPlugin
.
Add this section to your declarative configuration file:
plugins:
- name: kong-splunk-log
service: SERVICE_NAME|SERVICE_ID
config:
splunk_endpoint: https://hec-splunk.company.com/services/collector
splunk_access_token: aaaaaaaa-bbbb-cccc-dddd-ffffffffffff
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
Replace SERVICE_NAME|SERVICE_ID
with the id
or name
of the service that this plugin configuration will target.
The following examples provide some typical configurations for enabling
the kong-splunk-log
plugin on a
route.
Admin API
Kubernetes
Declarative (YAML)
Make the following request:
curl -X POST http://localhost:8001/routes/ROUTE_NAME|ROUTE_ID/plugins \
--data "name=kong-splunk-log" \
--data "config.splunk_endpoint=https://hec-splunk.company.com/services/collector" \
--data "config.splunk_access_token=aaaaaaaa-bbbb-cccc-dddd-ffffffffffff" \
--data "config.method=POST" \
--data "config.content_type=application/json" \
--data "config.timeout=10000" \
--data "config.retry_count=5" \
--data "config.queue_size=20" \
--data "config.flush_timeout=30" \
--data "config.keepalive=60000"
Replace ROUTE_NAME|ROUTE_ID
with the id
or name
of the route that this plugin configuration will target.
First, create a KongPlugin
resource:
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: kong-splunk-log-example
config:
splunk_endpoint: https://hec-splunk.company.com/services/collector
splunk_access_token: aaaaaaaa-bbbb-cccc-dddd-ffffffffffff
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
plugin: kong-splunk-log
Then, apply it to an ingress (route or routes)
by annotating the ingress as follows:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ROUTE_NAME|ROUTE_ID
annotations:
kubernetes.io/ingress.class: kong
konghq.com/plugins: kong-splunk-log-example
spec:
rules:
- host: examplehostname.com
http:
paths:
- path: /bar
backend:
service:
name: echo
port:
number: 80
Replace ROUTE_NAME|ROUTE_ID
with the id
or name
of the route that this plugin configuration will target.
Note: The KongPlugin resource only needs to be defined once
and can be applied to any service, consumer, or route in the namespace. If you
want the plugin to be available cluster-wide, create the resource as a
KongClusterPlugin
instead of KongPlugin
.
Add this section to your declarative configuration file:
plugins:
- name: kong-splunk-log
route: ROUTE_NAME
config:
splunk_endpoint: https://hec-splunk.company.com/services/collector
splunk_access_token: aaaaaaaa-bbbb-cccc-dddd-ffffffffffff
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
Replace ROUTE_NAME|ROUTE_ID
with the id
or name
of the route that this plugin configuration
will target.
A plugin which is not associated to any service, route, or consumer is
considered global, and will be run on every request. Read the
Plugin Reference and the Plugin Precedence
sections for more information.
The following examples provide some typical configurations for enabling
the kong-splunk-log
plugin globally.
Admin API
Kubernetes
Declarative (YAML)
Make the following request:
curl -X POST http://localhost:8001/plugins/ \
--data "name=kong-splunk-log" \
--data "config.splunk_endpoint=https://hec-splunk.company.com/services/collector" \
--data "config.splunk_access_token=aaaaaaaa-bbbb-cccc-dddd-ffffffffffff" \
--data "config.method=POST" \
--data "config.content_type=application/json" \
--data "config.timeout=10000" \
--data "config.retry_count=5" \
--data "config.queue_size=20" \
--data "config.flush_timeout=30" \
--data "config.keepalive=60000"
Create a KongClusterPlugin
resource and label it as global:
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: <global-kong-splunk-log>
annotations:
kubernetes.io/ingress.class: kong
labels:
global: \"true\"
config:
splunk_endpoint: https://hec-splunk.company.com/services/collector
splunk_access_token: aaaaaaaa-bbbb-cccc-dddd-ffffffffffff
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
plugin: kong-splunk-log
Add a plugins
entry in the declarative
configuration file:
plugins:
- name: kong-splunk-log
config:
splunk_endpoint: https://hec-splunk.company.com/services/collector
splunk_access_token: aaaaaaaa-bbbb-cccc-dddd-ffffffffffff
method: POST
content_type: application/json
timeout: 10000
retry_count: 5
queue_size: 20
flush_timeout: 30
keepalive: 60000
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
Form Parameter |
Description |
name
required
Type: string |
The name of the plugin, in this case kong-splunk-log . |
service.name or service.id
Type: string |
The name or ID of the service the plugin targets.
Set one of these parameters if adding the plugin to a service through the top-level /plugins endpoint.
Not required if using /services/SERVICE_NAME|SERVICE_ID/plugins . |
route.name or route.id
Type: string |
The name or ID of the route the plugin targets.
Set one of these parameters if adding the plugin to a route through the top-level /plugins endpoint.
Not required if using /routes/ROUTE_NAME|ROUTE_ID/plugins . |
enabled
Type: boolean
Default value: true |
Whether this plugin will be applied. |
config.splunk_endpoint
required
|
Splunk HTTP Event Collector(HEC) Endpoint
|
config.splunk_access_token
required
|
Passes required Splunk header Authorization Splunk:
aaaaaaaa-bbbb-cccc-dddd-ffffffffffff
|
config.method
optional
Default value: POST
|
HTTP Method to send to Splunk
|
config.content_type
optional
Default value: application/json
|
Defines the Content-Type header to send to Splunk
|
config.timeout
optional
Default value: 10000
|
The amount of time to wait on a Splunk transaction before timing out
|
config.retry_count
optional
Default value: 5
|
The number of attempts to retry logging an event on splunk connection errors
|
config.queue_size
optional
Default value: 20
|
The max number of event logs the plugin may send in a single request
|
config.flush_timeout
optional
Default value: 30
|
The time taken in seconds before flushing a queue of transactions to splunk that has not reached its max queue_size
|
config.keepalive
optional
Default value: 60000
|
The amount of time to keep plugin connections with Splunk active
|
We recommend enabling the Splunk Logging plugin at a global level.