NSP application log forwarding to Splunk

Description

An NSP cluster can forward application logs to a remote Splunk server using the Splunk HEC, or HTTP Event Collector. During NSP deployment, you can enable the log forwarding by configuring the Splunk forwarding parameters in the nsp—modules—logging—forwarding—applicationLogs—splunk section of the NSP configuration file.

When log forwarding to Splunk is enabled, the advertisedAddress parameter in the NSP cluster configuration file serves as a Splunk query criterion for the NSP application logs.

For example:

index="k8s_log" and nspHost="cluster_address"

where

cluster_address is the advertisedAddress in the NSP configuration file

k8s_log is the Splunk HEC index

For information about setting up Splunk HEC, see the Splunk documentation.