TomFrost
commented
7 years ago Hey André!
Your linked post was made before Splunk gained native support for JSON :). So you can use any logger with JSON output, Bristol included. I used to recommend Bristol's CommonInfoModel formatter for Splunk (using the splunk-14 logging type in your config on that side), but the JSON experience in Splunk 6.5 and beyond is spectacular.
My workflow now is to pipe stdout and stderr to a file named appname.raw.log, and configure Bristol with the JSON formatter and File target, writing to appname.json.log. Set up logrotate to use COPYTRUNCATE to rotate both of these logs, and both stdout and your application JSON logs will keep trucking without a restart. Splunkforwarder will often auto detect the rotation, but I've found that firing off a restart of the splunkforwarder service on the postrotate hook makes it more reliable.
Let me know if you need any more guidance! I have Bristol pushing countless application logs to Splunk and it's smooth as butter.
Hi all, how can I use splunk with Bristol? According to https://www.reddit.com/r/node/comments/26mf7e/winston_logging_replacementalternative/ it should be possible, or not :-) ?