Splunk AMQP Messaging Modular Input v1.3.3

Overview

This is a Splunk Modular Input Add-On for indexing messages from an AMQP Broker.It utilizes the RabbitMQ Java client library(v3.3.3) , but can be used against any AMQP v0-9-1, 0-9 and 0-8 compliant broker. Testing was performed against RabbitMQ Server v3.3.3

What is AMQP ?

From Wikipedia : http://en.wikipedia.org/wiki/AdvancedMessageQueuing_Protocol

Examples of AMQP Brokers

Dependencies

Setup

Activation Key

You require an activation key to use this App. Visit http://www.baboonbones.com/#activation to obtain a non-expiring key

Logging

Any log entries/errors will get written to $SPLUNK_HOME/var/log/splunk/splunkd.log

These are also searchable in Splunk : index=_internal error amqp.py

JVM Heap Size

The default heap maximum is 64MB. If you require a larger heap, then you can alter this in $SPLUNKHOME/etc/apps/amqpta/bin/amqp.py on line 95

JVM System Properties

You can declare custom JVM System Properties when setting up new input stanzas. Note : these JVM System Properties will apply to the entire JVM context and all stanzas you have setup

Customized Message Handling

The way in which the Modular Input processes the received AMQP messages is enitrely pluggable with custom implementations should you wish.

To do this you code an implementation of the com.splunk.modinput.amqp.AbstractMessageHandler class and jar it up.

Ensure that the necessary jars are in the $SPLUNKHOME/etc/apps/amqpta/bin/lib directory.

If you don't need a custom handler then the default handler com.splunk.modinput.amqp.DefaultMessageHandler will be used.

This handler simply trys to convert the received byte array into a textual string for indexing in Splunk.

Troubleshooting

Contact

This project was initiated by Damien Dallimore , damien@baboonbones.com