This is a Splunk Modular Input Add-On for indexing messages from an AMQP Broker.It utilizes the RabbitMQ Java client library(v3.3.3) , but can be used against any AMQP v0-9-1, 0-9 and 0-8 compliant broker. Testing was performed against RabbitMQ Server v3.3.3
From Wikipedia : http://en.wikipedia.org/wiki/AdvancedMessageQueuing_Protocol
Settings -> Data Inputs -> AMQPto add a new Input stanza via the UI
inputs.conffile should be placed in a
localdirectory under an App or User context.
You require an activation key to use this App. Visit http://www.baboonbones.com/#activation to obtain a non-expiring key
Any log entries/errors will get written to $SPLUNK_HOME/var/log/splunk/splunkd.log
These are also searchable in Splunk :
index=_internal error amqp.py
The default heap maximum is 64MB. If you require a larger heap, then you can alter this in $SPLUNKHOME/etc/apps/amqpta/bin/amqp.py on line 95
You can declare custom JVM System Properties when setting up new input stanzas. Note : these JVM System Properties will apply to the entire JVM context and all stanzas you have setup
The way in which the Modular Input processes the received AMQP messages is enitrely pluggable with custom implementations should you wish.
To do this you code an implementation of the com.splunk.modinput.amqp.AbstractMessageHandler class and jar it up.
Ensure that the necessary jars are in the $SPLUNKHOME/etc/apps/amqpta/bin/lib directory.
If you don't need a custom handler then the default handler com.splunk.modinput.amqp.DefaultMessageHandler will be used.
This handler simply trys to convert the received byte array into a textual string for indexing in Splunk.
This project was initiated by Damien Dallimore , firstname.lastname@example.org