The Python code in this App is dual 2.7/3 compatible. This version of the App enforces Python 3 for execution of the modular input script when running on Splunk 8+ in order to satisfy Splunkbase AppInspect requirements. If running this App on Splunk versions prior to 8 , then Python 2.7 will get executed.
This is a Splunk modular input add-on for polling message queues and topics via the JMS interface.
It implements the Splunk Modular Inputs Framework
JMS is simply a messaging API and is a convenient means by which to write 1 modular input that can talk to several different underlying messaging providers : MQSeries(Websphere MQ), ActiveMQ, TibcoEMS, HornetQ, RabbitMQ,Native JMS, Weblogic JMS, Sonic MQ etc.. The modular input code is generic because it is programmed to the JMS interface. You can then supply messaging provider specific jar files at runtime. More details on JMS at Wikipedia
This App contains a custom modular input written in Java
As such , the following binary JAR archives are required
Setup Credentialsmenu tab and setup any JNDI and Destination username(s)/password(s).
Data Inputsmenu tab and setup your JMS Inputs.
Activation Keymenu tab and enter your key.
For the most part you will setup your JMS connectivity using JNDI to obtain the remote JMS objects.
However, you can bypass JNDI if you wish and use local instantiation.
To this you must code an implementation of the com.splunk.modinput.jms.LocalJMSResourceFactory interface.
You can then bundle the classes in a jar file and place them in
The configuration screen for creating a new JMS input allows you to choose local or jndi as the instantiation mode.
So choose local , and then you can specify the name of implementation class, as well as any declarative paramaters you want to pass in.
Modular Input logs will get written to
These logs are rotated after a max size of 5MB with a backup limit of 5.
Setup logs will get written to
These logs are rotated daily with a backup limit of 5.
The Modular Input logging level can be specified in the input stanza you setup. The default level is
You can search for these log sources in the
_internal index or browse to the
Logs menu item on the App's navigation bar.
Any Splunk internal errors can also be searched like :
index=_internal jms.py ERROR
If you require specific JMS provider or JNDI Context implementation jars, then you can simply copy these to
They will be automatically picked up upon restart
The default heap maximum is 64MB.
If you require a larger heap, then you can alter this in
You can declare custom JVM System Properties when setting up new input stanzas. Note : these JVM System Properties will apply to the entire JVM context and all stanzas you have setup
The way in which the Modular Input processes the received messages is enitrely pluggable with custom implementations should you wish.
To do this you code an implementation of the
com.splunk.modinput.jms.AbstractMessageHandler class and jar it up.
Ensure that the necessary jars are in the
If you don't need a custom handler then the default handler
com.splunk.modinput.jms.DefaultMessageHandler will be used.
This handler simply trys to convert the received JMS Message into a textual string for indexing in Splunk.
Everyone's Splunk environment and Users/Roles/Permissions setup are different.
By default this App ships with all of it's objects globally shared (in
So if you need to limit access to functionality within the App , such as who can see the setup page , then you should browse to
Apps -> Manage Apps -> JMS Messaging Modular Input -> View Objects , and adjust the permissions accordingly for your specific Splunk environment.
$SPLUNK_HOME/bin/splunk cmd python ../etc/apps/jms_ta/bin/jms.py --scheme
BaboonBones.com offer commercial support for implementing and any questions pertaining to this App.