Articles in this section

How to forward logs to a Splunk Indexer

JK
Updated

You can forward your Upsun application and service logs directly to Splunk without installing any custom agents or modifying your container's file system.

Upsun features a native log forwarding integration for Splunk that automatically streams your application's stdout and stderr logs, MariaDB slow query logs, and Redis logs directly to your Splunk Event Collector.

Prerequisites

  • You must have Project Admin permissions on your Upsun project.

  • A running Splunk instance (Platform or Enterprise).

  • A Splunk Event Collector token.

  • Your Splunk host (the URL of the instance collecting the data).

  • An index name where the logs should be sent.

How to Enable the Integration

You can configure the Splunk log forwarder using either the Upsun CLI or the Management Console.

Option 1: Using the Upsun CLI (Recommended)

You can set up the integration with a single command.

Run the following command in your terminal, replacing the placeholders with your actual Splunk Host, Index, and Token:

upsun integration:add --type splunk \
  --url https://http-inputs.HOST.splunkcloud.com/services/collector/event \
  --index INDEX \
  --token TOKEN

Once the command succeeds, you must trigger a redeploy of your environment for the log forwarding to begin taking effect.

Option 2: Using the Upsun Console

If you prefer a visual interface:

  1. Log in to the Upsun Console and navigate to your project.

  2. Click Settings, then select Integrations from the sidebar.

  3. Click Add Integration and select Splunk from the list of available providers.

  4. In the configuration window, provide your Splunk Collector URL, Index name, and Event Collector Token.

  5. Click Add Integration.

  6. Trigger a redeploy of your environment.

Filtering and Verification

Excluding Noisy Services

If you do not want to forward logs from every single container (for example, if you want to skip logs from a Redis cache or a specific background worker to save on Splunk ingestion costs), you can define an excluded_services list in your integration settings. This will prevent logs from those specific apps or services from being shipped.

Verifying the Logs

Once the environment finishes redeploying, open your Splunk dashboard and navigate to Apps -> Search & Reporting. Filter your search by the index name you provided during setup to verify that the Upsun log events are arriving correctly.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.