This input retrieves the log for each instance (or worker) associated with the specified domain (application). Checkpointing is in place to ensure that only new entries are written.

Splunk events

Sourcetype: mulesoft:applicationlogs

Timestamp: time that data was received by Splunk

Sample event:

{"loggerName": "org.mule.runtime.core.internal.logging.LogUtil", "threadName": "qtp1180780987-37", "timestamp": 1622112272668, "message": "\n**********************************************************************\n* Policy: analytics-policy-16910596-contact-api-main *\n* OS encoding: UTF-8, Mule encoding: UTF-8 *\n* *\n**********************************************************************", "priority": "INFO", "instanceId": "60af77a566408611ac84277a-0", "env_id": "7345beef-70cb-4387-b26d-2534486a5b98", "domain": "contactapi-7989847"}

About this input

This input calls the URL:

https://anypoint.mulesoft.com/cloudhub/api/v2/applications/{domain}/instances/{instanceId}/logs

Using the parameters:

  • Global account: Specified when input is configured
  • environmentId: Specified when input is configured
  • domain: Specified when input is configured
  • instanceId: ID of the individual Cloudhub worker. This is retrieved by the input via an API call.

A Splunk event will be written containing new log entries for each instance in the specified domain. Checkpointing is in place to ensure that the correct offset is used and that events are only written once.

 

Learn more: Mulesoft documentation

Posted by:Andrew MacLeod

Andrew is a certified Splunk Admin and has worked for iDelta for over two years. Previously, he worked as an actuarial analyst in the life and pensions industry - a role that he was in for over 7 years before deciding to embark on a career change into the IT industry. He holds an MPhys degree in theoretical physics from the University of Edinburgh. Outside of work he is a big puzzle fan, with a particular penchant for things cruciverbal and mathematical.