Service-Specific Instructions for Streaming Application Logs

Page last updated:

This topic provides instructions for configuring some third-party log management services.

Once you have configured a service, refer to the Third-Party Log Management Services topic for instructions on binding your application to the service.

Logit.io

From your Logit.io dashboard:

  1. Identify the Logit ELK stack you want to use.

  2. Click Logstash Configuration.

  3. Note your Logstash Endpoint.

  4. Note your TCP-SSL, TCP, or UDP Port (not the syslog port).

  5. Create the log drain service in Cloud Foundry.

    $ cf cups logit-ssl-drain -l syslog-tls://ENDPOINT:PORT
    

    or

    $ cf cups logit-drain -l syslog://ENDPOINT:PORT
    

  6. Bind the service to an app.

    $ cf bind-service YOUR-CF-APP-NAME logit-ssl-drain
    

    or

    $ cf bind-service YOUR-CF-APP-NAME logit-drain
    

  7. Restage or push the app using one of the following commands:

    $ cf restage YOUR-CF-APP-NAME
    $ cf push YOUR-CF-APP-NAME

    After a short delay, logs begin to appear in Kibana.

Papertrail

From your Papertrail account:

  1. Click Add System.

    Papertrail 02

  2. Click the Other link.

    Papertrail 03

  3. Select I use Cloud Foundry, enter a name, and click Save.

    Papertrail 04

  4. Record the URL with port that is displayed after creating the system.

    Papertrail 05

  5. Create the log drain service in Cloud Foundry.

    $ cf cups my-logs -l syslog-tls://logs.papertrailapp.com:PORT
    
  6. Bind the service to an app.

    $ cf bind-service APPLICATION-NAME my-logs
    
  7. Restage the app.

    $ cf restage APPLICATION-NAME
    

    After a short delay, logs begin to flow automatically.

  8. Once Papertrail starts receiving log entries, the view automatically updates to the logs viewing page.

    Papertrail 11

Splunk

See Streaming Application Logs to Splunk for details.

Splunk Storm

From your Splunk Storm account:

  1. Click Add project.

    Splunkstorm 02

  2. Enter the project details.

    Splunkstorm 03

  3. Create a new input for Network data.

    Splunkstorm 04

  4. Manually enter the external IP addresses your Cloud Foundry administrator assigns to outbound traffic. If you are using Pivotal Web Services, refer to the Externally Visible IP Addresses topic.

    Splunkstorm 05

  5. Note the host and port provided for TCP input.

    Splunkstorm 06

  6. Create the log drain service in Cloud Foundry using the displayed TCP host and port.

    $ cf cups my-logs -l syslog://HOST:PORT
    
  7. Bind the service to an app

    $ cf bind-service APPLICATION-NAME my-logs
    
  8. Restage the app

    $ cf restage APPLICATION-NAME
    

    After a short delay, logs begin to flow automatically.

  9. Wait for some events to appear, then click Data Summary.

    Splunkstorm 09

  10. Click the loggregator link to view all incoming log entries from Cloud Foundry.

    Splunkstorm 10

SumoLogic

Note: SumoLogic uses HTTPS for communication. HTTPS is supported in Cloud Foundry v158 and later.

From your SumoLogic account:

  1. Click the Add Collector link.

    Sumologic 02

  2. Choose Hosted Collector and fill in the details.

    Sumologic 03a

    Sumologic 03b

  3. In the new collector’s row of the collectors view, click the Add Source link.

    Sumologic 04

  4. Select HTTP source and fill in the details. Note that you’ll be provided an HTTPS url

    Sumologic 05

  5. Once the source is created, a URL should be displayed. You can also view the URL by clicking the Show URL link beside the created source.

    Sumologic 06a

  6. Create the log drain service in Cloud Foundry using the displayed URL.

    $ cf cups my-logs -l HTTPS-SOURCE-URL
    
  7. Bind the service to an app.

    $ cf bind-service APPLICATION-NAME my-logs
    
  8. Restage the app.

    $ cf restage APPLICATION-NAME
    

    After a short delay, logs begin to flow automatically.

  9. In the SumoLogic dashboard, click Manage, then click Status to see a view of log messages received over time.

    Sumologic 09

  10. In the SumoLogic dashboard, click Search. Place the cursor in the search box, then press Enter to submit an empty search query.

    Sumologic 10

Logsene

Note: Logsene uses HTTPS for communication. HTTPS is supported in Cloud Foundry v158 and later.

From your Sematext account:

  1. Click the Create App / Logsene App menu item. Enter a name and click Add Application to create the Logsene App.

  2. Create the log drain service in Cloud Foundry using the displayed URL.

    $ cf cups logsene-log-drain -l https://logsene-cf-receiver.sematext.com/YOUR_LOGSENE_TOKEN
    
  3. Bind the log drain to an app. You could optionally bind multiple apps to one log drain.

    $ cf bind-service YOUR-CF-APP-NAME logsene-log-drain
    
  4. Restage the app.

    $ cf restage APPLICATION-NAME
    

    After a short delay, logs begin to flow automatically and appear in the Logsene UI.

Logentries is Not Supported

Cloud Foundry distributes log messages over multiple servers to handle load. Currently, we do not recommend using Logentries as it does not support multiple syslog sources.

Create a pull request or raise an issue on the source for this page in GitHub