NLogTarget.Splunk 1.0.5

.NET Standard 2.0
There is a newer version of this package available.
See the version list below for details. 
Install-Package NLogTarget.Splunk -Version 1.0.5
dotnet add package NLogTarget.Splunk --version 1.0.5
<PackageReference Include="NLogTarget.Splunk" Version="1.0.5" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add NLogTarget.Splunk --version 1.0.5
The NuGet Team does not provide support for this client. Please contact its maintainers for support. 
#r "nuget: NLogTarget.Splunk, 1.0.5"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package. 
// Install NLogTarget.Splunk as a Cake Addin
#addin nuget:?package=NLogTarget.Splunk&version=1.0.5

// Install NLogTarget.Splunk as a Cake Tool
#tool nuget:?package=NLogTarget.Splunk&version=1.0.5
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Tested with .NET Framework 4.7.2 and .NET Core 2.1 (in AWS .NET LAMBDA environment as well)

Supports sending log entries in async and sync mode with gzip compression enabled. In async mode, the entries are sent in batches.

Sample NLog.config

The required parameters are

Optional parameters are

  • ignoreSSLErrors - False by default. If True, ssl errors are ignored when posting to the HEC endpoint
  • timeout - # of milliseconds to wait before aborting a POST to HEC endpoint. Default is 30000 (30 seconds).

Keep in mind that the timestamp must be sent along with the log entries. The library will set the timestamp to the current time (DateTime.UtcNow) so ensure that the time across your servers is synchronized.

<?xml version="1.0" encoding="utf-8" ?>
<nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.nlog-project.org/schemas/NLog.xsd NLog.xsd"
      autoReload="false"
      throwExceptions="false"
      internalLogLevel="Off" internalLogFile="C:\logs\nlog_internal.log">
  <extensions>
    <add assembly="NLogTarget.Splunk"/>
  </extensions>
  <targets async="true">
    <target xsi:type="Splunk" name="splunk" endpoint="https://sample.org/services/collector/event" authToken="***" index="sample_index" source="http:your_app">
      <layout xsi:type="JsonLayout" includeAllProperties="true">
        <attribute name="logger" layout="${logger}" />
        <attribute name="severity" layout="${level}" />
        <attribute name="callsite" layout="${callsite:includeSourcePath=false:className=false}" />
        <attribute name="message" layout="${message}" />
        <attribute name="error" layout="${exception:format=ToString}" />
      </layout>
    </target>
  </targets>
  <rules>
    <logger name="*" minlevel="Info" writeTo="Splunk" />
  </rules>
</nlog>

NLog_sample.config

Resolving AuthToken Programmatically

It is highly recommended that the AuthToken value is resolved from a secrets vault rather then NLog.config. To resolve the AuthToken programmatically:

  • Set the value of AuthToken to *resolve* in NLog.config
  • Add a handler to SplunkAuthTokenResolver.OnObtainAuthToken event early on in the program before any log entries are written. Target name from NLog.config will be passed in to the event handler. Keep in mind that _wrapped suffix will be added to the target name incase targets async is set to true in NLog.config
  • The handler must return the value of the auth token. It is guaranteed that the resolution will only happen once per program lifecycle. If the auth token cannot be resolved, no log entries will be written. Check the internal log for errors (see internalLogFile in NLog.config)

Sample AuthToken resolution code

class Program
{
	static readonly Logger logger = LogManager.GetCurrentClassLogger();

	static void Main(string[] args)
	{
		SplunkAuthTokenResolver.OnObtainAuthToken += SplunkAuthTokenResolver_OnObtainAuthToken;

		logger.Info("Testing 123");

		Console.Read();
	}

	static string SplunkAuthTokenResolver_OnObtainAuthToken(string targetName)
	{
		if(targetName == "splunk" || targetName == "splunk_wrapped")
		{
			// get auth token from secrets vault

			return "auth token value";
		}

		return null;
	}
}

- Enjoy Responsibly -

Product Versions
.NET net5.0 net5.0-windows net6.0 net6.0-android net6.0-ios net6.0-maccatalyst net6.0-macos net6.0-tvos net6.0-windows
.NET Core netcoreapp2.0 netcoreapp2.1 netcoreapp2.2 netcoreapp3.0 netcoreapp3.1
.NET Standard netstandard2.0 netstandard2.1
.NET Framework net461 net462 net463 net47 net471 net472 net48
MonoAndroid monoandroid
MonoMac monomac
MonoTouch monotouch
Tizen tizen40 tizen60
Xamarin.iOS xamarinios
Xamarin.Mac xamarinmac
Xamarin.TVOS xamarintvos
Xamarin.WatchOS xamarinwatchos
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.0.7 1,646 2/6/2019
1.0.6 474 11/25/2018
1.0.5 472 11/25/2018
1.0.4 455 11/25/2018
1.0.3 547 10/4/2018
1.0.2 531 10/3/2018
1.0.1 567 10/3/2018

v1.0.5 - Added cleanup routine to dispose of the http client and the handler
v1.0.4 - Switched to HttpClient. Added SourceLink support and unit test project
v1.0.3 - Added lazy resolution of AuthToken
v1.0.2 - Added an ability to programmatically resolve the AuthToken
v1.0.1 - Initial release