Skip to content
Visit booth 3171 at Google Cloud Next to see how to unlock real-time decisions at scaleMore info

3rd-party log analysis tools

This page describes how to add and configure Aerospike filtering and parsing rules for supported 3rd-party log ingestion tools. These rules break Aerospike logs into a format that can be read and used in custom alerts or dashboards.

Parsing rules are currently available for Fluent Bit and Splunk. Both of these tools parse Aerospike Database logs one line at a time.

Prerequisites

  • A running instance of Aerospike Database 6.0 or later.
  • A working installation of Fluent Bit or Splunk for ingesting Aerospike Database logs.

Configure Fluent Bit

  1. Download the Aerospike parser file aerospike-fluent-bit-parsers.conf to the /etc/fluent-bit/ directory on the machine running Fluent Bit.

    Terminal window
    wget https://raw.githubusercontent.com/aerospike/aerolab/refs/heads/master/src/ingest/thirdparty_tools/fluentbit/aerospike-fluent-bit-parsers.conf -P /etc/fluent-bit/
  2. Download the Aerospike filter file aerospike-fluent-bit-filters.conf to the same /etc/fluent-bit/ directory as the parser file.

    Terminal window
    wget https://raw.githubusercontent.com/aerospike/aerolab/refs/heads/master/src/ingest/thirdparty_tools/fluentbit/aerospike-fluent-bit-filters.conf -P /etc/fluent-bit/
  3. Modify the [SERVICE] section of the Fluent Bit configuration file at /etc/fluent-bit/fluent-bit.conf to add the location of the Aerospike parser.

    The [SERVICE] section should appear similar to the following:

    # Parsers File (fluent-bit.conf)
    # ============
    # specify an optional 'Parsers' configuration file
    # parsers_file /root/fluentbit/parsers.conf
    parsers_file /etc/fluent-bit/aerospike-fluent-bit-parsers.conf
  4. At the end of the same file, add an @INCLUDE directive to specify the location of the Aerospike filter file aerospike-fluent-bit-filters.conf.

    @INCLUDE /etc/fluent-bit/aerospike-fluent-bit-filters.conf

Configure Splunk

  1. Create a custom Splunk app specifically for Aerospike logs. This creates a directory under /etc/splunk/etc/apps/ with the name of your app. See the Splunk documentation for details.

  2. On the machine running Splunk, download the properties file aerospike_splunk_local_props.conf to your app’s /local/ directory with the name props.conf. Replace the placeholder in the following example with your app’s name as per your directory structure.

    Terminal window
    wget https://raw.githubusercontent.com/aerospike/aerolab/refs/heads/master/src/ingest/thirdparty_tools/splunk/aerospike_splunk_local_props.conf -O /etc/splunk/etc/apps/YOUR_APP/local/props.conf
  3. Download the local transforms file aerospike_splunk_local_transforms.conf to the same /local/ directory as the properties file, with the name transforms.conf. Replace the placeholder in the following example with your app’s name as per your directory structure.

    Terminal window
    wget https://raw.githubusercontent.com/aerospike/aerolab/refs/heads/master/src/ingest/thirdparty_tools/splunk/aerospike_splunk_local_transforms.conf -O /etc/splunk/etc/apps/YOUR_APP/local/transforms.conf
  4. Restart Splunk.

Feedback

Was this page helpful?

What type of feedback are you giving?

What would you like us to know?

+Capture screenshot

Can we reach out to you?