damiendallimore · damiendallimore · commit 1ec3b58595ce · 2012-05-21T15:58:58.000+12:00
Change-Id: I47ab3999aae566ef3e0e512b8890bb8896fd8922
diff --git a/README.md b/README.md
@@ -5,24 +5,49 @@ integrate Splunk best practice logging semantics into their code.
 There are also custom handler/appender implementations for the 3 most prevalent Java logging frameworks in play.
 
 1.	LogBack
-2.	log4j
+2.	Log4j
 3.	java.util logging
 
 This framework contains :
 
 *   Implementation of Splunk CIM(Common Information Model) and best practice logging semantics
+*   java.util.logging handler for logging to Splunk REST endpoints
+*   java.util.logging handler for logging to Splunk Raw TCP Server Socket
+*   Log4j appender for logging to Splunk REST endpoints
+*   Log4j appender for logging to Splunk Raw TCP Server Socket
+*   Logback appender for logging to Splunk REST endpoints
+*   Logback appender for logging to Splunk Raw TCP Server Socket
+*   Example logging configuration files
+*   Javadocs
 
-*   java.util.logging handler for logging to Splunk REST endpoints and Splunk Raw TCP Server Socket
+If you want to use UDP to send events to Splunk , then Log4j and Logback  already have Syslog Appenders
+And of course you can still use any File appenders and have the file monitored by a Splunk Universal Forwarder.
 
-*   log4j appender for logging to Splunk REST endpoints  and Splunk Raw TCP Server Socket
+## Resilience
 
-*   Logback appender for logging to Splunk REST endpoints  and Splunk Raw TCP Server Socket
+The HTTP REST and Raw TCP handler/appenders have autonomous socket reconnection logic in case of connection failures.
+There is also internal event queuing that is loosely modelled off Splunk's outputs.conf for Universal Forwarders.
+You can set these propertys :
+* maxQueueSize : defaults to 500KB , format [<integer>|<integer>[KB|MB|GB]]
+* dropEventsOnQueueFull : defaults to false , format [ true | false]
 
-*   Example logging configuration files
+And you can use a parallel File appender if you absolutely need disk persistence.
 
-*   Javadocs
+## Data Cloning
 
-If you want to use UDP to send events to Splunk , then Log4j and Logback  already have Syslog Appenders
+If you want "data cloning" functionality, then you can leverage the logging configuration and have (n) different appender
+definitions for your various target Indexers.
+
+## Load Balancing
+
+A wrapper appender for Log4j and Logback is in the works.The design pattern is modelled off the Log4j "AsyncAppender" wrapper.
+So you will be able to define a "LoadBalancedAppender" and specify nested child appenders to Load Balance across.
+This opens up some interesting possibilitys such as load balancing across appenders that use the same or perhaps a 
+mixture of different transports , REST / Raw TCP / Syslog.
+
+## Thread Safety
+
+Log4j and Logback are thread safe.
 
 ## License
 
diff --git a/TODO b/TODO
@@ -1 +1,2 @@
 Build in final release Splunk Java SDK
+Load Balancing appender wrapper for log4j/logback
diff --git a/config/jdklogging.properties b/config/jdklogging.properties
@@ -20,11 +20,15 @@ com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.port=8089
 com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.metaSource=rest
 com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.metaSourcetype=testing
 com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.metaIndex=main
+com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.maxQueueSize=5MB
+com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.dropEventsOnQueueFull=false
 
 # Set the default logging level for new SplunkRawTCPHandler instances
 com.dtdsoftware.splunk.logging.jdk.handler.SplunkRawTCPHandler.level=INFO
 com.dtdsoftware.splunk.logging.jdk.handler.SplunkRawTCPHandler.host=localhost
 com.dtdsoftware.splunk.logging.jdk.handler.SplunkRawTCPHandler.port=5150
+com.dtdsoftware.splunk.logging.jdk.handler.SplunkRawTCPHandler.maxQueueSize=5MB
+com.dtdsoftware.splunk.logging.jdk.handler.SplunkRawTCPHandler.dropEventsOnQueueFull=false
 
 # Set the default logging level for new ConsoleHandler instances
 java.util.logging.ConsoleHandler.level = INFO
diff --git a/config/log4j.properties b/config/log4j.properties
@@ -18,6 +18,8 @@ log4j.appender.splunkrest.delivery=stream
 log4j.appender.splunkrest.metaSource=rest
 log4j.appender.splunkrest.metaSourcetype=testing
 log4j.appender.splunkrest.metaIndex=main
+log4j.appender.splunkrest.maxQueueSize=5MB
+log4j.appender.splunkrest.dropEventsOnQueueFull=false
 log4j.appender.splunkrest.layout=org.apache.log4j.PatternLayout
 log4j.appender.splunkrest.layout.ConversionPattern=%m%n
 # optionally you can enrich the messages with formatting tokens from the logging framework
@@ -28,6 +30,8 @@ log4j.appender.splunkrest.layout.ConversionPattern=%m%n
 log4j.appender.splunkrawtcp=com.dtdsoftware.splunk.logging.log4j.appender.SplunkRawTCPAppender
 log4j.appender.splunkrawtcp.host=localhost
 log4j.appender.splunkrawtcp.port=5150
+log4j.appender.splunkrawtcp.maxQueueSize=5MB
+log4j.appender.splunkrawtcp.dropEventsOnQueueFull=false
 log4j.appender.splunkrawtcp.layout=org.apache.log4j.PatternLayout
 log4j.appender.splunkrawtcp.layout.ConversionPattern=%m%n
 # optionally you can enrich the messages with formatting tokens from the logging framework
diff --git a/config/logback.xml b/config/logback.xml
@@ -12,6 +12,8 @@
     <user>admin</user>
     <metaSourcetype>testing</metaSourcetype>
     <pass>somepass</pass>
+    <maxQueueSize>5MB</maxQueueSize>
+    <dropEventsOnQueueFull>false</dropEventsOnQueueFull>
     <metaSource>rest</metaSource>
     <metaIndex>main</metaIndex>
     <layout class="ch.qos.logback.classic.PatternLayout">
@@ -27,6 +29,8 @@
   <appender name="splunkrawtcp" class="com.dtdsoftware.splunk.logging.logback.appender.SplunkRawTCPAppender">
     <port>5150</port>
     <host>localhost</host>
+    <maxQueueSize>5MB</maxQueueSize>
+    <dropEventsOnQueueFull>false</dropEventsOnQueueFull>
     <layout class="ch.qos.logback.classic.PatternLayout">
       <pattern>%m%n</pattern>
       <!-- optionally you can enrich the messages with formatting tokens from the logging framework
diff --git a/src/com/dtdsoftware/splunk/logging/SplunkRawTCPInput.java b/src/com/dtdsoftware/splunk/logging/SplunkRawTCPInput.java
@@ -13,7 +13,7 @@
  * 
  */
 
-public class SplunkRawTCPInput {
+public class SplunkRawTCPInput extends SplunkInput{
 
 	// connection props
 	private String host = "";
@@ -78,17 +78,28 @@ public void closeStream() {
 	 * @param message
 	 */
 	public void streamEvent(String message) {
-
+		
+		String currentMessage = message;
 		try {
 
 			if (writerOut != null) {
 
-				writerOut.write(message + "\n");
-				writerOut.flush();
+				//send the message
+				writerOut.write(currentMessage + "\n");
 
-			}
+				//flush the queue
+				while(queueContainsEvents()){
+					String messageOffQueue = dequeue();
+					currentMessage = messageOffQueue;
+					writerOut.write(currentMessage + "\n");
+				}
+				writerOut.flush();
+			}			
 
 		} catch (IOException e) {
+			
+			//something went wrong , put message on the queue for retry
+			enqueue(currentMessage);
 			try {
 				closeStream();
 			} catch (Exception e1) {
diff --git a/src/com/dtdsoftware/splunk/logging/SplunkRestInput.java b/src/com/dtdsoftware/splunk/logging/SplunkRestInput.java
@@ -17,7 +17,7 @@
  * 
  */
 
-public class SplunkRestInput {
+public class SplunkRestInput extends SplunkInput {
 
 	// Java SDK objects
 	private Service service;
@@ -148,8 +148,23 @@ public void closeStream() {
 	 */
 	public void sendEvent(String message) {
 
-		if (streamSocket == null)
-			this.receivers.submit(message, args);
+		String currentMessage = message;
+
+		try {
+			if (streamSocket == null) {
+				this.receivers.submit(currentMessage, args);
+
+				// flush the queue
+				while (queueContainsEvents()) {
+					String messageOffQueue = dequeue();
+					currentMessage = messageOffQueue;
+					this.receivers.submit(currentMessage, args);
+				}
+			}
+		} catch (Exception e) {
+			// something went wrong , put message on the queue for retry
+			enqueue(currentMessage);
+		}
 	}
 
 	/**
@@ -159,16 +174,28 @@ public void sendEvent(String message) {
 	 */
 	public void streamEvent(String message) {
 
+		String currentMessage = message;
 		try {
 
 			if (writerOut != null) {
 
-				writerOut.write(message + "\n");
-				writerOut.flush();
+				// send the message
+				writerOut.write(currentMessage + "\n");
 
+				// flush the queue
+				while (queueContainsEvents()) {
+					String messageOffQueue = dequeue();
+					currentMessage = messageOffQueue;
+					writerOut.write(currentMessage + "\n");
+				}
+				writerOut.flush();
 			}
 
 		} catch (IOException e) {
+
+			// something went wrong , put message on the queue for retry
+			enqueue(currentMessage);
+
 			try {
 				closeStream();
 			} catch (Exception e1) {
diff --git a/src/com/dtdsoftware/splunk/logging/jdk/handler/SplunkRawTCPHandler.java b/src/com/dtdsoftware/splunk/logging/jdk/handler/SplunkRawTCPHandler.java
@@ -18,6 +18,10 @@ public class SplunkRawTCPHandler extends Handler {
 	// connection settings
 	private String host = "";
 	private int port = 5150;
+	
+	//queuing settings
+	private String maxQueueSize; 
+	private boolean dropEventsOnQueueFull;
 
 	private SplunkRawTCPInput sri;
 
@@ -31,6 +35,8 @@ public SplunkRawTCPHandler() {
 		try {
 
 			sri = new SplunkRawTCPInput(this.host, this.port);
+			sri.setMaxQueueSize(maxQueueSize);
+			sri.setDropEventsOnQueueFull(dropEventsOnQueueFull);
 		} catch (Exception e) {
 
 		}
@@ -47,6 +53,8 @@ private void configure() {
 
 		setHost(manager.getProperty(cname + ".host"));
 		setPort(Integer.parseInt(manager.getProperty(cname + ".port")));
+		setMaxQueueSize(manager.getProperty(cname + ".maxQueueSize"));
+		setDropEventsOnQueueFull(Boolean.parseBoolean(manager.getProperty(cname + ".dropEventsOnQueueFull")));
 		setLevel(Level.parse(manager.getProperty(cname + ".level")));
 		setFilter(null);
 		setFormatter(new SplunkFormatter());
@@ -116,6 +124,23 @@ public void setPort(int port) {
 		if (port > 0)
 			this.port = port;
 	}
+	
+	public String getMaxQueueSize() {
+		return maxQueueSize;
+	}
+
+	public void setMaxQueueSize(String maxQueueSize) {
+		this.maxQueueSize = maxQueueSize;
+	}
+
+	public boolean isDropEventsOnQueueFull() {
+		return dropEventsOnQueueFull;
+	}
+
+	public void setDropEventsOnQueueFull(boolean dropEventsOnQueueFull) {
+		this.dropEventsOnQueueFull = dropEventsOnQueueFull;
+	}
+
 
 	@Override
 	public void flush() {
diff --git a/src/com/dtdsoftware/splunk/logging/jdk/handler/SplunkRestHandler.java b/src/com/dtdsoftware/splunk/logging/jdk/handler/SplunkRestHandler.java
@@ -33,6 +33,10 @@ public class SplunkRestHandler extends Handler {
 	private String metaHostRegex = "";
 	private String metaHost = "";
 
+	//queuing settings
+	private String maxQueueSize; 
+	private boolean dropEventsOnQueueFull;
+	
 	private SplunkRestInput sri;
 	private RestEventData red = new RestEventData();
 
@@ -48,6 +52,8 @@ public SplunkRestHandler() {
 			sri = new SplunkRestInput(this.user, this.pass, this.host,
 					this.port, this.red, this.delivery.equals(STREAM) ? true
 							: false);
+			sri.setMaxQueueSize(maxQueueSize);
+			sri.setDropEventsOnQueueFull(dropEventsOnQueueFull);
 		} catch (Exception e) {
 
 		}
@@ -65,6 +71,7 @@ private void configure() {
 		setUser(manager.getProperty(cname + ".user"));
 		setPass(manager.getProperty(cname + ".pass"));
 		setHost(manager.getProperty(cname + ".host"));
+		
 		setDelivery(manager.getProperty(cname + ".delivery"));
 		setPort(Integer.parseInt(manager.getProperty(cname + ".port")));
 
@@ -74,6 +81,10 @@ private void configure() {
 		setMetaIndex(manager.getProperty(cname + ".metaIndex"));
 		setMetaSourcetype(manager.getProperty(cname + ".metaSourcetype"));
 
+		setMaxQueueSize(manager.getProperty(cname + ".maxQueueSize"));
+		setDropEventsOnQueueFull(Boolean.parseBoolean(manager.getProperty(cname + ".dropEventsOnQueueFull")));
+		
+		
 		setLevel(Level.parse(manager.getProperty(cname + ".level")));
 		setFilter(null);
 		setFormatter(new SplunkFormatter());
@@ -230,6 +241,22 @@ public void setMetaHost(String metaHost) {
 			red.setHost(metaHost);
 		}
 	}
+	
+	public String getMaxQueueSize() {
+		return maxQueueSize;
+	}
+
+	public void setMaxQueueSize(String maxQueueSize) {
+		this.maxQueueSize = maxQueueSize;
+	}
+
+	public boolean isDropEventsOnQueueFull() {
+		return dropEventsOnQueueFull;
+	}
+
+	public void setDropEventsOnQueueFull(boolean dropEventsOnQueueFull) {
+		this.dropEventsOnQueueFull = dropEventsOnQueueFull;
+	}
 
 	@Override
 	public void flush() {
diff --git a/src/com/dtdsoftware/splunk/logging/log4j/appender/SplunkRawTCPAppender.java b/src/com/dtdsoftware/splunk/logging/log4j/appender/SplunkRawTCPAppender.java
@@ -18,6 +18,10 @@ public class SplunkRawTCPAppender extends AppenderSkeleton {
 	private String host = "";
 	private int port = 5150;
 
+	//queuing settings
+	private String maxQueueSize; 
+	private boolean dropEventsOnQueueFull;
+	
 	private SplunkRawTCPInput sri;
 
 	/**
@@ -46,6 +50,8 @@ protected void append(LoggingEvent event) {
 		try {
 			if (sri == null) {
 				sri = new SplunkRawTCPInput(host, port);
+				sri.setMaxQueueSize(maxQueueSize);
+				sri.setDropEventsOnQueueFull(dropEventsOnQueueFull);
 			}
 		} catch (Exception e) {
 			errorHandler
@@ -99,5 +105,21 @@ public int getPort() {
 	public void setPort(int port) {
 		this.port = port;
 	}
+	public String getMaxQueueSize() {
+		return maxQueueSize;
+	}
+
+	public void setMaxQueueSize(String maxQueueSize) {
+		this.maxQueueSize = maxQueueSize;
+	}
+
+	public boolean isDropEventsOnQueueFull() {
+		return dropEventsOnQueueFull;
+	}
+
+	public void setDropEventsOnQueueFull(boolean dropEventsOnQueueFull) {
+		this.dropEventsOnQueueFull = dropEventsOnQueueFull;
+	}
+
 
 }
diff --git a/src/com/dtdsoftware/splunk/logging/log4j/appender/SplunkRestAppender.java b/src/com/dtdsoftware/splunk/logging/log4j/appender/SplunkRestAppender.java
diff --git a/src/com/dtdsoftware/splunk/logging/logback/appender/SplunkRawTCPAppender.java b/src/com/dtdsoftware/splunk/logging/logback/appender/SplunkRawTCPAppender.java
diff --git a/src/com/dtdsoftware/splunk/logging/logback/appender/SplunkRestAppender.java b/src/com/dtdsoftware/splunk/logging/logback/appender/SplunkRestAppender.java

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`	`1`	`Build in final release Splunk Java SDK`
	`2`	`+Load Balancing appender wrapper for log4j/logback`