Documentation forLoggly

Ways of Sending Data

Navigation Notice: When the APM Integrated Experience is enabled, Loggly shares a common navigation and enhanced feature set with other integrated experience products. How you navigate Loggly and access its features may vary from these instructions.

Any sort of log data can be sent to Loggly as long as it is text-based. Unstructured or structured logs from any application or device can be forwarded. The installation of proprietary agents is not required to send logs to Loggly. Configuration of the existing infrastructure is required.

There are multiple methods for sending logs. These methods are described in detail in the documentation below. Data can be sent over either Syslog (TCP, UDP, TLS) or HTTP/S. With any of the syslog methods, a customer token must be stored within the syslog header, and it must follow the Solarwinds pre-defined template. With HTTP, the customer token must be part of the endpoint URL.

Log forwarding configuration examples are provided below. You can also create your own configuration using the information below as a guide.

Sample Demo Data

The Sample Demo Data feature simplifies on-boarding. Trial users can choose to get started by using demo data prior to the addition of actual user log data.

If you are using Loggly with the APM Integrated Experience enabled, Sample Demo Data will not appear in the APM Integrated Experience dashboards' summary charts.

All new trial users will be presented with options to either configure their own log data source(s) or use Sample Demo Data.

  • Add Your Own Data. Click Add a Log Source to go to the standard Loggly Source Setup page and set up a log data source(s).

  • Explore Demo Data. Click Populate Demo data to go to a Search page with sample data pre-populated and ready to use. Demo data is identifiable by the tag DemoEvent.

Throughout a trial, you can choose whether you continue to use demo data or connect your own log data sources. If you decide to stop using Demo Data, the data will be disabled and deleted. To delete demo data, go to Source Setup and select the Demo data widget. Then select Disable and delete Demo Data.

SolarWinds Logs & Metrics Agent (Linux)

The SolarWinds Logs & Metrics Agent (also known as the SolarWinds Snap Agent) is based on Intel’s Snap Telemetry Framework, an open framework designed to simplify the collection, processing, and publishing of system data through a single API. Host monitoring involves capturing data for an individual machine such as CPU, memory, and disk. Installing the SolarWinds Logs & Metrics Agent allows you to easily set up a host (1) to monitor logs in SolarWinds Loggly, and (2) to track basic host metrics in SolarWinds AppOptics. The agent gives you the ability to leverage one of many plug-ins to collect specific metrics.

Local Syslog Agent

The most common way to forward system and application logs to Loggly is by using a local syslog agent. Linux systems have an agent pre-installed. An agent can be installed on a Windows system. After a simple configuration change, logs will stream directly to Loggly from each system. Many applications and other services can be configured to write directly to a local syslog agent, which then forwards to Loggly. Some applications can’t write directly to a syslog agent. Instead, you can write to a log file that is watched by your syslog agent. When there is a change to the log file(s), for example when an event is added, the change is forwarded to Loggly.

Centralized Syslog Agent

You can also choose to centralize the log data before streaming it to Loggly. This option is great for infrastructures that prefer to have limited outbound connections.  Follow the configuration steps for Local Syslog Agent to set up a centralized syslog agent.

Hardware Devices

Routers, firewalls, and other devices have log data, but they also have limited capabilities on where they can send the data. To address a device's limited capabilities, you can point the device to a centralized syslog agent within your own infrastructure. The centralized syslog agent must be capable of forwarding events to Loggly. The options for configuring a centralized syslog agent are below.

  • Direct With No Agent

    For users who would prefer not to use syslog to send log events, it is possible to configure applications to write log events directly to Loggly over HTTP/S using the Loggly RESTful API. Some dev languages also have logging libraries that can log directly.

  • Client-Side Logging

    It is possible to log events directly from an end-user’s browser or device. The Loggly RESTful API can be used to send events over POST or GET. It also allows batched events. Tracking pixels are commonly used by web analytics services to track site/application activity. By inserting a 1×1 pixel (.gif) on a web page, HTTP logs can be sent directly to Loggly. Any additional query string parameters can be included, which become the log event.


  翻译: