This is a Splunk modular input add-on (Splunk 5.0+) for polling message queues or topics via the Streaming Text Oriented Messaging Protocol (STOMP) implementing the Splunk Modular Inputs Framework.
STOMP is a simple text-based protocol, designed for working with Message Oriented Middleware. It provides an interoperable wire format that allows STOMP clients to talk with any Message Broker supporting the protocol.
STOMP is currently supported by many popular MOM products such as Apache ActiveMQ or RabbitMQ.
Simply download the add-on from splunkbase (or copy stomp folder to $SPLUNK_HOME/etc/apps/), follow the intructions, and restart Splunk.
As any other modular input, you can configure it via Manager > DataInputs in your Splunk installation.
Some useful recipes while developing. See Developer tools for modular inputs for further information.
-
Preview the output of the script:
$ export SPLUNK_HOME=/opt/splunk $ sudo $SPLUNK_HOME/bin/splunk cmd splunkd print-modinput-config stomp stomp://localhost:61613/queue/whatever | sudo $SPLUNK_HOME/bin/splunk cmd python $SPLUNK_HOME/etc/apps/stomp/bin/stomp.py -
Check script status in
https://localhost:8089/services/admin/inputstatus. -
Any log entries/errors will be written to
$SPLUNK_HOME/var/log/splunk/splunkd.log -
Packaging intructions (check out documentation for extra information):
$ find stomp -type f -name "*pyc" -exec rm -f {} \; $ export COPYFILE_DISABLE=true $ tar cvfz stomp.tar.gz stomp/ $ mv stomp.tar.gz stomp.spl
-
Header indexing option.
-
Strip newline characters from message body option.