I’m searching for a way to send Orchestrator Cloud logs to Splunk, so I can create events and dashboards on my splunk environment to check how my RPA deployment is behaving.
I din’t find any an official integration between those two plataforms, no splunk app or uipath cloud App.
I know that one way would be developing a script that could consume orchestror API, save that somewhere and then use the Splunk Forwarder to send that data to splunk. But that would demand a development time and I am trying to avoid that.
So, after some research, I found about splunk http event forwarder and Orchestrator webhooks, someoner know if its possible to use both to create the integration that I want?
Woah @Srini84, blast from the past - those are some old topics! (2018/2019) and primarily only cover Splunk Universal Forwarder, NLog, .NET Applications as a means to get the logs into Splunk for an on-prem / private installation.
For those interested the next post down in the topic linked above from @loginerror covers some of the details that you would want to look if using NLog or Splunk UF.
If you look the available Webhooks, Logs are not one of the available events. So for cloud you’ll be looking at the Orchestrator API or build the sending of the logs into your Processes.
Regarding Orchestrator Cloud, specifically Webhooks in Orchestrator, truth be told, I find them a bit annoying. Each Event type has a slightly different payload structure which you can see some examples in the Types of Events Document, but you essentially create a hook for the type of event you want to send at the tenant level; however, there is no further filtering if you were only interested in a specific Process, Folder, etc.
Send All Events
Send Individual Events (Jobs, Queue Items, etc.)
Can further specify the sub-type of event (Job.Faulted, Job.completed, quque.created, etc.)
When using the Splunk HEC, it is expecting the payload to be in a specific format as described in Format events for HTTP Event Collector. So with that in mind you would need to subscribe your webhooks to a middle layer that can transform the Orchestrator payload to the structure expected by Splunk HEC.
Once you have that it would be gravy.
I’ve played around with the webhooks and sent them through Microsoft’s Power Automate previously known as Microsoft Flow to capture the event from Orchestrator and send a card to a Teams Channel. A single flow was easy enough to configure, but annoying trying to work with multiple event types.
Outside of Webhooks, I’ve used NLog to write the logs to a flat file in a JSON format which was picked up by AWS CloudWatch. I then used AWS Firehose to manage sending the log events to Splunk HEC and used a Lambda to perform the transformation and Firehose would stream it on over the the HEC. A bit of an overview in the link above.
The concept would be pretty similar when using Webhooks, you just need that middle layer to do the transformation. It would be great if there was more seamless integrations for the webhooks with other Services such as Splunk, perhaps that will come with Integration Service eventually.
The last thing I’ll mention is that Webhooks do not have Log Events available, so that is off the table for the time being and would need to create something that would specifically send logs events in batches from an Orchestrator Job (or even create an activity that extends the Message Activity which would send it to your destination), or something that would periodically fetch the Logs via API.