Hi @shweta_B,
Thanks for making a new post!
There are a few options on how to forward your Orchestrator logs over to Splunk. It would help to have an idea of what your infrastructure looks like or what your desired state is along with what you’ve attempted so far or anything specifics you are having troubles and can provide.
-
As pointed out in the posted linkes by @loginerror you can, of course, use the Splunk Universal Forwarder as a simple solution.
Those posts don’t go into any meaningful details, but you could configure the Splunk agent to monitor the Robot and Orchestrator, both for the File system logs and Windows Event logs.
-
NLog - UiPath relies on NLog for Robots and Orchestrator and configured in Web.config in the webroot. This is a good place to centrally configure your logs to go where you want and in the format that you want. NLog is responsible for routing your logging events to where they need to go, whether that’s the SQL Database, Windows Event Logs, Elastic Search, File System, Splunk or many other NLog Targets. More details can be found in the Logging Configuration documentation.
2018.3.1 (Version we are currently running) the default logging looks like
<rules> <logger name="BusinessException.*" minlevel="Info" writeTo="businessExceptionEventLog" final="true" /> <logger name="Robot.*" final="true" writeTo="database" /> <logger name="Quartz.*" minlevel="Info" writeTo="eventLogQuartz" final="true" /> <logger name="*" minlevel="Info" writeTo="eventLog" /> </rules>Where BusinessException, Quartz, and * are directed to Event Viewer.
As you originally asked on another thread related to AWS, I’ll mention a few things specific to that as well
- AWS Services - CloudWatch, Kinesis Data Firehose, Lambda. Configuring these services, you can have CloudWatch collect your logs similar to the Splunk Universal Forwarder, use Firehose to direct the logs through a Lambda and worry about forwarding the data over to Splunk including retries and all that jazz. The Lambda would be responsible for massaging your data into the format that you want before it’s sent over to Splunk.
At a broad level, those are the different avenues that I’ve investigated. Depending on your need, familiarity, network restrictions, company policies, etc. You may need to pick one or a combination thereof.
For example
-
If you wanted to direct the logs from Orchestrator as a central location, but not worry about configuration additional agents there are Splunk Heavy Event Collector (HEC) Target Plugins such as NLog.Targets.Splunk and a few others out there. (Note that I have not used this NLog plugin before, but its development does appear to be active)
-
For our setup, we use a combination of #2 and #3 for a few reasons, but mainly for common configuration with other systems in our company.
We send out logs Robot > Orchestrator, NLog is configured to direct to SQL and a file (JSON format), CloudWatch monitors the logs (File, and Event Viewer), which in turn is subscribed to Firehose. Firehose sends the logs over to a Lambda (Node.js) which transforms the events into a format accepted by a Splunk HEC, sends it back to Firehose which then sends it over to Splunk.
As mentioned above there are different NLog plugin for Splunk that would simplify this, but I haven’t tested them and by using Firehose for us, if we ever decide to move away from Splunk, it would be a simple adjustment at one point in the chain to make for various systems in our network.
+-------+ +------------+ | Robot +--->+Orchestrator| +-------+ +------------+ +------+ +----------+ |NLog+->+ FILE <------->CloudWatch| +-+--+ +------+ +-----+----+ | | | | | +----v---+ +------+ v |Firehose+---------->Splunk| +----------+ +----^---+ | HEC | |SQL Server| | +------+ | RDS | | +----------+ +---v--+ |Lambda| +------+
Hopefully, these ideas will get you started.
Cheers,
Tim
Anil_G
ashokkarale
Ajay_Mishra
Gautham_Pattabiraman
BHUSHAN_NAGAONKAR1
vrdabberu
ABHIMANYU_THITE1
lrtetala
samantha_shah
shyamala_shyamu