Service-Specific Instructions for Streaming App Logs
Page last updated:
This topic provides instructions for configuring some third-party log management services.
Once you have configured a service, refer to the Third-Party Log Management Services topic for instructions on binding your app to the service.
Logit.io
From your Logit.io dashboard:
Identify the Logit ELK stack you want to use.
Click Logstash Configuration.
Note your Logstash Endpoint.
Note your TCP-SSL, TCP, or UDP Port (not the syslog port).
Create the log drain service in Cloud Foundry.
$ cf cups logit-ssl-drain -l syslog-tls://ENDPOINT:PORT
or
$ cf cups logit-drain -l syslog://ENDPOINT:PORT
Bind the service to an app.
$ cf bind-service YOUR-CF-APP-NAME logit-ssl-drain
or
$ cf bind-service YOUR-CF-APP-NAME logit-drain
Restage or push the app using one of the following commands:
$ cf restage YOUR-CF-APP-NAME
$ cf push YOUR-CF-APP-NAME
After a short delay, logs begin to appear in Kibana.
Papertrail
From your Papertrail account:
Click Add System.
Click the Other link.
Select I use Cloud Foundry, enter a name, and click Save.
Record the URL with port that is displayed after creating the system.
Create the log drain service in Cloud Foundry.
$ cf cups my-logs -l syslog-tls://logs.papertrailapp.com:PORT
Bind the service to an app.
$ cf bind-service APPLICATION-NAME my-logs
Restage the app.
$ cf restage APPLICATION-NAME
After a short delay, logs begin to flow automatically.
Once Papertrail starts receiving log entries, the view automatically updates to the logs viewing page.
Splunk
See Streaming App Logs to Splunk for details.
Splunk Storm
From your Splunk Storm account:
Click Add project.
Enter the project details.
Create a new input for Network data.
Manually enter the external IP addresses your Cloud Foundry administrator assigns to outbound traffic.
Note the host and port provided for TCP input.
Create the log drain service in Cloud Foundry using the displayed TCP host and port.
$ cf cups my-logs -l syslog://HOST:PORT
Bind the service to an app
$ cf bind-service APPLICATION-NAME my-logs
Restage the app
$ cf restage APPLICATION-NAME
After a short delay, logs begin to flow automatically.
Wait for some events to appear, then click Data Summary.
Click the loggregator link to view all incoming log entries from Cloud Foundry.
SumoLogic
Note: SumoLogic uses HTTPS for communication. HTTPS is supported in Cloud Foundry v158 and later.
From your SumoLogic account:
Click the Add Collector link.
Choose Hosted Collector and fill in the details.
In the new collector’s row of the collectors view, click the Add Source link.
Select HTTP source and fill in the details. Note that you’ll be provided an HTTPS url
Once the source is created, a URL should be displayed. You can also view the URL by clicking the Show URL link beside the created source.
Create the log drain service in Cloud Foundry using the displayed URL.
$ cf cups my-logs -l HTTPS-SOURCE-URL
Bind the service to an app.
$ cf bind-service APPLICATION-NAME my-logs
Restage the app.
$ cf restage APPLICATION-NAME
After a short delay, logs begin to flow automatically.
In the SumoLogic dashboard, click Manage, then click Status to see a view of log messages received over time.
In the SumoLogic dashboard, click Search. Place the cursor in the search box, then press Enter to submit an empty search query.
Logsene
Note: Logsene uses HTTPS for communication. HTTPS is supported in Cloud Foundry v158 and later.
From your Sematext account:
Click the Create App / Logsene App menu item. Enter a name and click Add Application to create the Logsene App.
Create the log drain service in Cloud Foundry using the displayed URL.
$ cf cups logsene-log-drain -l https://logsene-cf-receiver.sematext.com/YOUR_LOGSENE_TOKEN
Bind the log drain to an app. You could optionally bind multiple apps to one log drain.
$ cf bind-service YOUR-CF-APP-NAME logsene-log-drain
Restage the app.
$ cf restage APPLICATION-NAME
After a short delay, logs begin to flow automatically and appear in the Logsene UI.
Logentries is Not Supported
Cloud Foundry distributes log messages over multiple servers to handle load. Currently, we do not recommend using Logentries as it does not support multiple syslog sources.