Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Do we read log data from inmemory?

Yamini
New Member
‎03-13-2016 09:51 PM

I would like to write log data to java inmemory using Memory Handlers in Java Application. Can we read these log data from java application?

Thanks,
Mini

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎03-14-2016 05:46 PM

So generally the answer here is a resounding "no you cannot." Remember that on almost all modern operating systems, the kernel enforces a process boundary wall. It is not trivial for process 1 to reach over, under, or around that wall to read the memory of your Java process.

Yes, there is the concept of SYSV shared memory or memory mapped files - but these generally require lots of coordination and agreement between processes so that locks are taken when the shared memory is being updated and so that the layout of the shared memory is understood and makes sense to both processes. The layout of the Java heap and in-memory objects is not entirely clear to non-Java processes and different JVMs format both heaps and objects differently!

It is just too much to ask Splunk to be able to yoink log events out of the address space of another process. Write them to a file, or a socket, or use the HTTP event collector and a log4j output .. just not memory, please.

(It is also entirely possible I have misunderstood your question)

View solution in original post

Reply
Solved! Jump to solution

Yamini
New Member
‎03-14-2016 09:41 PM

Thank you for reply.

I have heard that we have splunkjavalogging library. which may solve my problem.

Why I am going for memory is, for some conerns I could not write logs to file.

Using SplunkLogging we can directly write logs to Splunk sever.

Thanks & Regards,
Yamini

0 Karma
Reply
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎03-14-2016 05:46 PM

So generally the answer here is a resounding "no you cannot." Remember that on almost all modern operating systems, the kernel enforces a process boundary wall. It is not trivial for process 1 to reach over, under, or around that wall to read the memory of your Java process.

Yes, there is the concept of SYSV shared memory or memory mapped files - but these generally require lots of coordination and agreement between processes so that locks are taken when the shared memory is being updated and so that the layout of the shared memory is understood and makes sense to both processes. The layout of the Java heap and in-memory objects is not entirely clear to non-Java processes and different JVMs format both heaps and objects differently!

It is just too much to ask Splunk to be able to yoink log events out of the address space of another process. Write them to a file, or a socket, or use the HTTP event collector and a log4j output .. just not memory, please.

(It is also entirely possible I have misunderstood your question)

Reply
Solved! Jump to solution

Rob
Splunk Employee
Splunk Employee
‎03-14-2016 04:43 PM

How do you normally access the log data in-memory? Do you pipe it STDOUT? or is there a file that is eventually generated? Also, what do you do when the application/host unexpectedly fails to keep the log files for troubleshooting?

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...