You are here:

Log Shipping

Pyramid logs events in the Pyramid database (as configured in Log Settings) and can also be configured to ship those logs to a third-party log management service, such as Splunk. The log management service can be used as simple logging backup or as a full operations tool that allows you to index, search, and analyze logs outside of Pyramid. What is available to you depends on the functionality of your integrated logging service.

The settings in the Log shipping page define details of the target log service and indicate whether to ship system, transaction, or entry logs as needed. Once logs are shipped, you will manage them in your third-party service.

Note: The logs that are collected by Pyramid are also sent to the target log management service. This means that you need to configure both your Log Settings and your Log Shipping details to achieve the desired effect.

Log shipping

Setting up log shipping

Before you begin

Install and configure Splunk before you begin this process. You will need the full URL and the Event collector Token Value from Splunk to be able to configure the connection between Pyramid and Splunk.

Access the log shipping page

From the Admin console:

In the left-hand menu, click Logs > Log Settings.

The Log Settings page opens. Always check that you are logging those events that you want to ship to the target log management service on this page!

Click the Log Shipping tab at the top of the page.

The Log Shipping page opens (see preceding image). You will set up the details of the target log management service and configure which logs should be sent to that service on this page.

Set log shipping settings

Log levels and settings

Log shipping enabled: Select this checkbox to enable log shipping.
Ship system logs: Send system logs to the log service. These are the system-level messages that are already being logged.
Ship transaction logs: Send transaction logs to the log service. Transaction logging tracks query events associated with every report run on the platform.
Ship entry logs: Send entry logs to the log service. Entry logging tracks user entry into the application, failed login attempts, and, where the formal logout functions are used in the client, log outs.

Note: The files that are sent to the log management service are the same ones that are logged according to your Log Settings. This means two things: 1) You need to collect system, transaction, and entry logs for them to be sent to the log service. 2) You change the log level of your logged events by changing the log level in your Log Settings.

Log service details

Log service: Splunk.
Splunk address: The full secure URL for your Splunk service. Must include the https:// schema prefix, the 8088 port, and the server path. Note: You can click Append server path to append the typical Splunk server path to your URL.
Splunk HTTP Event collector token: Paste in this token to enable communication with Splunk.
Channel ID: Specify a custom channel ID or click Regenerate to generate one automatically.
Validate SSL on connection: When communicating with the log management service, if the SSL isn't valid, Pyramid won't be able to connect or to run a test.

Test and Save

Click Test at the top-right of the page to check that your connection details are correct. Note: Clicking Test writes some test logs.
Once your test is successful, click Apply to save your settings. If the Log shipping enabled checkbox is selected, the logs will be shipped to the target logging service on being written to the Pyramid database.

Note: If there is a failure to connect to the log management service for any reason, an error will be reported.

Feedback

Couldn't find what I was looking for

Help was confusing, unclear or incomplete

Instructions didn't work