A new approach to web development.

Splunk is a great log management tool that can be a valuable resource for your magento deployment. You can send any type of content splunk and use it for historical analysis of sales data, catalog updates, systems interactions, api logging, etc. There are two ways to configure this interaction with splunk: #1) Have your splunk server listen on a port number that receives data. #2) Have splunk forwarders on every server that then relay the data. There's pro's and con's to each solution, however I think the easiest and most reliable is the first method. First we need to setup splunk to receive data over a port, navigate to the "Manager" section and find "Data inputs"

Add a new TCP input and write down the port # you select.

Next we setup a log helper that will deliver the data to splunk (you could overwrite any of the existing functions like Mage::log(), however this method is a bit more selective what is sent over).

class YourModule_Log_Helper_Remote extends Mage_Core_Helper_Data {
 private $host = ''; // Enter your IP address of the splunk server.
 private $port = ''; // Enter your port number here
 private $resource;
 public function send ($data) {
   try {
     $this->resource = fsockopen($this->host, $this->port, $errno, $errstr, 10);
     fwrite($this->resource, $data);
   } catch (Exception $e) {
     Mage::log("Could not write to remote logging agent: $data\n");


To invoke the service just execute:
Mage::helper('log/remote')->sent("This text will be sent to splunk");

It's best to format your log lines in a splunk friendly way. It will automatically index any data that has a key=value format like:
"sku=123456 has been deactivated"
"order_id=4956 has been sent to fulfillment"
"customer_id=444938 imported from Ebay API"

Good luck!