Skip to content

Splunk Application and Data Onboarding

With our Minecraft Server deployed into Docker, or a Server, setup with the SplunkBukkit plugins we will now we getting a events.log file out with JSON based messages for easy ingest into Splunk. 

{"time":"2020-9-25 19:11:07 ","event":{"mob":"Phantom","action":"deal damage","message":"well... PlayerOne had enough of that","health":"7.016000747680664","damage_taken":"2.423999786376953","target":"FaithyMcD","weapon":"null","type":"damage","location":{"biome":"STONE_S
HORE","x":"-134.97914559838472","y":"70.0","z":"356.8258508968549"}}}
{"time":"2020-9-25 19:11:07 ","event":{"player":"PlayerOne","action":"take damage","message":"took a blow from Phantom but is still standing","health":"7.016000747680664","damage_taken":"2.423999786376953","cause":"Phantom","type":"damage","location":{"biome":"STONE_SHORE
","x":"-134.97914559838472","y":"70.0","z":"356.8258508968549"}}}
{"time":"2020-9-25 19:11:32 ","event":{"player":"PlayerOne","action":"unknown","level":"3","experience":"0.92307705","gamemode":"SURVIVAL","hunger":"13","health":"4.592000961303711","weather":"null","equiptment":{"main_hand":"STONE_AXE","off_hand":"AIR","helmet":"none","c
hest":"none","leggings":"DIAMOND_LEGGINGS","boots":"none"},"type":"status","location":{"biome":"STONE_SHORE","x":"-133.8382096321811","y":"69.0","z":"356.7367333350036"}}}
{"time":"2020-9-25 19:11:32 ","event":{"player":"PlayerThree","action":"unknown","level":"0","experience":"0.71428573","gamemode":"SURVIVAL","hunger":"20","health":"20.0","weather":"null","equiptment":{"main_hand":"WOOD","off_hand":"COAL","helmet":"none","chest":"DIAMOND
_CHESTPLATE","leggings":"none","boots":"none"},"type":"status","location":{"biome":"MOUNTAINS","x":"-137.78720402791043","y":"68.0","z":"339.69999998807907"}}}
{"time":"2020-9-25 19:11:32 ","event":{"player":"Guitaraholic","action":"unknown","level":"6","experience":"0.36842123","gamemode":"SURVIVAL","hunger":"16","health":"11.31534194946289","weather":"null","equiptment":{"main_hand":"STONE_SWORD","off_hand":"TORCH","helmet":"D
IAMOND_HELMET","chest":"none","leggings":"none","boots":"DIAMOND_BOOTS"},"type":"status","location":{"biome":"STONE_SHORE","x":"-137.24046018796153","y":"69.0","z":"357.7457953917562"}}}
{"time":"2020-9-25 19:11:32 ","event":{"player":"PlayerOne","action":"unknown","level":"3","experience":"0.92307705","gamemode":"SURVIVAL","hunger":"13","health":"4.592000961303711","weather":"null","equiptment":{"main_hand":"STONE_AXE","off_hand":"AIR","helmet":"none","c
hest":"none","leggings":"DIAMOND_LEGGINGS","boots":"none"},"type":"status","location":{"biome":"STONE_SHORE","x":"-135.65082541716805","y":"69.0","z":"354.8847251217087"}}}

Splunk Inputs

The log file can easily be ingested into Splunk through a universal forwarder ( deployed on the host or in another Docker container ) to collect the log file with a simple stanza 

[monitor:///minecraft-java/logs/events.log]
disabled = 0
index = minecraft
sourcetype = minecraft:events
host = minecraft:java

Splunk App Download

While the code is still being developed in its pre-v1.0 stage; you can download the Splunk add-on right here on our github from this repo here

A full E2E guide and Blog post is to be released shortly after Conf20 to provide a 'Quick Start' getting ready setup for this as well as some other handy pieces around minecraft server setup and similar