--- title: How to Splunk with Heroku teaser: tags: web,rails,heroku author: Dan Croak published_on: 2013-02-23 --- [Splunk](http://www.splunk.com) is company that offers logging services. They went public last year, have a market cap of over $3 billion, and are headquartered in San Francisco's SoMa neighborhood. I've tried Loggly and Papertrail. In my opinion, Splunk is the best of the bunch due to its: * Real-time or very-near-real-time data discovery. * Wildcard search. * Timespan dragging. Loggly and Papertrail offer Heroku add-ons but Splunk doesn't. So, setup is a bit more complex with Splunk. Here's how to do it. Go to [Splunk Storm](https://www.splunkstorm.com). Create an account. Once signed in, create a project: ![Create project](http://media.tumblr.com/3396d0c8db0e47ed3bcc3ef19a8932aa/tumblr_inline_milqhb6IF51qz4rgp.png) You can start with a free plan: ![Choose plan](http://media.tumblr.com/841b1063fcb4d69e6b3ac09a7865ad07/tumblr_inline_milqjotLkb1qz4rgp.png) Click "Network data": ![Splunk dashboard](http://media.tumblr.com/af26f766f5af8e64bbe67fd61c946a1e/tumblr_inline_milqluKukC1qz4rgp.png) Click "Authorize your IP address": ![Network data](http://media.tumblr.com/a77a3f305b935665b457f61e8cebc73d/tumblr_inline_milqn05Qyx1qz4rgp.png) Click "Automatically": ![IP address authorization](http://media.tumblr.com/d46ef23fc0fc0a43ded16b496bd90234/tumblr_inline_milqq77CA01qz4rgp.png) You now have 15 minutes to send Splunk data. Copy the URL in the text box: ![Automatic authorization](http://media.tumblr.com/e04b294b7569db54ececf798f2851613/tumblr_inline_milqs3qdpR1qz4rgp.png) Then, add a [Heroku syslog drain](https://devcenter.heroku.com/articles/logging#syslog-drains): heroku drains:add logs4.splunkstorm.com:YOURSPLUNKPORT Perform a few activities on your app to send data to the drain. Then, click "Explore data": ![Dashboard](http://media.tumblr.com/738283ac2a853a3db699519b9e0398f2/tumblr_inline_miluvkQShr1qz4rgp.png) Perform a search, maybe using wildcards: ![Search](http://media.tumblr.com/7e67ef0d38a32ebcb73877d3713b934a/tumblr_inline_milv4fiHU91qz4rgp.png) Filter by dragging a timespan: ![Timespan dragging](http://media.tumblr.com/e1cfc779dfb0d745aca6ceccae4b3ffc/tumblr_inline_milvcfrF2F1qz4rgp.png) Watch how quickly the data loads. On Rails apps, the default production log level includes enough data to be useful in Splunk. Change it to `DEBUG` only when debugging: heroku config:add LOG_LEVEL=DEBUG At the `DEBUG` level, Rails will print SQL queries to the logs, which can be useful but may also contain sensitive data as [`config.filter_parameters`](http://guides.rubyonrails.org/configuring.html#configuring-rails-components) does not apply to SQL queries.