5

I need to send my log4j logs to Splunk. I found several solutions:

  1. To use REST API (e.g. curl -k -u admin:changeme -d "name=/tmp/myfile.log" -d "sourcetype=syslog" https://localhost:8089/servicesNS/admin/search/data/inputs/monitor)
  2. Install Splunk Universal Forwarder

  3. Use log4j appender such as:

    Syslog appender

    log4j.appender.splunk=org.apache.log4j.net.SyslogAppender log4j.appender.splunk.SyslogHost=localhost:8089 log4j.appender.splunk.layout=org.apache.log4j.PatternLayout log4j.appender.splunk.facility=LOCAL2 log4j.appender.splunk.layout.ConversionPattern=[%p] %t: %m%n

but it seems to me that 3rd solution wouldn't work if splunk server and log are located on separate machines.

2nd solution requires to install additional software

Can anyone propose any other solution?

PS I tried to use opensource java libs. But it didn't give a result.

Rich
  • 15,602
  • 15
  • 79
  • 126
Constantine Gladky
  • 1,245
  • 6
  • 27
  • 45

1 Answers1

5

Check out this great project from one of our community developers @damiendallimore - https://github.com/damiendallimore/SplunkJavaLogging

It provides a number of options for logging directly to Splunk.

It also uses the Splunk Java SDK: http://dev.splunk.com/view/java-sdk/SP-CAAAECN

Paul Sanford
  • 228
  • 1
  • 4