Redirecting Log4j logs to Splunk

riswana — Thu, 17 Sep 2020 17:07:23 GMT

Hi,

I am trying to redirect the logs generated by my java project to splunk. I am using below appenders to redirect the logs and created a HTTP Event token for the same. I am able to receive the simple message sent using curl as in splunk documentation for HEC. But not able to recieve the logs in splunk.

appender.mycomp.type = http
appender.mycomp.name = mycomp
appender.mycomp.url = http://localhost:8088/services/collector
appender.mycomp.token = 9548e361-xxxx-xxxx-xxxx-xxxxxxxxxxx
appender.mycomp.layout.type = PatternLayout
appender.mycomp.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n

Any other configuration required to receive the logs in Splunk 8.x .

Please help

Thanks in advance

Re: Redirecting Log4j logs to Splunk

thambisetty — Sun, 20 Sep 2020 08:47:01 GMT

https://docs.splunk.com/Documentation/Splunk/8.0.6/Data/FormateventsforHTTPEventCollector#Format_events_for_HTTP_Event_Collector

Event format is very important. you need to incorporate your event in event attribute below:

curl -k -H "Authorization: Splunk 12345678-1234-1234-1234-1234567890AB" https://mysplunkserver.example.com:8088/services/collector/event -d '{"sourcetype": "my_sample_data", "event": "http auth ftw!"}'

topic Re: Redirecting Log4j logs to Splunk in Splunk Dev

Redirecting Log4j logs to Splunk

Re: Redirecting Log4j logs to Splunk