https://community.splunk.com/t5/Getting-Data-In/Reading-log4j-from-syslog-files/m-p/85488#M17771 <P>I strayed away from using the syslogappender and just installed universal forwarders where ever the log4j data was that I wanted to get at, just made things a bit cleaner. Whats your hesitation? why the need to read from syslog?</P> Wed, 27 Jun 2012 21:35:22 GMT joshd 2012-06-27T21:35:22Z https://community.splunk.com/t5/Getting-Data-In/Reading-log4j-from-syslog-files/m-p/85487#M17770 <P>Hi all,</P> <P>testing out Splunk, and wondering is there some kind of out-of-the-box solution to correctly process syslog files that were created from log4j SyslogAppender?</P> <P>I've tried to follow the guide <A href="http://wiki.splunk.com/Community:StripSyslog">http://wiki.splunk.com/Community:StripSyslog</A>, but unfortunetally it does not work.</P> <P>I'm using log pattern specified in <A href="http://wiki.apache.org/logging-log4j/syslog">http://wiki.apache.org/logging-log4j/syslog</A> :<BR /><BR /> %t %5r %-5p %-21d{yyyyMMdd HH:mm:ss,SSS} %c{2} [%x] %m %n</P> <P>Should i use another pattern?</P> <P>Note: i do not want to log directly from log4j to splunk, i want splunk to read from syslog.<BR /> Are there any working solutions?</P> Wed, 27 Jun 2012 21:30:27 GMT https://community.splunk.com/t5/Getting-Data-In/Reading-log4j-from-syslog-files/m-p/85487#M17770 gerasalus 2012-06-27T21:30:27Z https://community.splunk.com/t5/Getting-Data-In/Reading-log4j-from-syslog-files/m-p/85488#M17771 <P>I strayed away from using the syslogappender and just installed universal forwarders where ever the log4j data was that I wanted to get at, just made things a bit cleaner. Whats your hesitation? why the need to read from syslog?</P> Wed, 27 Jun 2012 21:35:22 GMT https://community.splunk.com/t5/Getting-Data-In/Reading-log4j-from-syslog-files/m-p/85488#M17771 joshd 2012-06-27T21:35:22Z