https://community.splunk.com/t5/Splunk-Search/Character-Encoding-in-log4j/m-p/110614#M183584 <P>Firstly ,org.apache.log4j.net.SocketAppender sends <STRONG>serialized</STRONG> LoggingEvent objects over the wire ie: binary data. You need to send textual data to Splunk. So this is not going to work.</P> <P>Secondly , I would suggest looking at the Splunk log4j appenders on github : </P> <P><A href="https://github.com/splunk/splunk-library-javalogging">https://github.com/splunk/splunk-library-javalogging</A></P> <P>With these appenders you can setup your log4j logging configuration to send your log events to Splunk over raw TCP or via HTTP REST.</P> Wed, 23 Oct 2013 05:05:14 GMT Damien_Dallimor 2013-10-23T05:05:14Z https://community.splunk.com/t5/Splunk-Search/Character-Encoding-in-log4j/m-p/110613#M183583 <P>Setting up Splunk I'm getting rsyslog messages showing up fine but when I point a little test log4j app at it I start getting \xabc\x00 type lines showing up. I've tried the usual suspects with varying results. UTF-8 gets the ASCII characters right but still has lots of \xabc\xedf interspersed. UTF-16 is all an asian character set with a couple \x00 (specifially \x00 and no others). LATIN1 gets ascii right but again lots of \xabc\xedf.</P> <P>edit: says I don't have enough karma to post external links or upload a picture so the image is at<BR /> imgur.com/uZaTifZ</P> <P>Some engineers threw together a quick java program to give me the ability to test log4j.properties and configuring splunk. Below is log4j.properties and the code to make the same program (its setup using gradle).</P> <P>log4j.properties</P> <PRE><CODE> 1 log4j.rootLogger=DEBUG, server, FILE 2 log4j.appender.server=org.apache.log4j.net.SocketAppender 3 log4j.appender.server.Port=4712 4 log4j.appender.server.RemoteHost=stg-logs01.sjc01.baynote.net 5 log4j.appender.server.ReconnectionDelay=10000 6 log4j.appender.server.layout = org.apache.log4j.PatternLayout 7 log4j.appender.server.layout.conversionPattern = %m%n 8 log = /tmp/ 9 log4j.appender.FILE = org.apache.log4j.FileAppender 10 log4j.appender.FILE.File = ${log}/log.out 11 log4j.appender.FILE.layout = org.apache.log4j.PatternLayout 12 log4j.appender.FILE.layout.conversionPattern = %m%n </CODE></PRE> <P>edit2: I've also tried adding log4j.appender.server.encoding = UTF-8 to the properties file and still getting \xaB\xCD</P> <P>and the code</P> <PRE><CODE> 1 package com; 2 3 import org.apache.log4j.Logger; 4 5 public class Log4JTester { 6 static Logger logger = Logger.getLogger(Log4JTester.class); 7 8 public static void main(String[] args) { 9 logger.info("...HI...."); 10 } 11 } </CODE></PRE> Tue, 22 Oct 2013 23:43:04 GMT https://community.splunk.com/t5/Splunk-Search/Character-Encoding-in-log4j/m-p/110613#M183583 tscanlon 2013-10-22T23:43:04Z https://community.splunk.com/t5/Splunk-Search/Character-Encoding-in-log4j/m-p/110614#M183584 <P>Firstly ,org.apache.log4j.net.SocketAppender sends <STRONG>serialized</STRONG> LoggingEvent objects over the wire ie: binary data. You need to send textual data to Splunk. So this is not going to work.</P> <P>Secondly , I would suggest looking at the Splunk log4j appenders on github : </P> <P><A href="https://github.com/splunk/splunk-library-javalogging">https://github.com/splunk/splunk-library-javalogging</A></P> <P>With these appenders you can setup your log4j logging configuration to send your log events to Splunk over raw TCP or via HTTP REST.</P> Wed, 23 Oct 2013 05:05:14 GMT https://community.splunk.com/t5/Splunk-Search/Character-Encoding-in-log4j/m-p/110614#M183584 Damien_Dallimor 2013-10-23T05:05:14Z https://community.splunk.com/t5/Splunk-Search/Character-Encoding-in-log4j/m-p/110615#M183585 <P>Thanks looks like I'm going to have to rework the setup.</P> Wed, 23 Oct 2013 23:33:11 GMT https://community.splunk.com/t5/Splunk-Search/Character-Encoding-in-log4j/m-p/110615#M183585 tscanlon 2013-10-23T23:33:11Z