Splunk Dev

How to best send our Java app's logs to Splunk?

janicki
New Member

Our Java app, developed in-house, has easily-parsed logs. I'd like to get them into Splunk real-time, and in an elegant way. (Nicer than Splunk tailing log files?) I can edit our Java app to do whatever is best for this purpose. What do you suggest?

DISCLAIMER: I am not familiar with Splunk, so I don't know how its pieces fit together!! Forwarder? App? REST? Java API? Java Bridge? What?! (However, I have seen Splunk's nice recommendations for log formatting.)

If someone could please summarize an approach, I'll research the details. I'd really appreciate your advice so I don't have to study the entire Splunk universe to make this development direction choice. Thanks!!!

0 Karma

janicki
New Member

FYI, (for others who find this question) I found this nice short video that shows a Java example of pushing events: http://www.splunk.com/view/SP-CAAAHHJ

0 Karma

ddrillic
Ultra Champion

The following speaks to that - Logging best practices

It shows the options -

alt text

0 Karma

janicki
New Member

Thanks! Although those seem to be methods for Splunk to PULL logs from an app... I was trying to PUSH. Our app creates lots of events that's aren't kept in memory very long, so PULL could be a problem.

0 Karma

ddrillic
Ultra Champion

Got it. In order to push data in you can look at REST API to push data into Splunk

alt text

The latest reference is Input endpoint descriptions

0 Karma

somesoni2
SplunkTrust
SplunkTrust
0 Karma

janicki
New Member

Thanks, that's great!

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...