I am new to configuring splunk, I have just installed an instance locally. I have an application which uses log4net to output its logs and I am trying to make the complete logs, with all properties, go to splunk over UDP.
I see that splunk supports a a source type log4net_xml, which I would assume corresponds to log4net's XmlLayout. I have therefore created a UDP data source in splunk selecting log4net_xml as the source type.
I have also added an appender to the log4net.config file of my application:
Given that splunk gives an impression of supporting this format, I would expect it to extract fields such as message, Subject and UserName from these strings but this does not happen. The only fields are splunk's built-in ones, plus a couple random ones where splunk found some substrings of the format XYZ=ABC within these logs.
I tried using the log4j source type (faked with with log4net's XmlLayoutSchemaLog4j layout) but this did not work either.
Does what I'm trying to do make sense? Or am I too naive in my approach?