Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Logging with Splunk

Emre
Loves-to-Learn Lots
‎06-17-2025 12:06 AM

Hi everyone,
I am a Mendix developer and i would like to implementSplunkCloud for monitoring.
I already have the HEC token port and hostname in my Mendix cloud environment.
I would like to send error logs to SplunkCloud from Mx. 
Based on my research JSON format is a common practice.
Is there any way where i can send my data to Splunk as a JSON format? Idk how that works for Splunk.
Any suggestions?

Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎06-17-2025 12:44 AM

Hi @Emre 

Yes, you can send JSON via HEC into Splunk Enterprise / Splunk Cloud. Check out https://docs.splunk.com/Documentation/Splunk/9.4.2/Data/HECExamples which has some good examples on how you can do this, but at a basic level you have two options, you can send raw JSON to https://mysplunkserver.example.com:8088/services/collector/raw or you can send structured events to https://mysplunkserver.example.com:8088/services/collector/event

A structured even for the /event endpoint would look something like this:

{
    "time": 1426279439, // epoch time
    "host": "localhost",
    "source": "random-data-generator",
    "sourcetype": "my_sample_data",
    "index": "main",
    "event":  "Hello world!" // or {"yourKey":"yourVal"} for example
}

Check out https://docs.splunk.com/Documentation/Splunk/9.4.2/Data/FormateventsforHTTPEventCollector for more info on field you can send to events to HEC.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

Emre
Loves-to-Learn Lots
‎06-17-2025 07:02 AM

Sample 1: I sent the logs from Mendix to Splunk, but all the messages are saved within message. 
{
levelERROR
envtest
Message: {"Module": SplunkTest""Microflow": ACT_Splunk_Create_Test""latesterror_message": "401: Access Denied at SplunkTest.ACT_Omnext_Create_TEST (CallRest : 'Call REST (POST)') Advanced stacktrace:"http_status": "401"http_response_content": "{ "statusCode": 401, "message": "Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription." }"http_reasonphrase": "Access Denied"session_id": "13314141414141212}

but i would like to extract some data from the message as below
{
levelERROR
envtest
Module: SplunkTest
Microflow:  ACT_Splunk_Create_Test
http_reasonphrase: Access Denied
session_id: 13314141414141212
}
My question is, can this message adjustable like my wish from Splunk. or Do i need to find a way to send data from Mendix in a structured way.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-17-2025 07:18 AM
When you send valid json object you can query any data what it contains. You could utilize those keys or use just any words which it has.
0 Karma
Reply

Emre
Loves-to-Learn Lots
‎06-17-2025 05:38 AM

One more question since i am new to this platform i am wondering how can search for a certain error/ warning or info message. Such as how to seach for " 404 - file not found for file "

0 Karma
Reply

Emre
Loves-to-Learn Lots
‎06-17-2025 12:18 AM

Thanks @gcusello ,
I already implemented the mendix documentation. It sends some data to Splunk. And i use HEC method. 
But i would like to send some spesicifc data. for example Http status or Latest error message. In mendix i create logs and i added those values inside. But how do i display or get this information in Splunk. I only see some values such as hostname or level..

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-17-2025 12:46 AM

Hi @Emre ,

Splunk displays the logs that it receives, are you sure that you are sending these data to Splunk?

Do you see these data in the raw logs in Splunk?

Maybe the issue is the not correct parsing, see at https://docs.mendix.com/developerportal/operate/splunk-metrics/ to be guided.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-17-2025 12:13 AM

Hi @Emre ,

Splunk has many ways to ingest logs: syslog, HEC, API, etc..., which way can be implemented on Mendix?

anyway, see at https://docs.mendix.com/developerportal/operate/splunk-metrics/ and you should find the solution.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...