I am new to this community, hope you can help. We use Splunk for years.
Symptom: we see ASCII numbers as search results, expecting readable texts. How can I get readable text?
Our Spring Boot applications run inside Docker containers. We log using e.g. log4j2.
When I use in my Spring Boot application the Spring log4j2.xml configuration file (see below) then log statements are readable (as plain text) in the Docker logs. When I try to read them in Splunk the message is shown like:
message=['123', '34' '116', ... ]
When I remove the log4j2.xml file, then all logs are readable again both in the Docker logs as in Splunk.
Why is this happening? How can I make the messages readable in Splunk?
<?xml version="1.0" encoding="UTF-8"?> <Configuration status="info"> <Appenders> <Console name="Console-Appender" target="SYSTEM_OUT"> <PatternLayout> <pattern> [%-5level] %d{MM-dd HH:mm:ss.SSS} [%t] [%c{1} - %msg%n </pattern> </PatternLayout> </Console> </Appenders> <Loggers> <Logger name="nl.mycompany.xyz" level="info" additivity="false"> <AppenderRef ref="Console-Appender" /> </Logger> <Root> <AppenderRef ref="Console-Appender" /> </Root> </Loggers> </Configuration>