Developing for Splunk Enterprise

How to best send our Java app's logs to Splunk?

janicki
New Member

Our Java app, developed in-house, has easily-parsed logs. I'd like to get them into Splunk real-time, and in an elegant way. (Nicer than Splunk tailing log files?) I can edit our Java app to do whatever is best for this purpose. What do you suggest?

DISCLAIMER: I am not familiar with Splunk, so I don't know how its pieces fit together!! Forwarder? App? REST? Java API? Java Bridge? What?! (However, I have seen Splunk's nice recommendations for log formatting.)

If someone could please summarize an approach, I'll research the details. I'd really appreciate your advice so I don't have to study the entire Splunk universe to make this development direction choice. Thanks!!!

0 Karma

janicki
New Member

FYI, (for others who find this question) I found this nice short video that shows a Java example of pushing events: http://www.splunk.com/view/SP-CAAAHHJ

0 Karma

ddrillic
Ultra Champion

The following speaks to that - Logging best practices

It shows the options -

alt text

0 Karma

janicki
New Member

Thanks! Although those seem to be methods for Splunk to PULL logs from an app... I was trying to PUSH. Our app creates lots of events that's aren't kept in memory very long, so PULL could be a problem.

0 Karma

ddrillic
Ultra Champion

Got it. In order to push data in you can look at REST API to push data into Splunk

alt text

The latest reference is Input endpoint descriptions

0 Karma

somesoni2
Revered Legend
0 Karma

janicki
New Member

Thanks, that's great!

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!