How to best send our Java app's logs to Splunk?

janicki · ‎07-21-2016

Our Java app, developed in-house, has easily-parsed logs. I'd like to get them into Splunk real-time, and in an elegant way. (Nicer than Splunk tailing log files?) I can edit our Java app to do whatever is best for this purpose. What do you suggest?

DISCLAIMER: I am not familiar with Splunk, so I don't know how its pieces fit together!! Forwarder? App? REST? Java API? Java Bridge? What?! (However, I have seen Splunk's nice recommendations for log formatting.)

If someone could please summarize an approach, I'll research the details. I'd really appreciate your advice so I don't have to study the entire Splunk universe to make this development direction choice. Thanks!!!

janicki · ‎07-22-2016

FYI, (for others who find this question) I found this nice short video that shows a Java example of pushing events: http://www.splunk.com/view/SP-CAAAHHJ

ddrillic · ‎07-21-2016

The following speaks to that - Logging best practices

It shows the options -

janicki · ‎07-22-2016

Thanks! Although those seem to be methods for Splunk to PULL logs from an app... I was trying to PUSH. Our app creates lots of events that's aren't kept in memory very long, so PULL could be a problem.

ddrillic · ‎07-22-2016

Got it. In order to push data in you can look at REST API to push data into Splunk

The latest reference is Input endpoint descriptions

somesoni2 · ‎07-21-2016

Have a look at the Http Event Collector. It's easy enough to setup and use.

http://dev.splunk.com/view/event-collector/SP-CAAAE6M
http://docs.splunk.com/Documentation/Splunk/6.4.2/Data/UsetheHTTPEventCollector

janicki · ‎07-22-2016

Thanks, that's great!

How to best send our Java app's logs to Splunk?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk