I have a setup where I have configured Log4j2 within a springboot service and have setup HEC on Splunk. The setup is working brilliantly where the logs are pushed to splunk without any issues.
My question is, is there a mechanism where i can control the kinds of logs pushed via HEC ? For example, my log file prints a lot of information like queries, logged in user data, application's exception stack traces, etc. and currently everything goes to Splunk. Is there a way where I can control to push maybe just the exceptions or just the logged in user info, etc ? Is this possible ?
If not, are there any other options that I should explore ?
Appreciate in advance
Okay, i found a way to do this. I used RegexFilter within log4j2's SplunkHttp Appender to capture very specific logs and only those now flow to Splunk.
Okay, i found a way to do this. I used RegexFilter within log4j2's SplunkHttp Appender to capture very specific logs and only those now flow to Splunk.