Getting Data In

Is this the proper approach to sending .log using logback.xml to Splunk?

juliennerocafor
New Member

Hello. I'm trying to integrate splunk with my local project developed in Java.

I have a main project called send-data-service while on the other hand, I have a project named utilities which includes the logging utility that can be re-used by my other projects. Every time send-data-service logs information, it calls the utility service. All of these works fine and also logs information and errors using a logback.xml. This then generates a .log file.

Now, I've read that I should use a splunk logback appender in my current logback.xml so as I can send data to my splunk server (which is hosted via virtual box) every time I try to make a request inside my send-data-service. Although I can't actually make it work. I've already setup a HEC inside splunk but it still does not receive any data. My goal is to send the whole .log file to my splunk server.

This is the content of my logback.xml:

<appender name="http"
            class="com.splunk.logging.HttpEventCollectorLogbackAppender">
            <url>http://localhost:8089</url>
            <token>$token-generated$</token>
            <source>send-data-service</source>
            <sourcetype>logback</sourcetype>
            <messageFormat>text</messageFormat>
            <middleware>HttpEventCollectorUnitTestMiddleware</middleware>
            <layout class="ch.qos.logback.classic.PatternLayout">
                <pattern>%logger: %msg%n</pattern>
            </layout>
        </appender>

        <logger name="splunk.logger" additivity="false" level="INFO">
            <appender-ref ref="http" />
        </logger

I would just also like to ask if i'm using a proper approach? I'm just new in using splunk and I'm really quite lost. Hope anyone can help me with this. Thank you!

Labels (2)
0 Karma

igiannop
New Member

I have exactly the same issue with logback. I have defined sourcetype as logback. Do we have any solution about it ?

0 Karma
Get Updates on the Splunk Community!

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...