Hi,
I'm trying to integrate splunk to our springboot java application, I believe that I have made all the required integration steps but the logs are not showing up in our splunk account.
Thanks,
Jerome
And what is it that you did? Because "all required integration steps" doesn't say anything.
Are you writing your logs to files and ingesting events from those files? Are you sending directly to splunk from your app? If so - how and to which component? If you configured the process with a specific destination index - are you sure that the user you're checking it with has proper permissions to access that index?
Just a few questions to start.
I was able to figure out the issue. I had to uncheck Enable indexer acknowledgement checkbox, I don't know why that caused the instance from receiving logs. I'm currently using localhost but will eventually change that to our domain. Thanks
I created the index via splunk and have a log4j-spring.xml file where I have the necessary configurations for splunk see below:
I'm using log4j as the logging mechanism in my application.
<?xml version="1.0" encoding="UTF-8"?>
<Configuration>
<Appenders>
<Console name="console" target="SYSTEM_OUT">
<PatternLayout
pattern="%style{%d{ISO8601}} %highlight{%-5level }[%style{%t}{bright,blue}] %style{%C{10}}{bright,yellow}: %msg%n%throwable" />
</Console>
<SplunkHttp
name="splunkhttp"
url="http://localhost:8088"
token="*******"
host="localhost"
index="gam_event_pro_dev"
type="raw"
source="gameventpro"
sourcetype="log4j"
messageFormat="text"
disableCertificateValidation="true">
<PatternLayout pattern="%m" />
</SplunkHttp>
</Appenders>
<Loggers>
<!-- LOG everything at INFO level -->
<Root level="info">
<AppenderRef ref="console" />
<AppenderRef ref="splunkhttp" />
</Root>
</Loggers>
</Configuration>
I have admin access to our splunk account so permission should not be an issue.
Ok. We're getting somewhere 😉
Your appender should be sending the events to the listening components on the localhost.
1. Do you have a UF or a Splunk Enterprise instance on the same host?
2. Does it have an input defined on port 8088?
3. Isn't your network traffic firewalled?
4. Does your http input have TLS enabled or disabled? (your appender configuration will expect plain unencrypted HTTP).
I was able to figure out the issue. I had to uncheck Enable indexer acknowledgement checkbox, I don't know why that caused the instance from receiving logs. I'm currently using localhost but will eventually change that to our domain. Thanks
I created the index via splunk and have a log4j-spring.xml file where I have the necessary configurations for splunk see below:
I'm using log4j as the logging mechanism in my application.
<?xml version="1.0" encoding="UTF-8"?>
<Configuration>
<Appenders>
<Console name="console" target="SYSTEM_OUT">
<PatternLayout
pattern="%style{%d{ISO8601}} %highlight{%-5level }[%style{%t}{bright,blue}] %style{%C{10}}{bright,yellow}: %msg%n%throwable" />
</Console>
<SplunkHttp
name="splunkhttp"
url="http://localhost:8088"
token="*******"
host="localhost"
index="gam_event_pro_dev"
type="raw"
source="gameventpro"
sourcetype="log4j"
messageFormat="text"
disableCertificateValidation="true">
<PatternLayout pattern="%m" />
</SplunkHttp>
</Appenders>
<Loggers>
<!-- LOG everything at INFO level -->
<Root level="info">
<AppenderRef ref="console" />
<AppenderRef ref="splunkhttp" />
</Root>
</Loggers>
</Configuration>
Hi @jerome ... troubleshooting this requires mooore details from you.
1. from the UF, are you able to receive other logs to indexer?
2. was this java logs showing up at indexer previously or.. it did not work from you have configured
3. is it a prod or test system...
4. your inputs.conf at the UF configuration please
I was able to figure out the issue. I had to uncheck Enable indexer acknowledgement checkbox, I don't know why that caused the instance from receiving logs. I'm currently using localhost but will eventually change that to our domain. Thanks