Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Java application logs not showing up in splunk

jerome
Observer
‎10-07-2023 02:18 PM

Hi,

I'm trying to integrate splunk to our springboot java application, I believe that I have made all the required integration steps but the logs are not showing up in our splunk account. 

 

Thanks,

 

Jerome

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-07-2023 02:46 PM

And what is it that you did? Because "all required integration steps" doesn't say anything.

Are you writing your logs to files and ingesting events from those files? Are you sending directly to splunk from your app? If so - how and to which component? If you configured the process with a specific destination index - are you sure that the user you're checking it with has proper permissions to access that index?

Just a few questions to start.

0 Karma
Reply

jerome
Observer
‎10-08-2023 02:33 PM

I was able to figure out the issue. I had to uncheck Enable indexer acknowledgement checkbox, I don't know why that caused the instance from receiving logs. I'm currently using localhost but will eventually change that to our domain. Thanks

0 Karma
Reply

jerome
Observer
‎10-07-2023 02:57 PM

I created the index via splunk and have a log4j-spring.xml file where I have the necessary configurations for splunk see below:

I'm using log4j as the logging mechanism in my application.

<?xml version="1.0" encoding="UTF-8"?>
<Configuration>
    <Appenders>
        <Console name="console" target="SYSTEM_OUT">
            <PatternLayout
                    pattern="%style{%d{ISO8601}} %highlight{%-5level }[%style{%t}{bright,blue}] %style{%C{10}}{bright,yellow}: %msg%n%throwable" />
        </Console>
        <SplunkHttp
                name="splunkhttp"
                url="http://localhost:8088"
                token="*******"
                host="localhost"
                index="gam_event_pro_dev"
                type="raw"
                source="gameventpro"
                sourcetype="log4j"
                messageFormat="text"
                disableCertificateValidation="true">
            <PatternLayout pattern="%m" />
        </SplunkHttp>
    </Appenders>

    <Loggers>
        <!-- LOG everything at INFO level -->
        <Root level="info">
            <AppenderRef ref="console" />
            <AppenderRef ref="splunkhttp" />
        </Root>
    </Loggers>
</Configuration>

I have admin access to our splunk account so permission should not be an issue.

Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-08-2023 12:42 AM

Ok. We're getting somewhere 😉

Your appender should be sending the events to the listening components on the localhost.

1. Do you have a UF or a Splunk Enterprise instance on the same host?

2. Does it have an input defined on port 8088?

3. Isn't your network traffic firewalled?

4. Does your http input have TLS enabled or disabled? (your appender configuration will expect plain unencrypted HTTP).

 

0 Karma
Reply

jerome
Observer
‎10-08-2023 02:34 PM

I was able to figure out the issue. I had to uncheck Enable indexer acknowledgement checkbox, I don't know why that caused the instance from receiving logs. I'm currently using localhost but will eventually change that to our domain. Thanks

Tags (1)
0 Karma
Reply

jerome
Observer
‎10-07-2023 02:55 PM

I created the index via splunk and have a log4j-spring.xml file where I have the necessary configurations for splunk see below:

I'm using log4j as the logging mechanism in my application.

<?xml version="1.0" encoding="UTF-8"?>
<Configuration>
    <Appenders>
        <Console name="console" target="SYSTEM_OUT">
            <PatternLayout
                    pattern="%style{%d{ISO8601}} %highlight{%-5level }[%style{%t}{bright,blue}] %style{%C{10}}{bright,yellow}: %msg%n%throwable" />
        </Console>
        <SplunkHttp
                name="splunkhttp"
                url="http://localhost:8088"
                token="*******"
                host="localhost"
                index="gam_event_pro_dev"
                type="raw"
                source="gameventpro"
                sourcetype="log4j"
                messageFormat="text"
                disableCertificateValidation="true">
            <PatternLayout pattern="%m" />
        </SplunkHttp>
    </Appenders>

    <Loggers>
        <!-- LOG everything at INFO level -->
        <Root level="info">
            <AppenderRef ref="console" />
            <AppenderRef ref="splunkhttp" />
        </Root>
    </Loggers>
</Configuration>
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-07-2023 08:44 PM

Hi @jerome ... troubleshooting this requires mooore details from you.

1. from the UF, are you able to receive other logs to indexer?

2. was this java logs showing up at indexer previously or.. it did not work from you have configured

3. is it a prod or test system...

4. your inputs.conf at the UF configuration please

0 Karma
Reply

jerome
Observer
‎10-08-2023 02:36 PM

I was able to figure out the issue. I had to uncheck Enable indexer acknowledgement checkbox, I don't know why that caused the instance from receiving logs. I'm currently using localhost but will eventually change that to our domain. Thanks

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...