Getting Data In

Logs compression in Splunk HEC spring boot

priyanka2887
New Member

Hi Team,

Can we compress the logs using Splunk HEC HttpEventCollectorLogbackAppender? Please guide here, how to compress the logs using splunk hec configuration in logback.

Labels (1)
0 Karma

tscroggins
Influencer

Hi @priyanka2887,

At which layer? TLS? HTTP? Splunk?

TLS compression is largely deprecated, vulnerable to well-known attacks, and not (as far as I know) available in core JDK implementations of TLS 1.2+.

HttpEventCollectorLogbackAppender's underlying HTTP implementation, OkHttp, should compress any payload over 1024 bytes by default. See https://github.com/square/okhttp/blob/master/okhttp/src/main/kotlin/okhttp3/OkHttpClient.kt.

HttpEventCollectorLogbackAppender doesn't expose a method or property to modify the threshold. See https://github.com/splunk/splunk-library-javalogging/blob/main/src/main/java/com/splunk/logging/Http... and https://github.com/splunk/splunk-library-javalogging/blob/main/src/main/java/com/splunk/logging/Http....

If you want to add support for modifying the compression threshold, see the Contributing section at https://github.com/splunk/splunk-library-javalogging/blob/main/README.md

Raw data is always compressed in Splunk, although the algorithm is configurable. See the journalCompression setting in https://docs.splunk.com/Documentation/Splunk/latest/Admin/Indexesconf.

 

 

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...