Getting Data In

Not able to send logs from Docker container to Splunk using log4j2 and logback (any)

kumavine
New Member

I am trying to push Springboot application (running in docker container) logs to Splunk using log4j2 and logback. For this setup, I am using SplunkHttp appender of log4j2 and HttpEventCollectorLogbackAppender for logback. But not able to push logs using HTTP Event Collector.

I have done so far-

1- Having HTTP Event Collector token for authorisation.
2- I used curl command in container to verify connection and its working.
3- Having log4j2 and logback both configuration in Springboot application.
4- Injected self signed certificate in /usr/lib/jvm/java/jre/lib/security/cacerts using Dockerfile.
5- Using splunk-library-javalogging-1.7.3 artifact for supporting HTTP Event Collector. I also used artifact 1.6.0/1.6.2.

But I am not getting any success to push logs from running container to Splunk.

0 Karma

rgoers
New Member

You can use Log4j's SocketAppender. In Splunk's settings create a TCP Data Input and then configure the SocketAppender to point to it.

0 Karma

DavidHourani
Super Champion

Hi @kumavine, what kind of errors are you hitting exactly ? Did you successfully test your connectivity to HEC ?

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...