Not able to send logs from Docker container to Spl...

kumavine · ‎11-18-2019

I am trying to push Springboot application (running in docker container) logs to Splunk using log4j2 and logback. For this setup, I am using SplunkHttp appender of log4j2 and HttpEventCollectorLogbackAppender for logback. But not able to push logs using HTTP Event Collector.

I have done so far-

1- Having HTTP Event Collector token for authorisation.
2- I used curl command in container to verify connection and its working.
3- Having log4j2 and logback both configuration in Springboot application.
4- Injected self signed certificate in /usr/lib/jvm/java/jre/lib/security/cacerts using Dockerfile.
5- Using splunk-library-javalogging-1.7.3 artifact for supporting HTTP Event Collector. I also used artifact 1.6.0/1.6.2.

But I am not getting any success to push logs from running container to Splunk.

rgoers · ‎11-22-2019

You can use Log4j's SocketAppender. In Splunk's settings create a TCP Data Input and then configure the SocketAppender to point to it.

DavidHourani · ‎11-19-2019

Hi @kumavine, what kind of errors are you hitting exactly ? Did you successfully test your connectivity to HEC ?

Not able to send logs from Docker container to Splunk using log4j2 and logback (any)

Index This | What are the 12 Days of Splunk-mas?

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience