Not able to send logs from Docker container to Spl...

kumavine · ‎11-18-2019

I am trying to push Springboot application (running in docker container) logs to Splunk using log4j2 and logback. For this setup, I am using SplunkHttp appender of log4j2 and HttpEventCollectorLogbackAppender for logback. But not able to push logs using HTTP Event Collector.

I have done so far-

1- Having HTTP Event Collector token for authorisation.
2- I used curl command in container to verify connection and its working.
3- Having log4j2 and logback both configuration in Springboot application.
4- Injected self signed certificate in /usr/lib/jvm/java/jre/lib/security/cacerts using Dockerfile.
5- Using splunk-library-javalogging-1.7.3 artifact for supporting HTTP Event Collector. I also used artifact 1.6.0/1.6.2.

But I am not getting any success to push logs from running container to Splunk.

rgoers · ‎11-22-2019

You can use Log4j's SocketAppender. In Splunk's settings create a TCP Data Input and then configure the SocketAppender to point to it.

DavidHourani · ‎11-19-2019

Hi @kumavine, what kind of errors are you hitting exactly ? Did you successfully test your connectivity to HEC ?

Not able to send logs from Docker container to Splunk using log4j2 and logback (any)

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

Not able to send logs from Docker container to Splunk using log4j2 and logback (any)

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk