Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Splunk logging library Doesn't work
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to use Splunk logging library to log events to HTTP Event Collector via java.util.logging.
Followed steps as mentioned in: https://dev.splunk.com/enterprise/docs/java/logging-java/howtouseloggingjava/enableloghttpjava
Verified the HTPP event collector works fine with below snippet of code from emr cluster and also curl command works fine.
RequestBody formBody = new FormBody.Builder()
.add("username", "abc")
.build();
Request request = new Request.Builder()
.url("http://host:8088/services/collector")
.addHeader("Authorization", "Splunk token")
.post(RequestBody.create(MediaType.parse("application/json; profile=urn:splunk:event:1.0; charset=utf-8"),"{\"event\": \"Thursday, world!\", \"sourcetype\": \"manual\"}"))
.build();
However, I cant get it working through Splunk logging in java.
Java code:
String jsonMsg = "{\"event\": \"Thursday, world!\", \"sourcetype\": \"manual\"}";
Logger logger = java.util.logging.Logger.getLogger("splunkLogger");
logger.info(jsonMsg);
splunk-http-input.properties
# Implicitly create a logger called 'splunkLogger', set its level to INFO, and # make it log using the SocketHandler. splunkLogger.level = INFO handlers = com.splunk.logging.HttpEventCollectorLoggingHandler
# Configure the com.splunk.logging.HttpEventCollectorHandler com.splunk.logging.HttpEventCollectorLoggingHandler.url = http://host:8088 com.splunk.logging.HttpEventCollectorLoggingHandler.level = INFO com.splunk.logging.HttpEventCollectorLoggingHandler.token = token com.splunk.logging.HttpEventCollectorLoggingHandler.batch_size_count = 1 # com.splunk.logging.HttpEventCollectorLoggingHandler.middleware = HttpEventCollectorUnitTestMiddleware # com.splunk.logging.HttpEventCollectorLoggingHandler.index=default
com.splunk.logging.HttpEventCollectorLoggingHandler.disableCertificateValidation=true
# You would usually use XMLFormatter or SimpleFormatter for this property, but # SimpleFormatter doesn't accept a format string under Java 6, and so we cannot # control its output. Thus we use a trivial formatter as part of the test suite # to make it easy to deal with. #com.splunk.logging.HttpEventCollectorHandler.Formatter = TestFormatter |
Invoking it with command:
java -Djava.util.logging.config.file=/home/ec2-user/splunk-http-input.properties -cp java-project-1.0-SNAPSHOT.jar com.mkyong.hashing.SendEvents
Can someone tell me what I am missing here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After a lot of debugging I realized it is required to specify the index=main(otherwise it will be empty) . It won’t work without this.
I guess some improvisation can be done to throw proper error as an improvement for error logging.
Thanks,
Pooja
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After a lot of debugging I realized it is required to specify the index=main(otherwise it will be empty) . It won’t work without this.
I guess some improvisation can be done to throw proper error as an improvement for error logging.
Thanks,
Pooja
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
SplunkTrust Application Period is Officially OPEN!
