- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Splunk logging library Doesn't work
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to use Splunk logging library to log events to HTTP Event Collector via java.util.logging.
Followed steps as mentioned in: https://dev.splunk.com/enterprise/docs/java/logging-java/howtouseloggingjava/enableloghttpjava
Verified the HTPP event collector works fine with below snippet of code from emr cluster and also curl command works fine.
RequestBody formBody = new FormBody.Builder()
.add("username", "abc")
.build();
Request request = new Request.Builder()
.url("http://host:8088/services/collector")
.addHeader("Authorization", "Splunk token")
.post(RequestBody.create(MediaType.parse("application/json; profile=urn:splunk:event:1.0; charset=utf-8"),"{\"event\": \"Thursday, world!\", \"sourcetype\": \"manual\"}"))
.build();
However, I cant get it working through Splunk logging in java.
Java code:
String jsonMsg = "{\"event\": \"Thursday, world!\", \"sourcetype\": \"manual\"}";
Logger logger = java.util.logging.Logger.getLogger("splunkLogger");
logger.info(jsonMsg);
splunk-http-input.properties
# Implicitly create a logger called 'splunkLogger', set its level to INFO, and # make it log using the SocketHandler. splunkLogger.level = INFO handlers = com.splunk.logging.HttpEventCollectorLoggingHandler
# Configure the com.splunk.logging.HttpEventCollectorHandler com.splunk.logging.HttpEventCollectorLoggingHandler.url = http://host:8088 com.splunk.logging.HttpEventCollectorLoggingHandler.level = INFO com.splunk.logging.HttpEventCollectorLoggingHandler.token = token com.splunk.logging.HttpEventCollectorLoggingHandler.batch_size_count = 1 # com.splunk.logging.HttpEventCollectorLoggingHandler.middleware = HttpEventCollectorUnitTestMiddleware # com.splunk.logging.HttpEventCollectorLoggingHandler.index=default
com.splunk.logging.HttpEventCollectorLoggingHandler.disableCertificateValidation=true
# You would usually use XMLFormatter or SimpleFormatter for this property, but # SimpleFormatter doesn't accept a format string under Java 6, and so we cannot # control its output. Thus we use a trivial formatter as part of the test suite # to make it easy to deal with. #com.splunk.logging.HttpEventCollectorHandler.Formatter = TestFormatter |
Invoking it with command:
java -Djava.util.logging.config.file=/home/ec2-user/splunk-http-input.properties -cp java-project-1.0-SNAPSHOT.jar com.mkyong.hashing.SendEvents
Can someone tell me what I am missing here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After a lot of debugging I realized it is required to specify the index=main(otherwise it will be empty) . It won’t work without this.
I guess some improvisation can be done to throw proper error as an improvement for error logging.
Thanks,
Pooja
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After a lot of debugging I realized it is required to specify the index=main(otherwise it will be empty) . It won’t work without this.
I guess some improvisation can be done to throw proper error as an improvement for error logging.
Thanks,
Pooja
Preparing your Splunk Environment for OpenSSL3
Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...
Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...
