Getting Data In

TCP Input to Splunk lnput from SAAS App

New Member

I have a java application running in an AWS instance. I want to use the following log4j2 appender to push logs directly into the TCP input in Splunk Cloud;

    <Socket name="socket" host="{}" port="{}">
    <PatternLayout pattern="%p: %m%n" charset="UTF-8"/>
    <Root level="INFO">
    <Logger name="splunk.logger" level="info">
    <AppenderRef ref="socket"/>

However, it seems I have to create a universal forwarder, but I cannot install a forwarder on that EC2 instance ?

I just want to push the log4j2 output directly into the Splunk TCP Input, is this possible on Splunk Cloud? We are currently on a trial instance, so maybe I cannot see this option until we move to Enterprise.

0 Karma

Esteemed Legend

This can be done many ways, but the simplest and easiest is by using the Http Event Collector:

0 Karma

New Member

Hi, Thanks for that info, I will have to setup the java project with the custom HEC appender.

I had looked into that, but the tcp input setup is so much simpler.

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...