Getting Data In

TCP Input to Splunk lnput from SAAS App

stevescottmb
New Member

I have a java application running in an AWS instance. I want to use the following log4j2 appender to push logs directly into the TCP input in Splunk Cloud;

<Appenders>
    <Socket name="socket" host="{cloudsplunk.host}" port="{cloudsplunk.host}">
    <PatternLayout pattern="%p: %m%n" charset="UTF-8"/>
    </Socket>
</Appenders>
<Loggers>
    <Root level="INFO">
    </Root>
    <Logger name="splunk.logger" level="info">
    <AppenderRef ref="socket"/>
    </Logger>
</Loggers>

However, it seems I have to create a universal forwarder, but I cannot install a forwarder on that EC2 instance ?

I just want to push the log4j2 output directly into the Splunk TCP Input, is this possible on Splunk Cloud? We are currently on a trial instance, so maybe I cannot see this option until we move to Enterprise.

0 Karma

woodcock
Esteemed Legend

This can be done many ways, but the simplest and easiest is by using the Http Event Collector:

https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector

0 Karma

stevescottmb
New Member

Hi, Thanks for that info, I will have to setup the java project with the custom HEC appender.

I had looked into that, but the tcp input setup is so much simpler.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!