Getting Data In

TCP Input to Splunk lnput from SAAS App

New Member

I have a java application running in an AWS instance. I want to use the following log4j2 appender to push logs directly into the TCP input in Splunk Cloud;

    <Socket name="socket" host="{}" port="{}">
    <PatternLayout pattern="%p: %m%n" charset="UTF-8"/>
    <Root level="INFO">
    <Logger name="splunk.logger" level="info">
    <AppenderRef ref="socket"/>

However, it seems I have to create a universal forwarder, but I cannot install a forwarder on that EC2 instance ?

I just want to push the log4j2 output directly into the Splunk TCP Input, is this possible on Splunk Cloud? We are currently on a trial instance, so maybe I cannot see this option until we move to Enterprise.

0 Karma

Esteemed Legend

This can be done many ways, but the simplest and easiest is by using the Http Event Collector:

0 Karma

New Member

Hi, Thanks for that info, I will have to setup the java project with the custom HEC appender.

I had looked into that, but the tcp input setup is so much simpler.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!