I have a java application running in an AWS instance. I want to use the following log4j2 appender to push logs directly into the TCP input in Splunk Cloud;
<Appenders>
<Socket name="socket" host="{cloudsplunk.host}" port="{cloudsplunk.host}">
<PatternLayout pattern="%p: %m%n" charset="UTF-8"/>
</Socket>
</Appenders>
<Loggers>
<Root level="INFO">
</Root>
<Logger name="splunk.logger" level="info">
<AppenderRef ref="socket"/>
</Logger>
</Loggers>
However, it seems I have to create a universal forwarder, but I cannot install a forwarder on that EC2 instance ?
I just want to push the log4j2 output directly into the Splunk TCP Input, is this possible on Splunk Cloud? We are currently on a trial instance, so maybe I cannot see this option until we move to Enterprise.
This can be done many ways, but the simplest and easiest is by using the Http Event Collector
:
https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector
Hi, Thanks for that info, I will have to setup the java project with the custom HEC appender.
I had looked into that, but the tcp input setup is so much simpler.