TCP Input to Splunk lnput from SAAS App

stevescottmb · ‎02-11-2019

I have a java application running in an AWS instance. I want to use the following log4j2 appender to push logs directly into the TCP input in Splunk Cloud;

<Appenders>
    <Socket name="socket" host="{cloudsplunk.host}" port="{cloudsplunk.host}">
    <PatternLayout pattern="%p: %m%n" charset="UTF-8"/>
    </Socket>
</Appenders>
<Loggers>
    <Root level="INFO">
    </Root>
    <Logger name="splunk.logger" level="info">
    <AppenderRef ref="socket"/>
    </Logger>
</Loggers>

However, it seems I have to create a universal forwarder, but I cannot install a forwarder on that EC2 instance ?

I just want to push the log4j2 output directly into the Splunk TCP Input, is this possible on Splunk Cloud? We are currently on a trial instance, so maybe I cannot see this option until we move to Enterprise.

woodcock · ‎02-11-2019

This can be done many ways, but the simplest and easiest is by using the Http Event Collector:

https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector

stevescottmb · ‎02-11-2019

Hi, Thanks for that info, I will have to setup the java project with the custom HEC appender.

I had looked into that, but the tcp input setup is so much simpler.

TCP Input to Splunk lnput from SAAS App

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

TCP Input to Splunk lnput from SAAS App

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...