Re: Using Splunk HTTP Event Collector with log4j2

crippled-ankle · ‎10-10-2020

Hi,

I'm trying to use SplunkHTTPAppender in production, the set up (log4j2.xml) works in development environment. But when I switch to production, http collector metrics (_introspection) starts to show data.num_of_requests_to_incorrect_url > 1 and no events are posted.

Is there a way to know the url used in event posting? and what is the criteria to determine a wrong url?

Thank you!

crippled-ankle · ‎10-11-2020

up

crippled-ankle · ‎10-10-2020

My config is like below,

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="info" name="example" packages="com.splunk.logging">
    <Appenders>
        <SplunkHttp
                name="splunk"
                url="http://localhost:8088"
                token="token"
                index="comminimizer"
                messageFormat="text"
                batch_size_count="1"
                disableCertificateValidation="true"
        >

            <PatternLayout pattern="%m"/>
        </SplunkHttp>

    </Appenders>

    <Loggers>
        <Root level="INFO">
            <AppenderRef ref="splunk"/>
        </Root>
    </Loggers>
</Configuration>

Using Splunk HTTP Event Collector with log4j2

HTTP Event Collector

Linux

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

Join the Conversation