Re: Using Splunk HTTP Event Collector with log4j2

crippled-ankle · ‎10-10-2020

Hi,

I'm trying to use SplunkHTTPAppender in production, the set up (log4j2.xml) works in development environment. But when I switch to production, http collector metrics (_introspection) starts to show data.num_of_requests_to_incorrect_url > 1 and no events are posted.

Is there a way to know the url used in event posting? and what is the criteria to determine a wrong url?

Thank you!

crippled-ankle · ‎10-11-2020

up

crippled-ankle · ‎10-10-2020

My config is like below,

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="info" name="example" packages="com.splunk.logging">
    <Appenders>
        <SplunkHttp
                name="splunk"
                url="http://localhost:8088"
                token="token"
                index="comminimizer"
                messageFormat="text"
                batch_size_count="1"
                disableCertificateValidation="true"
        >

            <PatternLayout pattern="%m"/>
        </SplunkHttp>

    </Appenders>

    <Loggers>
        <Root level="INFO">
            <AppenderRef ref="splunk"/>
        </Root>
    </Loggers>
</Configuration>

Using Splunk HTTP Event Collector with log4j2

HTTP Event Collector

Linux

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!