I have my log4j2.xml as below,
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="info" name="example" packages="com.splunk.logging">
<Appenders>
<SplunkHttp
name="splunk"
url="http://localhost:8088"
token="sometoken"
index="someindex"
messageFormat="text"
source="somesource"
sourceType="log4j"
batch_size_count="1"
disableCertificateValidation="true"
>
<PatternLayout pattern="%m"/>
</SplunkHttp>
</Appenders>
<Loggers>
<Root level="INFO">
<AppenderRef ref="splunk"/>
</Root>
</Loggers>
</Configuration>
I'm trying to set up Splunk with HEC on an EC2 instance. The same configuration works for a Splunk instance on my Windows machine.
I used tcpdump to trace packets on port 8088 and it seems there is no packet reaching to that port. Did I miss anything on the configuration?
Thank you!
Have you checked your firewall? Is Splunk listening on port 8088?