log4j2 configuration for Splunk HEC on EC2

crippled-ankle · ‎10-14-2020

I have my log4j2.xml as below,

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="info" name="example" packages="com.splunk.logging">
    <Appenders>
        <SplunkHttp
                name="splunk"
                url="http://localhost:8088"
                token="sometoken"
                index="someindex"
                messageFormat="text"
                source="somesource"
                sourceType="log4j"
                batch_size_count="1"
                disableCertificateValidation="true"
        >

            <PatternLayout pattern="%m"/>
        </SplunkHttp>

    </Appenders>

    <Loggers>
        <Root level="INFO">
            <AppenderRef ref="splunk"/>
        </Root>
    </Loggers>
</Configuration>

I'm trying to set up Splunk with HEC on an EC2 instance. The same configuration works for a Splunk instance on my Windows machine.

I used tcpdump to trace packets on port 8088 and it seems there is no packet reaching to that port. Did I miss anything on the configuration?

Thank you!

richgalloway · ‎10-15-2020

Have you checked your firewall? Is Splunk listening on port 8088?

---
If this reply helps you, Karma would be appreciated.

log4j2 configuration for Splunk HEC on EC2

HTTP Event Collector

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Are you a member of the Splunk Community?

log4j2 configuration for Splunk HEC on EC2

HTTP Event Collector

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk