Splunk Dev

Log4j Selective logging

viranis
Explorer

I have a setup where I have configured Log4j2 within a springboot service and have setup HEC on Splunk. The setup is working brilliantly where the logs are pushed to splunk without any issues. 

My question is, is there a mechanism where i can control the kinds of logs pushed via HEC ? For example, my log file prints a lot of information like queries, logged in user data, application's exception stack traces, etc. and currently everything goes to Splunk. Is there a way where I can control to push maybe just the exceptions or just the logged in user info, etc ? Is this possible ?

If not, are there any other options that I should explore ?

Appreciate in advance

0 Karma
1 Solution

viranis
Explorer

Okay, i found a way to do this. I used RegexFilter within log4j2's SplunkHttp Appender to capture very specific logs and only those now flow to Splunk. 

View solution in original post

0 Karma

viranis
Explorer

Okay, i found a way to do this. I used RegexFilter within log4j2's SplunkHttp Appender to capture very specific logs and only those now flow to Splunk. 

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...