Splunk Enterprise

Spunk logging properties file

esmeemarch
Observer

I am trying to integrate splunk into my project.

Currently, I have the following .properties file:

 

mySplunk.level = INFO
mySplunk.handlers = com.splunk.logging.HttpEventCollectorLoggingHandler

# Configure the com.splunk.logging.HttpEventCollectorLoggingHandler
com.splunk.logging.HttpEventCollectorLoggingHandler.url = myUrl
com.splunk.logging.HttpEventCollectorLoggingHandler.level = INFO
com.splunk.logging.HttpEventCollectorLoggingHandler.token = myToken
com.splunk.logging.HttpEventCollectorLoggingHandler.source= mySource
com.splunk.logging.HttpEventCollectorLoggingHandler.disableCertificateValidation=true

 

 

Note: url and token are not put into this file but are available and the access is grated.

My SplunkTestLogger.java

 

import java.util.logging.Logger;
import java.util.logging.Level;

public class Main {

public static void main(String[] args) {
Logger logger = Logger.getLogger("mySplunk");
try{
FileInputStream fis = new FileInputStream("C\\User\\myUser\\logging.properties");
LogManager.getLogManager().readConfiguration(fis);

log.setLevel(LEVEL.INFO);
log.addHandler(new java.util.logging.consoleHandler());
log.setUseParentHandlers(false);

log.info("starting myApp");
fis.close();

} catch (Exception e) {
logger.log(Level.SEVERE, "Exception occurred", e);
}
}
}

 

This class is not able to send any log messages to splunk. Why?
I already tried to connect and send events manually with

 

URL url = new URL(SPLUNK_HEC_URL + "/services/collector/event");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Authorization", "Splunk " + SPLUNK_HEC_TOKEN);
connection.setDoOutput(true);
//....

 

and it was successful. but I want to make it work with the .properties approach.

Tags (2)
0 Karma

dural_yyz
Motivator

That level of JAVA support typically is beyond the Splunk community board.  These answer posts tend to focus on Splunk configurations.

0 Karma
Get Updates on the Splunk Community!

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...