Splunk Enterprise

Use UDP to index rest api logs

Path Finder

We are currently using TCP capability to index REST API logs in Splunk. We now have requirement to use UDP instead of TCP. When I select UDP capabilities under same role nothing happens.

I am keeping rest all setting (port, URL etc. ) same and adding UDP capability for the role. Do I need to make any other changes to index REST logs using UDP?

Source setting are as follows:

1.) Add slpunk Nuget Package

2.) Add a class SplunkAppender.cs
internal class SplunkAppender : log4net.Appender.AppenderSkeleton
{

public SplunkAppender()
{
var connectArgs = new ServiceArgs
{
//TODO: Read this from config file
Host = {splunk url},
Port = 8089
};

var service = new Service(connectArgs);

service.Login(username, password);
_receiver = new Splunk.Receiver(service);

}
protected override void Append(log4net.Core.LoggingEvent loggingEvent)
{
string data = RenderLoggingEvent(loggingEvent);
_receiver.Submit(new ReceiverSubmitArgs()
{
Index = _index,
Source = _source,
SourceType = _sourceType

}, data);

}

}

3.) Change Configuration – Add a new appender

4.) For logging to splunk end point
var logger = LogManager.GetLogger("SplunkLogger");
logger.Info("logged to splunk! GFX2Client Plugin Loaded");

0 Karma

Splunk Employee
Splunk Employee

could you please clarify "nothing happens" ?

could this be a firewall issue?
If this is nix, you could perhaps verify that data reaching the UDP port w/tcpdump.
Have you checked splunkd.log for errors/warnings?

0 Karma