- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Java Logger and Splunk Class HttpEventCollectorLog...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Java Logger and Splunk Class HttpEventCollectorLoggingHandler not working, forwarding to HEC + Splunk
I reduced content of my documentation of problem (Code and Trace), due to request from Splunk,
I'm trying to log to the Splunk via the HEC using java.util.logging and Splunk Handler Class HttpEventCollectorLoggingHandler.
The events don't appear to be forwarded to Splunk. Also It looks to stopping in the SSL Handshake; I have a GUID specified in the properties file; the properties used for the Splunk Class are echoed out in the console log.
Logging to a different HTTP listener look to work OK; my play Java Http listener to echo sent logger data,
The Java Program Source and the Console Log, are pasted below.
Using Eclipse Java Development environment; Build Path has the following Jar Files:
• splunk-sdk-java-1.6.5.jar
• okhttp-3.12.8.jar
• okio-1.13.0.jar
• com.google.gson classes
I'm also using splunk-library-javalogging-1.8.0.zip classes, for classes not included in the splunk .jar file.
The program compiles clean.
It looks to stop in the SSL handshake after "done seeding SecureRandom"; last entry in the console log.
I'm running with these arguments passed to the program, for debugging and properties file,
-Djava.util.logging.config.file=C:\Explorer_Exports\jdklogging.properties -Xdebug -Djavax.net.debug=all
Was wondering if I'm using the proper .jar files in build path; classes from the .zip file, or my logger setup may be incorrect.
Any assistance would be appreciated. Steve.
== S O U R C E C O D E ===========================================================================
//
package com.mycompany.logging;
import java.io.*;
import java.util.logging.*;
import com.splunk.logging.*;
import com.splunk.logging.SplunkCimLogEvent;
//
public class LogTestSplunk{
public static void main(String arg[]) throws IOException {
Logger logger = Logger.getLogger("splunklogger");
SplunkCimLogEvent event = new SplunkCimLogEvent("zCEE", "PostInvokeSAK");
//*************************************************************
// Splunk Handler
Handler shandler = new HttpEventCollectorLoggingHandler();
logger.addHandler(shandler);
// echo out properties here...
//....
// continue with logger code.
event.setAuthApp("jane");
event.setAuthUser("jane");
event.addField("message", "this is my test message foobar");
logger.info(event.toString());
}
}
== C O N S O L E L O G ====================================================================
Property - com.splunk.logging.HttpEventCollectorLoggingHandler.url:== https://hecdevsplunk.aetna.com:8088/services/collector/event
Property - com.splunk.logging.HttpEventCollectorLoggingHandler.level:== INFO
Property - com.splunk.logging.HttpEventCollectorLoggingHandler.token:== adee79d5-774e-4cff-9596-d7e2a52b4f5f
Property - com.splunk.logging.HttpEventCollectorLoggingHandler.source:== http:zOS_java
Property - com.splunk.logging.HttpEventCollectorLoggingHandler.sourcetype:== httpevent
Property - com.splunk.logging.HttpEventCollectorLoggingHandler.messageFormat:== text
Property - com.splunk.logging.HttpEventCollectorLoggingHandler.index:== webeng-websphere
Property - com.splunk.logging.HttpEventCollectorLoggingHandler.disableCertificateValidation:== false
Property - com.splunk.logging.HttpEventCollectorLoggingHandler.retries_on_error:== 00001
--- all the SSL handshake here --- final SSL trace entry is this:
done seeding SecureRandom
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
