Hello,
I use Splunk HTTP Event Collector (splunk-library-javalogging-1.5.1.jar) with log4j2. Here is my (simplified) log4 configuration file:
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="DEBUG" monitorInterval="30">
<Appenders>
<!-- Splunk logger -->
<Http name="http" url="http://%host%:8088" token="%splunk-token%" >
<PatternLayout pattern="%m" />
</Http>
</Appenders>
<Loggers>
<Root level="info">
</Root>
<Logger name="eventLogger" level="info" additivity="false">
<AppenderRef ref="http" />
</Logger>
</Loggers>
</Configuration>
I use SplunkCimLogEvent class to format the logging message as explained in the class javadoc:
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
...
private static final Logger EVENT_LOGGER = LogManager.getLogger("eventLogger");
...
SplunkCimLogEvent splunkCimLogEvent = new SplunkCimLogEvent("eventName", "eventId");
splunkCimLogEvent.addField("field1", field1Value);
splunkCimLogEvent.addField("field2", field2Value);
splunkCimLogEvent.setAuthApp("appName");
splunkCimLogEvent.setAuthUser("userName");
EVENT_LOGGER.info(splunkCimLogEvent.toString());
In Splunk, I get event formatted like following (raw text) :
{"message": "\"name=eventName\" \"event_id=eventId\" \"field1=field1\" \"field2=field2\" \"app=appName\" \"user=userName\"","severity":"INFO"}
I get only "message" and "severity" as JSON title (see attached image)
whereas I was expected every message field key as JSON title.
Is it possible to do this with log4j?
Thank you.
... View more