My question was also asked in
http://splunk-base.splunk.com/answers/10113/using-custom-code-to-push-log-data-directly-to-splunk-over-tcp
Where the consensus was to avoid doing this (trying to write directly into Splunk over a TCP socket) and use syslog appender or other stuff.
However the data we want to log is on a multicast network and we want to produce a gateway that will take it off that network and log it to spunk, so rather than writing a file (and worrying about file permissions) we would rather just write to a socket.
So if we want to do this is there a spec for or a (Java) API or the protocol to use (including the failover/load balancing stuff) to send data directly into Splunk.
Les
... View more