Building for the Splunk Platform

How to best send our Java app's logs to Splunk?

janicki
New Member

Our Java app, developed in-house, has easily-parsed logs. I'd like to get them into Splunk real-time, and in an elegant way. (Nicer than Splunk tailing log files?) I can edit our Java app to do whatever is best for this purpose. What do you suggest?

DISCLAIMER: I am not familiar with Splunk, so I don't know how its pieces fit together!! Forwarder? App? REST? Java API? Java Bridge? What?! (However, I have seen Splunk's nice recommendations for log formatting.)

If someone could please summarize an approach, I'll research the details. I'd really appreciate your advice so I don't have to study the entire Splunk universe to make this development direction choice. Thanks!!!

0 Karma

janicki
New Member

FYI, (for others who find this question) I found this nice short video that shows a Java example of pushing events: http://www.splunk.com/view/SP-CAAAHHJ

0 Karma

ddrillic
Ultra Champion

The following speaks to that - Logging best practices

It shows the options -

alt text

0 Karma

janicki
New Member

Thanks! Although those seem to be methods for Splunk to PULL logs from an app... I was trying to PUSH. Our app creates lots of events that's aren't kept in memory very long, so PULL could be a problem.

0 Karma

ddrillic
Ultra Champion

Got it. In order to push data in you can look at REST API to push data into Splunk

alt text

The latest reference is Input endpoint descriptions

0 Karma

somesoni2
Revered Legend
0 Karma

janicki
New Member

Thanks, that's great!

0 Karma
Get Updates on the Splunk Community!

Splunk Education - Fast Start Program!

Welcome to Splunk Education! Splunk training programs are designed to enable you to get started quickly and ...

Five Subtly Different Ways of Adding Manual Instrumentation in Java

You can find the code of this example on GitHub here. Please feel free to star the repository to keep in ...

New Splunk APM Enhancements Help Troubleshoot Your MySQL and NoSQL Databases Faster

Splunk Observability has two new enhancements to make it quicker and easier to troubleshoot slow or frequently ...