Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Splunk logging library Doesn't work
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to use Splunk logging library to log events to HTTP Event Collector via java.util.logging.
Followed steps as mentioned in: https://dev.splunk.com/enterprise/docs/java/logging-java/howtouseloggingjava/enableloghttpjava
Verified the HTPP event collector works fine with below snippet of code from emr cluster and also curl command works fine.
RequestBody formBody = new FormBody.Builder()
.add("username", "abc")
.build();
Request request = new Request.Builder()
.url("http://host:8088/services/collector")
.addHeader("Authorization", "Splunk token")
.post(RequestBody.create(MediaType.parse("application/json; profile=urn:splunk:event:1.0; charset=utf-8"),"{\"event\": \"Thursday, world!\", \"sourcetype\": \"manual\"}"))
.build();
However, I cant get it working through Splunk logging in java.
Java code:
String jsonMsg = "{\"event\": \"Thursday, world!\", \"sourcetype\": \"manual\"}";
Logger logger = java.util.logging.Logger.getLogger("splunkLogger");
logger.info(jsonMsg);
splunk-http-input.properties
# Implicitly create a logger called 'splunkLogger', set its level to INFO, and # make it log using the SocketHandler. splunkLogger.level = INFO handlers = com.splunk.logging.HttpEventCollectorLoggingHandler
# Configure the com.splunk.logging.HttpEventCollectorHandler com.splunk.logging.HttpEventCollectorLoggingHandler.url = http://host:8088 com.splunk.logging.HttpEventCollectorLoggingHandler.level = INFO com.splunk.logging.HttpEventCollectorLoggingHandler.token = token com.splunk.logging.HttpEventCollectorLoggingHandler.batch_size_count = 1 # com.splunk.logging.HttpEventCollectorLoggingHandler.middleware = HttpEventCollectorUnitTestMiddleware # com.splunk.logging.HttpEventCollectorLoggingHandler.index=default
com.splunk.logging.HttpEventCollectorLoggingHandler.disableCertificateValidation=true
# You would usually use XMLFormatter or SimpleFormatter for this property, but # SimpleFormatter doesn't accept a format string under Java 6, and so we cannot # control its output. Thus we use a trivial formatter as part of the test suite # to make it easy to deal with. #com.splunk.logging.HttpEventCollectorHandler.Formatter = TestFormatter |
Invoking it with command:
java -Djava.util.logging.config.file=/home/ec2-user/splunk-http-input.properties -cp java-project-1.0-SNAPSHOT.jar com.mkyong.hashing.SendEvents
Can someone tell me what I am missing here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After a lot of debugging I realized it is required to specify the index=main(otherwise it will be empty) . It won’t work without this.
I guess some improvisation can be done to throw proper error as an improvement for error logging.
Thanks,
Pooja
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After a lot of debugging I realized it is required to specify the index=main(otherwise it will be empty) . It won’t work without this.
I guess some improvisation can be done to throw proper error as an improvement for error logging.
Thanks,
Pooja
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
Splunk App Dev Community Updates – What’s New and What’s Next
The Latest Cisco Integrations With Splunk Platform!
