search

splunk / splunk-library-javalogging

Splunk logging appenders for popular Java Logging frameworks
http://dev.splunk.com/view/splunk-logging-java/SP-CAAAE2K
Apache License 2.0
135 stars 175 forks source link

Assistance with log4j2.xml configuration #218

Closed lewismc closed 2 years ago

lewismc commented 2 years ago

I am trying to prototype splunk-library-javalogging for the Apache Nutch Web crawler project. I've successfully added splunk-library-javalogging as a dependency within the Apache Ivy system. PR https://github.com/splunk/splunk-library-javalogging/pull/217 is my effort to document that but using Apache Maven as an example.

I have defined Splunks Http Event Collector and can verify manually POST'ing messages to the collector via my command line. However when I attempt to configure splunk-library-javalogging via log4j2.xml as below... I just don't get any data in Splunk.

Here is he Log4j2.xml configuration but I've also pasted it below for convenience.

  <Appenders>
    ...
    <!-- Start Splunk config -->
    <Socket name="socket" host="localhost" port="8088">
      <PatternLayout pattern="%p: %m%n" charset="UTF-8"/>
    </Socket>

    <SplunkHttp name="http"
              url="http://localhost:8088/services/collector/event"
              token="abcd1234"
              source="Nutch 1.19-SNAPSHOT"
              sourcetype="log4j"
              batch_size_count="1"
              disableCertificateValidation="true">
      <PatternLayout pattern="%m"/>
    </SplunkHttp>
    <!-- End Splunk config -->
    ...
  </Appenders>
  <Loggers>
    <!-- Start Splunk loggers -->
    <Logger name="splunk.logger" level="INFO">
      <AppenderRef ref="socket"/>
    </Logger>
    <Logger name="splunk.log4j" level="INFO">
      <AppenderRef ref="http"/>
    </Logger>
    <!-- End Splunk loggers -->
  </Loggers>
...

Any guidance is greatly appreciated. Thank you.

lewismc commented 2 years ago

@fantavlik @vmalaviya-splunk @ashah-splunk @rmaheshwari-splunk any ideas? Thank you for your consideration.

bparmar-splunk commented 2 years ago

Hi @lewismc, Above log4j configuration seems correct except one attribute (i.e. URL). Please keep URL till port number. (For eg. http://127.0.0.1:8088). Also, this URL has HTTP protocol only, but not HTTPS.

Please verify HTTPS checkbox in you HEC global settings from Splunk web portal. For reference, please refer this link.

Please let us know, if you still face any issues.