I need to send my log4j logs to Splunk. I found several solutions:
curl -k -u admin:changeme -d "name=/tmp/myfile.log" -d "sourcetype=syslog" https://localhost:8089/servicesNS/admin/search/data/inputs/monitor
)Use log4j appender such as:
log4j.appender.splunk=org.apache.log4j.net.SyslogAppender log4j.appender.splunk.SyslogHost=localhost:8089 log4j.appender.splunk.layout=org.apache.log4j.PatternLayout log4j.appender.splunk.facility=LOCAL2 log4j.appender.splunk.layout.ConversionPattern=[%p] %t: %m%n
but it seems to me that 3rd solution wouldn't work if splunk server and log are located on separate machines.
2nd solution requires to install additional software
Can anyone propose any other solution?
PS I tried to use opensource java libs. But it didn't give a result.
Check out this great project from one of our community developers @damiendallimore - https://github.com/damiendallimore/SplunkJavaLogging
It provides a number of options for logging directly to Splunk.
It also uses the Splunk Java SDK: http://dev.splunk.com/view/java-sdk/SP-CAAAECN