Configure log4j to send its logs to Splunk?

Constantine Gladky picture Constantine Gladky · Mar 20, 2012 · Viewed 12.9k times · Source

I need to send my log4j logs to Splunk. I found several solutions:

  1. To use REST API (e.g. curl -k -u admin:changeme -d "name=/tmp/myfile.log" -d "sourcetype=syslog" https://localhost:8089/servicesNS/admin/search/data/inputs/monitor)
  2. Install Splunk Universal Forwarder
  3. Use log4j appender such as:

    Syslog appender

    log4j.appender.splunk=org.apache.log4j.net.SyslogAppender log4j.appender.splunk.SyslogHost=localhost:8089 log4j.appender.splunk.layout=org.apache.log4j.PatternLayout log4j.appender.splunk.facility=LOCAL2 log4j.appender.splunk.layout.ConversionPattern=[%p] %t: %m%n

but it seems to me that 3rd solution wouldn't work if splunk server and log are located on separate machines.

2nd solution requires to install additional software

Can anyone propose any other solution?

PS I tried to use opensource java libs. But it didn't give a result.

Answer

Paul Sanford picture Paul Sanford · Apr 4, 2012

Check out this great project from one of our community developers @damiendallimore - https://github.com/damiendallimore/SplunkJavaLogging

It provides a number of options for logging directly to Splunk.

It also uses the Splunk Java SDK: http://dev.splunk.com/view/java-sdk/SP-CAAAECN