Splunk provides a library that can be used to create Java loggers needed for forwarding logs to a Splunk instance via multiple means such as HTTP, TCP and TCP-SSL. For more details on this, check the Splunk Logging for Java page. The rest of this article assumes you already have an up and running Splunk instance (on a UNIX box)
Note that details given in this write-up are specific to Splunk 8.0. Configuration parameters may have been different in previous versions and may also change in subsequent versions.
Details on forwarding logs directly via TCP and HTTP are quite clear, however, trying to log securely over TCP requires some additional processes. The stages involved in this process are listed below. Note that there may be other ways of achieving this same result, and the proceedure highlighted in the article is just one out of many other possible ways.
- Generate Self Signed Server Certi