Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Example logging framework configuration files for using SplunkJavaLogging REST/Raw TCP appenders
handlers = com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler
#handlers = com.dtdsoftware.splunk.logging.jdk.handler.SplunkRawTCPHandler
# Set the default logging level for the root logger
.level = INFO
# Set the default logging level for the splunk logger
splunk.logger = INFO
# Set the default logging level for new SplunkRestHandler instances
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.level=INFO
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.user=admin
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.pass=somepass
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.host=localhost
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.delivery=stream
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.port=8089
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.metaSource=rest
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.metaSourcetype=testing
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.metaIndex=main
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.maxQueueSize=5MB
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRestHandler.dropEventsOnQueueFull=false
# Set the default logging level for new SplunkRawTCPHandler instances
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRawTCPHandler.level=INFO
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRawTCPHandler.host=localhost
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRawTCPHandler.port=5150
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRawTCPHandler.maxQueueSize=5MB
com.dtdsoftware.splunk.logging.jdk.handler.SplunkRawTCPHandler.dropEventsOnQueueFull=false
# Set the default logging level for new ConsoleHandler instances
java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
#Example log4j configuration using a Splunk REST Appender or Splunk Raw TCP Appender
# Root logger option
log4j.rootLogger=DEBUG,stdout
#Splunk logger
log4j.logger.splunk.logger=INFO, splunkrest
#log4j.logger.splunk.logger=INFO, splunkrawtcp
log4j.additivity.splunk.logger=false
# Send log events to a Splunk REST endpoint
log4j.appender.splunkrest=com.dtdsoftware.splunk.logging.log4j.appender.SplunkRestAppender
log4j.appender.splunkrest.user=admin
log4j.appender.splunkrest.pass=somepass
log4j.appender.splunkrest.host=localhost
log4j.appender.splunkrest.port=8089
log4j.appender.splunkrest.delivery=stream
log4j.appender.splunkrest.metaSource=rest
log4j.appender.splunkrest.metaSourcetype=testing
log4j.appender.splunkrest.metaIndex=main
log4j.appender.splunkrest.maxQueueSize=5MB
log4j.appender.splunkrest.dropEventsOnQueueFull=false
log4j.appender.splunkrest.layout=org.apache.log4j.PatternLayout
log4j.appender.splunkrest.layout.ConversionPattern=%m%n
# optionally you can enrich the messages with formatting tokens from the logging framework
#log4j.appender.splunkrest.layout.ConversionPattern=%d{ABSOLUTE} %m%n
#log4j.appender.splunkrest.layout.ConversionPattern=%m loglevel="%p"%n
# Send log events to a Splunk Raw TCP server socket
log4j.appender.splunkrawtcp=com.dtdsoftware.splunk.logging.log4j.appender.SplunkRawTCPAppender
log4j.appender.splunkrawtcp.host=localhost
log4j.appender.splunkrawtcp.port=5150
log4j.appender.splunkrawtcp.maxQueueSize=5MB
log4j.appender.splunkrawtcp.dropEventsOnQueueFull=false
log4j.appender.splunkrawtcp.layout=org.apache.log4j.PatternLayout
log4j.appender.splunkrawtcp.layout.ConversionPattern=%m%n
# optionally you can enrich the messages with formatting tokens from the logging framework
#log4j.appender.splunkrawtcp.layout.ConversionPattern=%d{ABSOLUTE} %m%n
#log4j.appender.splunkrawtcp.layout.ConversionPattern=%m loglevel="%p"%n
#Console appender
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n
<?xml version="1.0" encoding="UTF-8"?>
<!--Example logback configuration using a Splunk REST Appender or Splunk Raw TCP Appender -->
<configuration>
<!--Send log events to a Splunk REST endpoint-->
<appender name="splunkrest" class="com.dtdsoftware.splunk.logging.logback.appender.SplunkRestAppender">
<port>8089</port>
<host>localhost</host>
<delivery>stream</delivery>
<user>admin</user>
<metaSourcetype>testing</metaSourcetype>
<pass>somepass</pass>
<maxQueueSize>5MB</maxQueueSize>
<dropEventsOnQueueFull>false</dropEventsOnQueueFull>
<metaSource>rest</metaSource>
<metaIndex>main</metaIndex>
<layout class="ch.qos.logback.classic.PatternLayout">
<pattern>%m%n</pattern>
<!-- optionally you can enrich the messages with formatting tokens from the logging framework
<pattern>%d %m%n</pattern>
<pattern>%m loglevel="%p"%n</pattern>
-->
</layout>
</appender>
<!--Send log events to a Splunk Raw TCP server socket-->
<appender name="splunkrawtcp" class="com.dtdsoftware.splunk.logging.logback.appender.SplunkRawTCPAppender">
<port>5150</port>
<host>localhost</host>
<maxQueueSize>5MB</maxQueueSize>
<dropEventsOnQueueFull>false</dropEventsOnQueueFull>
<layout class="ch.qos.logback.classic.PatternLayout">
<pattern>%m%n</pattern>
<!-- optionally you can enrich the messages with formatting tokens from the logging framework
<pattern>%d %m%n</pattern>
<pattern>%m loglevel="%p"%n</pattern>
-->
</layout>
</appender>
<!--Send log events to a console-->
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<Target>System.out</Target>
<encoder>
<pattern>%d [%thread] %level %mdc %logger{35} - %msg%n</pattern>
</encoder>
</appender>
<!--Splunk logger-->
<logger name="splunk.logger" additivity="false" level="INFO">
<appender-ref ref="splunkrest"/>
<!-- <appender-ref ref="splunkrawtcp"/> -->
</logger>
<!--Root logger-->
<root level="INFO">
<appender-ref ref="stdout"/>
</root>
</configuration>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.