Splunk HttpEventCollectorLogbackAppender how to set source and host?

I am using Splunk's HttpEventCollectorLogbackAppender to automatically send application logs to Splunk. I am trying to set the host, source and sourcetype type, but I will not be able to send them to Splunk.

Is it possible to set the host, source or sourcetype using Splunk HttpEventCollectorLogbackAppender, and if so, how to do it?

I am trying to send JSON and it does not seem to work.

Here is the documentation that tells which options are available and says that they should be passed as a query string, but since I'm using the Splunk appender from the box, I'm not sure how to install them.

http://dev.splunk.com/view/event-collector/SP-CAAAE6P

Share the backup application:

... <!-- SPLUNK appender --> <appender name="SPLUNK" class="com.splunk.logging.HttpEventCollectorLogbackAppender"> <url>http://myurl:8088</url> <token>mytoken</token> <disableCertificateValidation>true</disableCertificateValidation> <batch_size_count>1</batch_size_count> <layout class="ch.qos.logback.classic.PatternLayout"> <pattern>%logger: %msg%n</pattern> </layout> </appender> <root level="INFO"> <appender-ref ref="SPLUNK"/> </root> ... 

Log line example

 Logger logger = LoggerFactory.getLogger(MyClass.class); logger.debug("I'm logging debug stuff"); 
+6
source share
1 answer

Any setters on the HttpEventCollectorLogbackAppender can be added to your log configuration.

So, to call setHost , setSource and setSourcetype , you add them to your log configuration like this:

 <appender name="SPLUNK" class="com.splunk.logging.HttpEventCollectorLogbackAppender"> <url>http://myurl:8088</url> <host>x</host> <source>y</source> <sourcetype>z</sourcetype> <token>mytoken</token> <disableCertificateValidation>true</disableCertificateValidation> <batch_size_count>1</batch_size_count> <layout class="ch.qos.logback.classic.PatternLayout"> <pattern>%logger: %msg%n</pattern> </layout> </appender> 
+3
source

Source: https://habr.com/ru/post/1012960/


All Articles