Welcome to Splunk logging for Java!
Splunk logging for Java enables you to log events to either HTTP Event Collector or a TCP input on a Splunk Enterprise instance from within your Java applications. You can use any of the three major Java logging frameworks: Logback, Log4j 2, and java.util.logging. Splunk logging for Java is also enabled for Simple Logging Facade for Java (SLF4J).
Note: If you are new to Java logging, or just need a refresher, the following are good starting points:
- Java Logging Overview from Oracle Java documentation
- Jacob Jenkov's Java logging tutorial (covers java.util.logging)
- log4j tutorial on Tutorials Point
- "Using slf4j with logback tutorial" on Java Code Geeks
In particular, Splunk logging for Java provides:
HTTP Event Collector is ideal if you want to log data from your Java application in any of the following scenarios:
Alternately, you can log to a TCP input either directly or by first logging to a file and then using a Splunk Universal Forwarder to monitor the file and send data any time the file is updated. Doing so gives you the features of the Universal Forwarder, plus added robustness from having persistent files. In either case, you can use the SplunkCimLogEvent class provided by this library to construct your log events according to Splunk recommended best practices.
To get started with logging to Splunk HTTP Event Collector using Splunk logging for Java, you should first understand how HTTP Event Collector works, and what you need to configure before you can use it.
Once you're familiar with HTTP Event Collector, you can proceed to the Get started with Splunk logging for Java topic.
To get started with logging to Splunk Enterprise TCP inputs, you should first understand how network inputs work in Splunk Enterprise, and what you need to configure before you can use them.
Once you're familiar with TCP inputs, you can proceed to the Get started with Splunk logging for Java topic.
Splunk logging for Java is comprised of two groups of classes within com.splunk.logging--one for logging to HTTP Event Collector and another for logging to TCP inputs.
There are five classes for logging to HTTP Event Collector:
In addition, the HttpInputEventSender class is an internal helper class that is used by the other classes in the library. Do not use this class.
There are two classes for logging to TCP inputs:
This section contains notes on resilience, load balancing, and thread safety.
All of the appenders mentioned in the documentation will attempt to reconnect in case of dropped connections.
It's easy to set up HTTP Event Collector in a load balanced Splunk environment. See High volume HTTP Event Collector data collection using distributed deployment for more information about your options.
For TCP inputs, you can set up a Splunk Universal Forwarder, and then have all your logging sources write to that TCP input. Use the Universal Forwarder's load balancing features to distribute the data from there to a set of indexers.
For HTTP Event Collector, Log4J, Logback, and java.util.logging adapters for HTTP Event Collector are thread-safe.
For TCP inputs, Log4J and Logback are thread-safe.