11# Splunk Java Logging Framework
22
33The purpose of this project is to create a logging framework to allow developers to as seamlessly as possible
4- integrate Splunk best practice logging semantics into their code.
5- There are also custom handler/appender implementations for the 3 most prevalent Java logging frameworks in play.
4+ integrate Splunk best practice logging semantics into their code and easily send their log events to Splunk .
5+ There are also custom handler/appender implementations and config examples for the most prevalent Java logging frameworks in play.
66
771. LogBack
8- 2. Log4j
9- 3. java.util logging
8+ 2. Log4j 1.x
9+ 3 . Log4j 2
10+ 4. java.util logging
1011
1112This framework contains :
1213
@@ -20,9 +21,21 @@ This framework contains :
2021* Example logging configuration files
2122* Javadocs
2223
23- If you want to use UDP to send events to Splunk , then Log4j and Logback already have Syslog Appenders.
24+ If you want to use UDP to send events to Splunk , then Log4j 1.x and Logback already have Syslog Appenders.
25+ Log4j 2 has a UDP Appender and Syslog Appender.
2426And of course you can still use any File appenders and have the file monitored by a Splunk Universal Forwarder.
2527
28+ I generally recommend using the raw TCP handlers/appenders I have provided , they perform the best, and have features coded into them for
29+ auto connection re-establishment and configurable buffering of log events which will get flushed upon reconnection.
30+
31+ ## Logging frameworks galore
32+
33+ Log4j 2 and Log4j 1.x are very distinct from one another.
34+ Logback was actually the "new version" of Log4j 1.x , and then Log4J 2 attempted to improve upon Logback.
35+ This rather convoluted family tree has essentially transpired with 3 different logging frameworks in play, each with different characteristics.
36+ Log4j 1.x still has a very large legacy usage base in enterprise software therefore warrants addressing with its own custom appenders
37+ and example configurations.
38+
2639## Splunk Universal Forwarder vs Splunk Java Logging
2740
2841I always advocate the best practice of using a Splunk Universal Forwarder(UF) monitoring local files wherever possible.
@@ -32,9 +45,6 @@ be deployed.In this case, Splunk Java Logging can be used to forward events to S
3245Furthermore, in either scenario, you can still utilize the SplunkLogEvent class to construct your log events in best practice
3346semantic format.
3447
35- #Log4J2
36-
37- I have included a sample configuration file for sending events to Splunk over raw TCP and UDP
3848
3949## Resilience
4050
@@ -59,6 +69,11 @@ as a load balancing intermediary before you Indexer Cluster.
5969## Failover
6070
6171Log4J 2 has a Failover appender you can use : http://logging.apache.org/log4j/2.x/manual/appenders.html#FailoverAppender
72+ There is an example in config/log4j2.xml
73+
74+ ## Routing
75+
76+ Log4J 2 has a Routing appender you can use : http://logging.apache.org/log4j/2.x/manual/appenders.html#RoutingAppender
6277
6378## Thread Safety
6479
0 commit comments