|
1 |
| -# Splunk Java Logging Framework |
2 |
| - |
3 |
| - |
4 |
| -# IMPORTANT NOTE : |
5 |
| - |
6 |
| -Although this framework is fully functional and stable, since it was released Splunk have now created their own Java Logging Library. |
7 |
| -So I recommend that you use the formally Splunk developed and supported offering that can be found here : http://dev.splunk.com/view/splunk-logging-java/SP-CAAAE2K |
8 |
| - |
9 |
| -## Overview |
10 |
| - |
11 |
| -The purpose of this project is to create a logging framework to allow developers to as seamlessly as possible |
12 |
| -integrate Splunk best practice logging semantics into their code and easily send their log events to Splunk. |
13 |
| -There are also custom handler/appender implementations and config examples for the most prevalent Java logging frameworks in play. |
14 |
| - |
15 |
| -1. LogBack |
16 |
| -2. Log4j 1.x |
17 |
| -3. Log4j 2 |
18 |
| -4. java.util logging |
19 |
| - |
20 |
| -This framework contains : |
21 |
| - |
22 |
| -* java.util.logging handler for logging to Splunk REST endpoints |
23 |
| -* java.util.logging handler for logging to Splunk Raw TCP Server Socket |
24 |
| -* java.util.logging handler for logging to Splunk HEC Endpoint |
25 |
| -* Log4j appender for logging to Splunk REST endpoints |
26 |
| -* Log4j appender for logging to Splunk Raw TCP Server Socket |
27 |
| -* Log4j appender for logging to Splunk HEC Endpoint |
28 |
| -* Logback appender for logging to Splunk REST endpoints |
29 |
| -* Logback appender for logging to Splunk Raw TCP Server Socket |
30 |
| -* Logback appender for logging to Splunk HEC Endpoint |
31 |
| -* Log4j 2 appender for logging to Splunk HEC Endpoint |
32 |
| -* Log4j 2 config examples for TCP and UDP logging |
33 |
| -* Example logging configuration files for all the above |
34 |
| -* Javadocs |
35 |
| - |
36 |
| -If you want to use UDP to send events to Splunk , then Log4j 1.x and Logback already have Syslog Appenders. |
37 |
| -Log4j 2 has a UDP Appender and Syslog Appender. |
38 |
| -And of course you can still use any File appenders and have the file monitored by a Splunk Universal Forwarder. |
39 |
| - |
40 |
| -I generally recommend using the raw TCP or HEC handlers/appenders I have provided , they perform the best, and have features coded into them for auto connection re-establishment and configurable buffering of log events which will get flushed upon reconnection. |
41 |
| - |
42 |
| -## Logging frameworks galore |
43 |
| - |
44 |
| -Log4j 2 and Log4j 1.x are very distinct from one another. |
45 |
| -Logback was actually the "new version" of Log4j 1.x , and then Log4J 2 attempted to improve upon Logback. |
46 |
| -This rather convoluted family tree has essentially transpired with 3 different logging frameworks in play, each with different characteristics. |
47 |
| -Log4j 1.x still has a very large legacy usage base in enterprise software therefore warrants addressing with its own custom appenders and example configurations. |
48 |
| - |
49 |
| -## Splunk Universal Forwarder vs Splunk Java Logging |
50 |
| - |
51 |
| -I always advocate the best practice of using a Splunk Universal Forwarder(UF) monitoring local files wherever possible. |
52 |
| -Not only do you get the features inherent in the UF, but you get the added resiliency of the persistence of files. |
53 |
| -However, there are going to be situations where, for whatever reason(technical or bureaucratic), that a UF can not |
54 |
| -be deployed.In this case, Splunk Java Logging can be used to forward events to Splunk. |
55 |
| -Furthermore, in either scenario, you can still utilize the SplunkLogEvent class to construct your log events in best practice |
56 |
| -semantic format. |
57 |
| - |
58 |
| - |
59 |
| -## Resilience |
60 |
| - |
61 |
| -The HTTP REST ,Raw TCP and HEC handler/appenders have autonomous socket reconnection logic in case of connection failures. |
62 |
| -There is also internal event queuing that is loosely modelled off Splunk's outputs.conf for Universal Forwarders. |
63 |
| -You can set these propertys : |
64 |
| -* maxQueueSize : defaults to 500KB , format [integer|integer[KB|MB|GB]] |
65 |
| -* dropEventsOnQueueFull : defaults to false , format [ true | false] |
66 |
| - |
67 |
| -And you can use a parallel File appender if you absolutely need disk persistence. |
68 |
| - |
69 |
| -## Data Cloning |
70 |
| - |
71 |
| -If you want "data cloning" functionality, then you can leverage the logging configuration and have (n) different appender |
72 |
| -definitions for your various target Indexers. |
73 |
| - |
74 |
| -## Load Balancing |
75 |
| - |
76 |
| -If you wish to have load balancing of your log events, then configure your logging appenders to send to a Splunk Universal Forwarder acting |
77 |
| -as a load balancing intermediary before you Indexer Cluster. |
78 |
| - |
79 |
| -## Failover |
80 |
| - |
81 |
| -Log4J 2 has a Failover appender you can use : http://logging.apache.org/log4j/2.x/manual/appenders.html#FailoverAppender |
82 |
| -There is an example in config/log4j2.xml |
83 |
| - |
84 |
| -## Routing |
85 |
| - |
86 |
| -Log4J 2 has a Routing appender you can use : http://logging.apache.org/log4j/2.x/manual/appenders.html#RoutingAppender |
87 |
| - |
88 |
| -## Thread Safety |
89 |
| - |
90 |
| -Log4j and Logback are thread safe. |
91 |
| - |
92 |
| -## License |
93 |
| - |
94 |
| -The Splunk Java Logging Framework is licensed under the Creative Commons 3.0 License. |
95 |
| -Details can be found in the file LICENSE. |
96 |
| - |
97 |
| -## Quick Start |
98 |
| - |
99 |
| -1. Untar releases/splunklogging-1.3.tar.gz |
100 |
| -2. All the required jar files are in the lib directory.. |
101 |
| -3. Assume you know how to setup your classpath to use your preferred logging framework implementation. |
102 |
| -4. There is a simple code example here https://github.com/damiendallimore/SplunkJavaLogging/blob/master/src/com/splunk/logging/examples/Example.java |
103 |
| -5. There are sample logging config files in the config directory for the 4 logging frameworks |
104 |
| - |
105 |
| -## Splunk |
106 |
| - |
107 |
| -If you haven't already installed Splunk, download it here: |
108 |
| -http://www.splunk.com/download. For more about installing and running Splunk |
109 |
| -and system requirements, see Installing & Running Splunk |
110 |
| -(http://dev.splunk.com/view/SP-CAAADRV). |
111 |
| - |
112 |
| -## Contribute |
113 |
| - |
114 |
| -Get the Splunk Java Logging Framework from GitHub (https://github.com/) and clone the |
115 |
| -resources to your computer. For example, use the following command: |
116 |
| - |
117 |
| -> git clone https://github.com/damiendallimore/SplunkJavaLogging.git |
118 |
| -
|
119 |
| - |
120 |
| -## Contact |
121 |
| - |
122 |
| -This project was initiated by Damien Dallimore |
123 |
| -<table> |
124 |
| - |
125 |
| -<tr> |
126 |
| -<td><em>Email</em></td> |
127 |
| -<td>ddallimore@splunk.com</td> |
128 |
| -</tr> |
129 |
| - |
130 |
| -<tr> |
131 |
| -<td><em>Twitter</em> |
132 |
| -<td>@damiendallimore</td> |
133 |
| -</tr> |
134 |
| - |
135 |
| -<tr> |
136 |
| -<td><em>Splunkbase.com</em> |
137 |
| -<td>damiend</td> |
138 |
| -</tr> |
139 |
| - |
140 |
| -</table> |
141 |
| - |
142 |
| - |
143 |
| - |
144 |
| - |
145 |
| - |
146 |
| - |
147 |
| - |
148 |
| - |
149 |
| - |
150 |
| - |
151 |
| - |
152 |
| - |
153 |
| - |
| 1 | +# Splunk Java Logging Framework v1.4 |
| 2 | + |
| 3 | +## Activation Key |
| 4 | + |
| 5 | +You require an activation key to use these libraries. Visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key |
| 6 | + |
| 7 | +## Overview |
| 8 | + |
| 9 | +The purpose of this project is to create a logging framework to allow developers to as seamlessly as possible |
| 10 | +integrate Splunk best practice logging semantics into their code and easily send their log events to Splunk. |
| 11 | +There are also custom handler/appender implementations and config examples for the most prevalent Java logging frameworks in play. |
| 12 | + |
| 13 | +1. LogBack |
| 14 | +2. Log4j 1.x |
| 15 | +3. Log4j 2 |
| 16 | +4. java.util logging |
| 17 | + |
| 18 | +This framework contains : |
| 19 | + |
| 20 | +* java.util.logging handler for logging to Splunk REST endpoints |
| 21 | +* java.util.logging handler for logging to Splunk Raw TCP Server Socket |
| 22 | +* java.util.logging handler for logging to Splunk HEC Endpoint |
| 23 | +* Log4j appender for logging to Splunk REST endpoints |
| 24 | +* Log4j appender for logging to Splunk Raw TCP Server Socket |
| 25 | +* Log4j appender for logging to Splunk HEC Endpoint |
| 26 | +* Logback appender for logging to Splunk REST endpoints |
| 27 | +* Logback appender for logging to Splunk Raw TCP Server Socket |
| 28 | +* Logback appender for logging to Splunk HEC Endpoint |
| 29 | +* Log4j 2 appender for logging to Splunk HEC Endpoint |
| 30 | +* Log4j 2 config examples for TCP and UDP logging |
| 31 | +* Example logging configuration files for all the above |
| 32 | +* Javadocs |
| 33 | + |
| 34 | +If you want to use UDP to send events to Splunk , then Log4j 1.x and Logback already have Syslog Appenders. |
| 35 | +Log4j 2 has a UDP Appender and Syslog Appender. |
| 36 | +And of course you can still use any File appenders and have the file monitored by a Splunk Universal Forwarder. |
| 37 | + |
| 38 | +I generally recommend using the raw TCP or HEC handlers/appenders I have provided , they perform the best, and have features coded into them for auto connection re-establishment and configurable buffering of log events which will get flushed upon reconnection. |
| 39 | + |
| 40 | +## Logging frameworks galore |
| 41 | + |
| 42 | +Log4j 2 and Log4j 1.x are very distinct from one another. |
| 43 | +Logback was actually the "new version" of Log4j 1.x , and then Log4J 2 attempted to improve upon Logback. |
| 44 | +This rather convoluted family tree has essentially transpired with 3 different logging frameworks in play, each with different characteristics. |
| 45 | +Log4j 1.x still has a very large legacy usage base in enterprise software therefore warrants addressing with its own custom appenders and example configurations. |
| 46 | + |
| 47 | +## Splunk Universal Forwarder vs Splunk Java Logging |
| 48 | + |
| 49 | +I always advocate the best practice of using a Splunk Universal Forwarder(UF) monitoring local files wherever possible. |
| 50 | +Not only do you get the features inherent in the UF, but you get the added resiliency of the persistence of files. |
| 51 | +However, there are going to be situations where, for whatever reason(technical or bureaucratic), that a UF can not |
| 52 | +be deployed.In this case, Splunk Java Logging can be used to forward events to Splunk. |
| 53 | +Furthermore, in either scenario, you can still utilize the SplunkLogEvent class to construct your log events in best practice |
| 54 | +semantic format. |
| 55 | + |
| 56 | + |
| 57 | +## Resilience |
| 58 | + |
| 59 | +The HTTP REST ,Raw TCP and HEC handler/appenders have autonomous socket reconnection logic in case of connection failures. |
| 60 | +There is also internal event queuing that is loosely modelled off Splunk's outputs.conf for Universal Forwarders. |
| 61 | +You can set these propertys : |
| 62 | +* maxQueueSize : defaults to 500KB , format [integer|integer[KB|MB|GB]] |
| 63 | +* dropEventsOnQueueFull : defaults to false , format [ true | false] |
| 64 | + |
| 65 | +And you can use a parallel File appender if you absolutely need disk persistence. |
| 66 | + |
| 67 | +## Data Cloning |
| 68 | + |
| 69 | +If you want "data cloning" functionality, then you can leverage the logging configuration and have (n) different appender |
| 70 | +definitions for your various target Indexers. |
| 71 | + |
| 72 | +## Load Balancing |
| 73 | + |
| 74 | +If you wish to have load balancing of your log events, then configure your logging appenders to send to a Splunk Universal Forwarder acting |
| 75 | +as a load balancing intermediary before you Indexer Cluster. |
| 76 | + |
| 77 | +## Failover |
| 78 | + |
| 79 | +Log4J 2 has a Failover appender you can use : http://logging.apache.org/log4j/2.x/manual/appenders.html#FailoverAppender |
| 80 | +There is an example in config/log4j2.xml |
| 81 | + |
| 82 | +## Routing |
| 83 | + |
| 84 | +Log4J 2 has a Routing appender you can use : http://logging.apache.org/log4j/2.x/manual/appenders.html#RoutingAppender |
| 85 | + |
| 86 | +## Thread Safety |
| 87 | + |
| 88 | +Log4j and Logback are thread safe. |
| 89 | + |
| 90 | +## License |
| 91 | + |
| 92 | +The Splunk Java Logging Framework is licensed under the Creative Commons 3.0 License. |
| 93 | +Details can be found in the file LICENSE. |
| 94 | + |
| 95 | +## Quick Start |
| 96 | + |
| 97 | +1. Untar releases/splunklogging-1.4.tar.gz |
| 98 | +2. All the required jar files are in the lib directory.. |
| 99 | +3. Assume you know how to setup your classpath to use your preferred logging framework implementation. |
| 100 | +4. There is a simple code example here https://github.com/damiendallimore/SplunkJavaLogging/blob/master/src/com/splunk/logging/examples/Example.java |
| 101 | +5. There are sample logging config files in the config directory for the 4 logging frameworks |
| 102 | + |
| 103 | +## Splunk |
| 104 | + |
| 105 | +If you haven't already installed Splunk, download it here: |
| 106 | +http://www.splunk.com/download. For more about installing and running Splunk |
| 107 | +and system requirements, see Installing & Running Splunk |
| 108 | +(http://dev.splunk.com/view/SP-CAAADRV). |
| 109 | + |
| 110 | +## Contribute |
| 111 | + |
| 112 | +Get the Splunk Java Logging Framework from GitHub (https://github.com/) and clone the |
| 113 | +resources to your computer. For example, use the following command: |
| 114 | + |
| 115 | +> git clone https://github.com/damiendallimore/SplunkJavaLogging.git |
| 116 | +
|
| 117 | + |
| 118 | +## Contact |
| 119 | + |
| 120 | +This project was initiated by Damien Dallimore |
| 121 | +<table> |
| 122 | + |
| 123 | +<tr> |
| 124 | +<td><em>Email</em></td> |
| 125 | +<td>damien@baboonbones.com</td> |
| 126 | +</tr> |
| 127 | + |
| 128 | +<tr> |
| 129 | +<td><em>Twitter</em> |
| 130 | +<td>@damiendallimore</td> |
| 131 | +</tr> |
| 132 | + |
| 133 | +<tr> |
| 134 | +<td><em>Splunkbase.com</em> |
| 135 | +<td>damiend</td> |
| 136 | +</tr> |
| 137 | + |
| 138 | +</table> |
| 139 | + |
| 140 | + |
| 141 | + |
| 142 | + |
| 143 | + |
| 144 | + |
| 145 | + |
| 146 | + |
| 147 | + |
| 148 | + |
| 149 | + |
| 150 | + |
| 151 | + |
0 commit comments