Skip to content

Commit be376e6

Browse files
author
Damien Dallimore
committed
added activation key
1 parent 3092752 commit be376e6

File tree

105 files changed

+22696
-27088
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

105 files changed

+22696
-27088
lines changed

README.md

Lines changed: 151 additions & 153 deletions
Original file line numberDiff line numberDiff line change
@@ -1,153 +1,151 @@
1-
# Splunk Java Logging Framework
2-
3-
4-
# IMPORTANT NOTE :
5-
6-
Although this framework is fully functional and stable, since it was released Splunk have now created their own Java Logging Library.
7-
So I recommend that you use the formally Splunk developed and supported offering that can be found here : http://dev.splunk.com/view/splunk-logging-java/SP-CAAAE2K
8-
9-
## Overview
10-
11-
The purpose of this project is to create a logging framework to allow developers to as seamlessly as possible
12-
integrate Splunk best practice logging semantics into their code and easily send their log events to Splunk.
13-
There are also custom handler/appender implementations and config examples for the most prevalent Java logging frameworks in play.
14-
15-
1. LogBack
16-
2. Log4j 1.x
17-
3. Log4j 2
18-
4. java.util logging
19-
20-
This framework contains :
21-
22-
* java.util.logging handler for logging to Splunk REST endpoints
23-
* java.util.logging handler for logging to Splunk Raw TCP Server Socket
24-
* java.util.logging handler for logging to Splunk HEC Endpoint
25-
* Log4j appender for logging to Splunk REST endpoints
26-
* Log4j appender for logging to Splunk Raw TCP Server Socket
27-
* Log4j appender for logging to Splunk HEC Endpoint
28-
* Logback appender for logging to Splunk REST endpoints
29-
* Logback appender for logging to Splunk Raw TCP Server Socket
30-
* Logback appender for logging to Splunk HEC Endpoint
31-
* Log4j 2 appender for logging to Splunk HEC Endpoint
32-
* Log4j 2 config examples for TCP and UDP logging
33-
* Example logging configuration files for all the above
34-
* Javadocs
35-
36-
If you want to use UDP to send events to Splunk , then Log4j 1.x and Logback already have Syslog Appenders.
37-
Log4j 2 has a UDP Appender and Syslog Appender.
38-
And of course you can still use any File appenders and have the file monitored by a Splunk Universal Forwarder.
39-
40-
I generally recommend using the raw TCP or HEC handlers/appenders I have provided , they perform the best, and have features coded into them for auto connection re-establishment and configurable buffering of log events which will get flushed upon reconnection.
41-
42-
## Logging frameworks galore
43-
44-
Log4j 2 and Log4j 1.x are very distinct from one another.
45-
Logback was actually the "new version" of Log4j 1.x , and then Log4J 2 attempted to improve upon Logback.
46-
This rather convoluted family tree has essentially transpired with 3 different logging frameworks in play, each with different characteristics.
47-
Log4j 1.x still has a very large legacy usage base in enterprise software therefore warrants addressing with its own custom appenders and example configurations.
48-
49-
## Splunk Universal Forwarder vs Splunk Java Logging
50-
51-
I always advocate the best practice of using a Splunk Universal Forwarder(UF) monitoring local files wherever possible.
52-
Not only do you get the features inherent in the UF, but you get the added resiliency of the persistence of files.
53-
However, there are going to be situations where, for whatever reason(technical or bureaucratic), that a UF can not
54-
be deployed.In this case, Splunk Java Logging can be used to forward events to Splunk.
55-
Furthermore, in either scenario, you can still utilize the SplunkLogEvent class to construct your log events in best practice
56-
semantic format.
57-
58-
59-
## Resilience
60-
61-
The HTTP REST ,Raw TCP and HEC handler/appenders have autonomous socket reconnection logic in case of connection failures.
62-
There is also internal event queuing that is loosely modelled off Splunk's outputs.conf for Universal Forwarders.
63-
You can set these propertys :
64-
* maxQueueSize : defaults to 500KB , format [integer|integer[KB|MB|GB]]
65-
* dropEventsOnQueueFull : defaults to false , format [ true | false]
66-
67-
And you can use a parallel File appender if you absolutely need disk persistence.
68-
69-
## Data Cloning
70-
71-
If you want "data cloning" functionality, then you can leverage the logging configuration and have (n) different appender
72-
definitions for your various target Indexers.
73-
74-
## Load Balancing
75-
76-
If you wish to have load balancing of your log events, then configure your logging appenders to send to a Splunk Universal Forwarder acting
77-
as a load balancing intermediary before you Indexer Cluster.
78-
79-
## Failover
80-
81-
Log4J 2 has a Failover appender you can use : http://logging.apache.org/log4j/2.x/manual/appenders.html#FailoverAppender
82-
There is an example in config/log4j2.xml
83-
84-
## Routing
85-
86-
Log4J 2 has a Routing appender you can use : http://logging.apache.org/log4j/2.x/manual/appenders.html#RoutingAppender
87-
88-
## Thread Safety
89-
90-
Log4j and Logback are thread safe.
91-
92-
## License
93-
94-
The Splunk Java Logging Framework is licensed under the Creative Commons 3.0 License.
95-
Details can be found in the file LICENSE.
96-
97-
## Quick Start
98-
99-
1. Untar releases/splunklogging-1.3.tar.gz
100-
2. All the required jar files are in the lib directory..
101-
3. Assume you know how to setup your classpath to use your preferred logging framework implementation.
102-
4. There is a simple code example here https://github.com/damiendallimore/SplunkJavaLogging/blob/master/src/com/splunk/logging/examples/Example.java
103-
5. There are sample logging config files in the config directory for the 4 logging frameworks
104-
105-
## Splunk
106-
107-
If you haven't already installed Splunk, download it here:
108-
http://www.splunk.com/download. For more about installing and running Splunk
109-
and system requirements, see Installing & Running Splunk
110-
(http://dev.splunk.com/view/SP-CAAADRV).
111-
112-
## Contribute
113-
114-
Get the Splunk Java Logging Framework from GitHub (https://github.com/) and clone the
115-
resources to your computer. For example, use the following command:
116-
117-
> git clone https://github.com/damiendallimore/SplunkJavaLogging.git
118-
119-
120-
## Contact
121-
122-
This project was initiated by Damien Dallimore
123-
<table>
124-
125-
<tr>
126-
<td><em>Email</em></td>
127-
<td>ddallimore@splunk.com</td>
128-
</tr>
129-
130-
<tr>
131-
<td><em>Twitter</em>
132-
<td>@damiendallimore</td>
133-
</tr>
134-
135-
<tr>
136-
<td><em>Splunkbase.com</em>
137-
<td>damiend</td>
138-
</tr>
139-
140-
</table>
141-
142-
143-
144-
145-
146-
147-
148-
149-
150-
151-
152-
153-
1+
# Splunk Java Logging Framework v1.4
2+
3+
## Activation Key
4+
5+
You require an activation key to use these libraries. Visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
6+
7+
## Overview
8+
9+
The purpose of this project is to create a logging framework to allow developers to as seamlessly as possible
10+
integrate Splunk best practice logging semantics into their code and easily send their log events to Splunk.
11+
There are also custom handler/appender implementations and config examples for the most prevalent Java logging frameworks in play.
12+
13+
1. LogBack
14+
2. Log4j 1.x
15+
3. Log4j 2
16+
4. java.util logging
17+
18+
This framework contains :
19+
20+
* java.util.logging handler for logging to Splunk REST endpoints
21+
* java.util.logging handler for logging to Splunk Raw TCP Server Socket
22+
* java.util.logging handler for logging to Splunk HEC Endpoint
23+
* Log4j appender for logging to Splunk REST endpoints
24+
* Log4j appender for logging to Splunk Raw TCP Server Socket
25+
* Log4j appender for logging to Splunk HEC Endpoint
26+
* Logback appender for logging to Splunk REST endpoints
27+
* Logback appender for logging to Splunk Raw TCP Server Socket
28+
* Logback appender for logging to Splunk HEC Endpoint
29+
* Log4j 2 appender for logging to Splunk HEC Endpoint
30+
* Log4j 2 config examples for TCP and UDP logging
31+
* Example logging configuration files for all the above
32+
* Javadocs
33+
34+
If you want to use UDP to send events to Splunk , then Log4j 1.x and Logback already have Syslog Appenders.
35+
Log4j 2 has a UDP Appender and Syslog Appender.
36+
And of course you can still use any File appenders and have the file monitored by a Splunk Universal Forwarder.
37+
38+
I generally recommend using the raw TCP or HEC handlers/appenders I have provided , they perform the best, and have features coded into them for auto connection re-establishment and configurable buffering of log events which will get flushed upon reconnection.
39+
40+
## Logging frameworks galore
41+
42+
Log4j 2 and Log4j 1.x are very distinct from one another.
43+
Logback was actually the "new version" of Log4j 1.x , and then Log4J 2 attempted to improve upon Logback.
44+
This rather convoluted family tree has essentially transpired with 3 different logging frameworks in play, each with different characteristics.
45+
Log4j 1.x still has a very large legacy usage base in enterprise software therefore warrants addressing with its own custom appenders and example configurations.
46+
47+
## Splunk Universal Forwarder vs Splunk Java Logging
48+
49+
I always advocate the best practice of using a Splunk Universal Forwarder(UF) monitoring local files wherever possible.
50+
Not only do you get the features inherent in the UF, but you get the added resiliency of the persistence of files.
51+
However, there are going to be situations where, for whatever reason(technical or bureaucratic), that a UF can not
52+
be deployed.In this case, Splunk Java Logging can be used to forward events to Splunk.
53+
Furthermore, in either scenario, you can still utilize the SplunkLogEvent class to construct your log events in best practice
54+
semantic format.
55+
56+
57+
## Resilience
58+
59+
The HTTP REST ,Raw TCP and HEC handler/appenders have autonomous socket reconnection logic in case of connection failures.
60+
There is also internal event queuing that is loosely modelled off Splunk's outputs.conf for Universal Forwarders.
61+
You can set these propertys :
62+
* maxQueueSize : defaults to 500KB , format [integer|integer[KB|MB|GB]]
63+
* dropEventsOnQueueFull : defaults to false , format [ true | false]
64+
65+
And you can use a parallel File appender if you absolutely need disk persistence.
66+
67+
## Data Cloning
68+
69+
If you want "data cloning" functionality, then you can leverage the logging configuration and have (n) different appender
70+
definitions for your various target Indexers.
71+
72+
## Load Balancing
73+
74+
If you wish to have load balancing of your log events, then configure your logging appenders to send to a Splunk Universal Forwarder acting
75+
as a load balancing intermediary before you Indexer Cluster.
76+
77+
## Failover
78+
79+
Log4J 2 has a Failover appender you can use : http://logging.apache.org/log4j/2.x/manual/appenders.html#FailoverAppender
80+
There is an example in config/log4j2.xml
81+
82+
## Routing
83+
84+
Log4J 2 has a Routing appender you can use : http://logging.apache.org/log4j/2.x/manual/appenders.html#RoutingAppender
85+
86+
## Thread Safety
87+
88+
Log4j and Logback are thread safe.
89+
90+
## License
91+
92+
The Splunk Java Logging Framework is licensed under the Creative Commons 3.0 License.
93+
Details can be found in the file LICENSE.
94+
95+
## Quick Start
96+
97+
1. Untar releases/splunklogging-1.4.tar.gz
98+
2. All the required jar files are in the lib directory..
99+
3. Assume you know how to setup your classpath to use your preferred logging framework implementation.
100+
4. There is a simple code example here https://github.com/damiendallimore/SplunkJavaLogging/blob/master/src/com/splunk/logging/examples/Example.java
101+
5. There are sample logging config files in the config directory for the 4 logging frameworks
102+
103+
## Splunk
104+
105+
If you haven't already installed Splunk, download it here:
106+
http://www.splunk.com/download. For more about installing and running Splunk
107+
and system requirements, see Installing & Running Splunk
108+
(http://dev.splunk.com/view/SP-CAAADRV).
109+
110+
## Contribute
111+
112+
Get the Splunk Java Logging Framework from GitHub (https://github.com/) and clone the
113+
resources to your computer. For example, use the following command:
114+
115+
> git clone https://github.com/damiendallimore/SplunkJavaLogging.git
116+
117+
118+
## Contact
119+
120+
This project was initiated by Damien Dallimore
121+
<table>
122+
123+
<tr>
124+
<td><em>Email</em></td>
125+
<td>damien@baboonbones.com</td>
126+
</tr>
127+
128+
<tr>
129+
<td><em>Twitter</em>
130+
<td>@damiendallimore</td>
131+
</tr>
132+
133+
<tr>
134+
<td><em>Splunkbase.com</em>
135+
<td>damiend</td>
136+
</tr>
137+
138+
</table>
139+
140+
141+
142+
143+
144+
145+
146+
147+
148+
149+
150+
151+

RELEASE_NOTES.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,9 @@
1+
1.4
2+
---
3+
Added an activation key requirement , visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
4+
Docs updated
5+
Splunk 7.1 compatible
6+
17
1.3
28
---
39

build/build.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
version=1.3
1+
version=1.4
22

33
src=src
44
classes=classes

config/jdklogging.properties

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@
22

33
#handlers = java.util.logging.ConsoleHandler
44
#handlers = com.splunk.logging.jdk.handler.SplunkRestHandler
5-
#handlers = com.splunk.logging.jdk.handler.SplunkRawTCPHandler
6-
handlers = com.splunk.logging.jdk.handler.SplunkHECHandler
5+
handlers = com.splunk.logging.jdk.handler.SplunkRawTCPHandler
6+
#handlers = com.splunk.logging.jdk.handler.SplunkHECHandler
77

88
# Set the default logging level for the root logger
99
.level = INFO
@@ -12,6 +12,8 @@ handlers = com.splunk.logging.jdk.handler.SplunkHECHandler
1212
splunk.logger = INFO
1313

1414
# Set the default logging level for new SplunkRestHandler instances
15+
# Visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
16+
com.splunk.logging.jdk.handler.SplunkRestHandler.activationKey=YOURKEY
1517
com.splunk.logging.jdk.handler.SplunkRestHandler.level=INFO
1618
com.splunk.logging.jdk.handler.SplunkRestHandler.user=admin
1719
com.splunk.logging.jdk.handler.SplunkRestHandler.pass=somepass
@@ -25,13 +27,17 @@ com.splunk.logging.jdk.handler.SplunkRestHandler.maxQueueSize=5MB
2527
com.splunk.logging.jdk.handler.SplunkRestHandler.dropEventsOnQueueFull=false
2628

2729
# Set the default logging level for new SplunkRawTCPHandler instances
30+
# Visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
31+
com.splunk.logging.jdk.handler.SplunkRawTCPHandler.activationKey=YOURKEY
2832
com.splunk.logging.jdk.handler.SplunkRawTCPHandler.level=INFO
2933
com.splunk.logging.jdk.handler.SplunkRawTCPHandler.host=somehost
3034
com.splunk.logging.jdk.handler.SplunkRawTCPHandler.port=5151
3135
com.splunk.logging.jdk.handler.SplunkRawTCPHandler.maxQueueSize=5MB
3236
com.splunk.logging.jdk.handler.SplunkRawTCPHandler.dropEventsOnQueueFull=false
3337

3438
# Set the default logging level for new SplunkHECHandler instances
39+
# Visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
40+
com.splunk.logging.jdk.handler.SplunkHECHandler.activationKey=YOURKEY
3541
com.splunk.logging.jdk.handler.SplunkHECHandler.level=INFO
3642
com.splunk.logging.jdk.handler.SplunkHECHandler.host=localhost
3743
com.splunk.logging.jdk.handler.SplunkHECHandler.port=8088

config/log4j.properties

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,14 @@
44
log4j.rootLogger=DEBUG,stdout
55

66
#Splunk logger
7-
log4j.logger.splunk.logger=INFO, splunkhec
8-
#log4j.logger.splunk.logger=INFO, splunkrawtcp
7+
#log4j.logger.splunk.logger=INFO, splunkhec
8+
log4j.logger.splunk.logger=INFO, splunkrawtcp
99
log4j.additivity.splunk.logger=false
1010

1111
# Send log events to a Splunk REST endpoint
1212
log4j.appender.splunkrest=com.splunk.logging.log4j.appender.SplunkRestAppender
13+
# Visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
14+
log4j.appender.splunkrest.activationKey=YOURKEY
1315
log4j.appender.splunkrest.user=admin
1416
log4j.appender.splunkrest.pass=somepass
1517
log4j.appender.splunkrest.host=localhost
@@ -28,8 +30,10 @@ log4j.appender.splunkrest.layout.ConversionPattern=%m%n
2830

2931
# Send log events to a Splunk Raw TCP server socket
3032
log4j.appender.splunkrawtcp=com.splunk.logging.log4j.appender.SplunkRawTCPAppender
33+
# Visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
34+
log4j.appender.splunkrawtcp.activationKey=YOURKEY
3135
log4j.appender.splunkrawtcp.host=localhost
32-
log4j.appender.splunkrawtcp.port=5150
36+
log4j.appender.splunkrawtcp.port=5151
3337
log4j.appender.splunkrawtcp.maxQueueSize=5MB
3438
log4j.appender.splunkrawtcp.dropEventsOnQueueFull=false
3539
log4j.appender.splunkrawtcp.layout=org.apache.log4j.PatternLayout
@@ -40,6 +44,8 @@ log4j.appender.splunkrawtcp.layout.ConversionPattern=%m%n
4044

4145
# Send log events to a Splunk HEC Endpoint
4246
log4j.appender.splunkhec=com.splunk.logging.log4j.appender.SplunkHECAppender
47+
# Visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
48+
log4j.appender.splunkhec.activationKey=YOURKEY
4349
log4j.appender.splunkhec.host=localhost
4450
log4j.appender.splunkhec.port=8088
4551
log4j.appender.splunkhec.token=4DBFC24E-19A2-4D31-9055-2139C818DBDD

0 commit comments

Comments
 (0)