'How to read Spring Boot application log files into Splunk? [closed]

I am looking to send log data from the application to Splunk. I came to know that there is nothing to do with spring, it's just Splunk needs some configurations to read Application's Logs files. I want to know how we can make Splunk read Applications Log files.

Please help me out with Splunk integration with Spring Boot. It will be great if you provided any code snippets or references.

spring-boot splunk

Solution 1:^[1]

In terms of integration, what are you after? Are you looking to bring data in from Splunk for use in your Sprint Boot application, or are you looking to send data from your application into Splunk?

For logging into Splunk, I suggest you look at the following:

If you are looking to interact with the Splunk application and run queries against it, look at the Splunk Java SDK, https://dev.splunk.com/enterprise/docs/java/sdk-java/howtousesdkjava/

Solution 2:^[2]

Here are the steps which I have followed to integrate Splunk successfully into my Spring Boot application:

Set up the repository in the pom.xml file by adding the following:

 <repositories>
     <repository>
         <id>splunk-artifactory</id>  
         <name>Splunk Releases</name>
         <url>https://splunk.jfrog.io/splunk/ext-releases-local</url>
     </repository>
 </repositories>

Add the maven dependency for Splunk jar, within the dependencies tags, which will download and setup the Splunk jar file in the project (In my case the jar file is splunk-1.6.5.0.jar):
```
 <dependency>
     <groupId>com.splunk</groupId>
     <artifactId>splunk</artifactId>
     <version>1.6.5.0</version>
 </dependency>
```

Configure and run the Splunk query from your controller / service / main class:

 package com.my.test;

 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.util.HashMap;
 import java.util.Map;

 import org.springframework.boot.autoconfigure.SpringBootApplication;

 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.splunk.Args;
 import com.splunk.HttpService;
 import com.splunk.Job;
 import com.splunk.SSLSecurityProtocol;
 import com.splunk.Service;

 @SpringBootApplication
 public class Main {

     public static String username = "your username";
     public static String password = "your password";
     public static String host = "your splunk host url like - splunk-xx-test.abc.com";
     public static int port = 8089;
     public static String scheme = "https";

     public static Service getSplunkService() {

         HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);

         Map<String, Object> connectionArgs = new HashMap<>();

         connectionArgs.put("host", host);
         connectionArgs.put("port", port);
         connectionArgs.put("scheme", scheme);
         connectionArgs.put("username", username);
         connectionArgs.put("password", password);

         Service splunkService = Service.connect(connectionArgs);

         return splunkService;
     }

     /* Take the Splunk query as the argument and return the results as a JSON 
     string */
     public static String getQueryResultsIntoJsonString(String query) throws IOException {

         Service splunkService = getSplunkService();

         Args queryArgs = new Args();

         //set "from" time of query. 1 = from beginning
         queryArgs.put("earliest_time", "1");

         //set "to" time of query. now = till now
         queryArgs.put("latest_time", "now");

         Job job = splunkService.getJobs().create(query);

         while(!job.isDone()) {
             try {
                  Thread.sleep(500);
             } catch(InterruptedException ex) {
                  ex.printStackTrace();
             }
         }

         Args outputArgs = new Args();

         //set format of result set as json
         outputArgs.put("output_mode", "json");

         //set offset of result set (how many records to skip from the beginning)
         //Default is 0
         outputArgs.put("offset", 0);

         //set no. of records to get in the result set.
         //Default is 100
         //If you put 0 here then it would be set to "no limit"
         //(i.e. get all records, don't truncate anything in the result set)
         outputArgs.put("count", 0);

         InputStream inputStream = job.getResults(outputArgs);

         //Now read the InputStream of the result set line by line
         //And return the final result into a JSON string
         //I am using Jackson for JSON processing here,
         //which is the default in Spring boot

         BufferedReader in = new BufferedReader(new InputStreamReader(inputStream));

         String resultString = null;
         String aLine = null;

         while((aLine = in.readLine()) != null) {

             //Convert the line from String to JsonNode
             ObjectMapper mapper = new ObjectMapper();
             JsonNode jsonNode = mapper.readTree(aLine);

             //Get the JsonNode with key "results"
             JsonNode resultNode = jsonNode.get("results");

             //Check if the resultNode is array
             if (resultNode.isArray()) {
                 resultString = resultNode.toString();
             }
          }

         return resultString;
     }

     /*Now run your Splunk query from the main method (or a RestController or a Service class)*/
     public static void main(String[] args) {

         try {
             getQueryResultsIntoJsonString("search index=..."); //your Splunk query
         } catch (IOException e) {
             e.printStackTrace();
         }
     }

 }

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source
Solution 1	Simon Duff
Solution 2	Mayank

'How to read Spring Boot application log files into Splunk? [closed]

Solution 1:[1]

Solution 2:[2]

Sources

Related Questions

Solution 1:^[1]

Solution 2:^[2]