I have followed all the tutorials on youtube and I have read all the available documentation on Splunk Cloud HEC setup in Log4j2 Spring boot.
Below is my log4j2-spring.xml
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="info" name="LoggingTesting" packages="">
<Appenders>
<Console name="console" target="SYSTEM_OUT">
<PatternLayout
pattern="event:{%style{%d{ISO8601}} %highlight{%-5level }[%style{%t}{bright,blue}] %style{%C{10}}{bright,yellow}: %msg%n%throwable}" />
</Console>
<SplunkHttp
name="splunkhttp"
url="https://prd-p-vy06a.splunkcloud.com:8088/services/collector/event"
token="TOKEN********************"
host="wa-blog-service"
index="wa_blog_service_dev_index"
sourcetype="_json"
disableCertificateValidation="true" >
<PatternLayout
pattern="event:{%style{%d{ISO8601}} %highlight{%-5level }[%style{%t}{bright,blue}] %style{%C{10}}{bright,yellow}: %msg%n%throwable}" />
</SplunkHttp>
<File name="wa-blog-application" fileName="logs/waBlogApplication.log">
<PatternLayout pattern="%d{yyyy-mm-dd HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
</File>
</Appenders>
<Loggers>
<!-- LOG everything at INFO level -->
<Root level="INFO">
<appender-ref ref="wa-blog-application"/>
<AppenderRef ref="console" />
<AppenderRef ref="splunkhttp" />
</Root>
</Loggers>
</Configuration>
Here is my POM.XML
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.worldastrologers</groupId>
<artifactId>blog</artifactId>
<version>1.0</version>
<name>wa-qa-service</name>
<description>WorldAstrologers Service.</description>
<properties>
<java.version>11</java.version>
</properties>
<repositories>
<repository>
<id>splunk-artifactory</id>
<name>Splunk Releases</name>
<url>https://splunk.jfrog.io/splunk/ext-releases-local</url>
</repository>
</repositories>
<dependencies>
<!-- https://mvnrepository.com/artifact/com.splunk.logging/splunk-library-javalogging -->
<dependency>
<groupId>com.splunk.logging</groupId>
<artifactId>splunk-library-javalogging</artifactId>
<version>1.8.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<artifactId>spring-boot-starter-logging</artifactId>
<groupId>org.springframework.boot</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
<version>2.7.4</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/org.postgresql/postgresql -->
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.13.3</version>
</dependency>
<dependency>
<groupId>jakarta.json</groupId>
<artifactId>jakarta.json-api</artifactId>
<version>2.1.0</version>
</dependency>
</dependencies>
<build>
<finalName>wa-blog-service</finalName>
</build>
</project>
What am I missing ???
I can't see data on my Splunk cloud account. I have checked all the indices. I am able to see data in Splunk cloud when I send a request from Postman.
The URL in the log4j2-spring.xml file is incorrect. The URL should be
url="https://prd-p-vy06a.splunkcloud.com:8088"