I am using log4j2 to log directly to Splunk.
Earlier, I used log4j2 to log to a file instead.
I was able to get output like the following.
2019-03-06 18:44:47,757 INFO [example.ServiceFileStore] WcmServiceFileStore [/vagrant/source/application/vagrant/source/application/webscripts] with [160] documents
When I did that the pattern for the file-based logging was the following.
<PatternLayout>
<Pattern>%d %-5p [%c] %m%n</Pattern>
</PatternLayout>
When I try to log to Splunk directly I get the following result.
{"severity":"INFO","message":"WcmServiceFileStore [\/vagrant\/source\/application\/vagrant\/source\/application\/webscripts] with [160] documents"}
The time is not needed in the pattern, but the logger, [%c], would sure be nice to have.
Is there a way to configure this for the Splunk Logger (version 1.7.1)? The configuration I am using looks something very similar to this.
<Http name="SPLUNK_QA">
<Source>legacy_webapp.qa</Source>
<SourceType>log4j</SourceType>
<Url>https://mysplunkcloud.com</Url>
<Token>*******-****-****-****-******</Token>
<DisableCertificateValidation>true</DisableCertificateValidation>
<PatternLayout>
<Pattern>%d %-5p [%c] %m%n</Pattern>
</PatternLayout>
</Http>
Aucun commentaire:
Enregistrer un commentaire