Spring Boot Application AND Splunk Log Configuration Example:

Before We Proceed For Splunk Configuration For Spring Boot please visit below link and complete Splunk Installation and Login :

NOTE : before you start reading this article , you should know basic of Spring Boot and Log4J , better to know , if you know then you will understand all steps easily.

Step 1 : CLICK HERE TO SEE SPLUNK INSTALLATION STEPS

Step 2 : once you complete installation and login successfully then follow below steps :

we can create Index for each microservice and you can forward log by using that index to Splunk Application.
we need to take proper care about below parameters :

Index – create index In which Index you want to push log
Source – who will send your logs to splunk
URL – Splunk redirects log to URL
Host – host where splunk server running
token – security token to connect your splunk server.

2.1>Go to Settings -> Data Inputs :

2.2>click on HTTP EVENT COLLECTOR

2.3>click on Global Settings

2.4>It will display below window please fill accurate information as per below snapshot and Save :

2.5>Once Saved as above click on New Token :

2.6>Give Any Name and Source Name and Click Next :

Example :

Name : svapi_token
Source name override : svapi_source_name

2.7>In next window –> Select -> Select source type as log4j as shown below :

2.8>click on create new index –>

2.9>give any name as ex: svapi_index_new and save.

2.10>then select index -> and click review ->

2.11>Review and Submit :

2.12>Once Submitted as above then Go To Settings -> Data Inputs ->Http Event Collector :

==>Note Down All Information such as :

token name : svapi_token

Token value : c6f6fc18-76be-4b03-8802-6f25d751c95b

Source Type :log4j

index name : svapi_index_new

click on Edit button and get Source name as : svapi_source_name

as per step 2.4> HTTP port number is 8088 , you have to note down all these details properly.

==> Create a new Spring Boot Starter Project , and add below files :

1>Spring Boot Main Class :

package com.example.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SplunkApiDemoApplication {

	public static void main(String[] args) {
		SpringApplication.run(SplunkApiDemoApplication.class, args);
	}

}

2> OrderApiController

package com.example.demo;

import org.apache.logging.log4j.Logger;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class OrderApiController {

	Logger logger = org.apache.logging.log4j.LogManager.getLogger(OrderApiController.class);

	@GetMapping("/orders")
	String getOrders() {
		logger.info("Inside Get Order method :getOrders() :OrderApiController");
		return "called to get orders";
	}

	@PostMapping("/orders")
	String postOrders() {
		logger.info("Inside Post Order method :postOrders() :OrderApiController");
		return "called to post orders";
	}

}

In application.properties

server.port=9092

In pom.xml file ,

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>3.1.0</version>
		<relativePath /> <!-- lookup parent from repository -->
	</parent>
	<groupId>com.example</groupId>
	<artifactId>SplunkApiDemo</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>SplunkApiDemo</name>
	<description>Demo project for Spring Boot</description>
	<properties>
		<java.version>1.8</java.version>
	</properties>
	<repositories>
		<repository>
			<id>splunk-artifactory</id>
			<name>Splunk Releases</name>
			<url>https://splunk.jfrog.io/splunk/ext-releases-local</url>
		</repository>
	</repositories>
	<dependencies>
		<!-- https://mvnrepository.com/artifact/com.splunk.logging/splunk-library-javalogging -->
		<dependency>
			<groupId>com.splunk.logging</groupId>
			<artifactId>splunk-library-javalogging</artifactId>
			<version>1.8.0</version>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
			<exclusions>
				<exclusion>
					<groupId>org.springframework.boot</groupId>
					<artifactId>spring-boot-starter-logging</artifactId>
				</exclusion>
			</exclusions>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-log4j2</artifactId>
		</dependency>
		<dependency>
			<groupId>org.projectlombok</groupId>
			<artifactId>lombok</artifactId>
			<optional>true</optional>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
	</dependencies>
	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
				<configuration>
					<excludes>
						<exclude>
							<groupId>org.projectlombok</groupId>
							<artifactId>lombok</artifactId>
						</exclude>
					</excludes>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

==> create a file with name log4j2-spring.xml as below : in this file we added log4j configuration for console and for Splunk Application as below :

<?xml version="1.0" encoding="UTF-8"?>
<Configuration>
    <Appenders>
        <Console name="console" target="SYSTEM_OUT">
            <PatternLayout
                    pattern="%style{%d{ISO8601}} %highlight{%-5level }[%style{%t}{bright,blue}] %style{%C{10}}{bright,yellow}: %msg%n%throwable" />
        </Console>
        <SplunkHttp
                name="splunkhttp"
                url="http://localhost:8088"
                token="c6f6fc18-76be-4b03-8802-6f25d751c95b"
                host="localhost"
                index="svapi_index_new"
                type="raw"
                source="svapi_source_name"
                sourcetype="log4j"
                messageFormat="text"
                disableCertificateValidation="true">
            <PatternLayout pattern="%m" />
        </SplunkHttp>

    </Appenders>

    <Loggers>
        <!-- LOG everything at INFO level -->
        <Root level="info">
            <AppenderRef ref="console" />
            <AppenderRef ref="splunkhttp" />
        </Root>
    </Loggers>
</Configuration>

In above file please cross verify Splunk Configuration , if it goes wrong then you will not able to see log on Splunk tool :

  <SplunkHttp
                name="splunkhttp"
                url="http://localhost:8088"
                token="c6f6fc18-76be-4b03-8802-6f25d751c95b"
                host="localhost"
                index="svapi_index_new"
                type="raw"
                source="svapi_source_name"
                sourcetype="log4j"
                messageFormat="text"
                disableCertificateValidation="true">
            <PatternLayout pattern="%m" />
        </SplunkHttp>

Now run the Spring boot application :

Open postman tool and send request to controller as below :

So as show above we sent GET and POST request to controller :

for these two request we got log on Console as below :

If your Splunk Configuration is correct in XML file then same log you can see in Splunk Tool As Well :

Step 1: login to Splunk and click on Search and Reporting

Step 2 : In search box give index as , index = “svapi_index_new” and click on search as below :

and you can see log as below :

you can modify search as per value in Log Message

for example :

index = “svapi_index_new” :getOrders() :OrderApiController

can give specific log for particular log message as below :

In this way we can check Spring Boot Application log on Splunk Tool.

Happy Learning