I need to send my log4j logs to Splunk. I found several solutions:
To use REST API (e.g. curl -k -u admin:changeme -d "name=/tmp/myfile.log" -d "sourcetype=syslog" https://localhost:8089/servicesNS/admin/search/data/inputs/monitor)
Install Splunk Universal Forwarder
Use log4j appender such as:
Syslog appender
log4j.appender.splunk=org.apache.log4j.net.SyslogAppender log4j.appender.splunk.SyslogHost=localhost:8089 log4j.appender.splunk.layout=org.apache.log4j.PatternLayout log4j.appender.splunk.facility=LOCAL2 log4j.appender.splunk.layout.ConversionPattern=[%p] %t: %m%n
but it seems to me that 3rd solution wouldn't work if splunk server and log are located on separate machines.
2nd solution requires to install additional software
Can anyone propose any other solution?
PS I tried to use opensource java libs. But it didn't give a result.