Unable to connect Java with splunk cloud

Question

I want to connect my java program to Splunk Cloud and send logs there.

I tried to connect with Splunk enterprise (installing on my local machine). In this case it's connected successfully and I can see the logs there too.

I don't know why I'm unable to get connect my java program to Splunk Cloud.

My code looks like this.

    Map<String, Object> connectArgs= new HashMap<String, Object>(); 
    HttpService.setSslSecurityProtocol( SSLSecurityProtocol.TLSv1_2);
    connectArgs.put("host", "xxx.splunkcloud.com"); //this is the part of the url what I found in the url of my splunk cloud account.
    connectArgs.put("username", "un");
    connectArgs.put("password", "pswd");
    connectArgs.put("scheme", "https"); // I tried http also here
    connectArgs.put("port", 8089); // I tried 8088 too nothing works
    
    Service splunkService= Service.connect(connectArgs);
    
    Args logArgs= new Args();
    logArgs.put("sourcetype", "helloWorldSplunk");
    
    Receiver receiver= splunkService.getReceiver();
    receiver.log("main", logArgs, "Hello from java SDE program to Splunk");
    
    System.out.println("END");

The error what I get while execuiting the above code =>

Exception in thread "main" java.lang.RuntimeException: Connection timed out: connect
at com.splunk.HttpService.send

Furthermore I've one more question here:

How to connect my JavaEE app to Splunk? Do I've same the procedure like I follow above? Or something different.

Answer 1

If you're trying to send to Splunk's HTTP Event Collector (presumed from the reference to port 8088), then you'll need the right URL. The exact URL depends on if you're using free or paid Splunk Cloud account and where that account is hosted (AWS or Google).

The standard form for the HEC URI in Splunk Cloud Platform free trials is as follows:

<protocol>://inputs.<host>:<port>/<endpoint>

The standard form for the HEC URI in Splunk Cloud Platform is as follows:

<protocol>://http-inputs-<host>:<port>/<endpoint>

The standard form for the HEC URI in Splunk Cloud Platform on Google Cloud is as follows:

<protocol>://http-inputs.<host>:<port>/<endpoint>

Where:

    <protocol> is either http or https
    You must add http-inputs- before the <host>
    <host> is the Splunk Cloud Platform instance that runs HEC
    <port> is the HEC port number
        8088 on Splunk Cloud Platform free trials
        443 by default on Splunk Cloud Platform instances

See https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector#Send_data_to_HTTP_Event_Collector_on_Splunk_Cloud_Platform for the details.

Answer 2

This could possibly be due to firewall issues in your network or you may be running behind a corporate proxy. Can you ensure that you have validated it?

As far as shipping your logs to splunk instances, you would need log forwarding tools like universal forwarder installed in the same environment as your application to forward the application logs to the remote splunk servers.

Additionally, as a best practice keep the log forwarding decoupled from your application. Your application should only write logs to the file system. A log processor or forwarder should send it to a remote server for ingestion. The reason, you may change your mind to use logstash or datadog later, in such an event if you don't have to touch your application.