Reputation: 159
MuleSoft Log Forwarding from On-Premise to Splunk
I have a mulesoft on-premise standalone server and i want the applications to forward the logs to splunk , i got the splunk url ( http) with port 8088 (default one)
Url: http://:8088/services/collector/raw
and i deployed a mule app by updating the log4j2.xml under src/main/resources , on the server it throws this error
Tried to followed this article : https://dzone.com/articles/recipe-to-implement-splunk-enterprise-on-premise-f
ERROR 2020-07-21 11:05:48,067 [pool-58-thread-2] [event: ] com.mulesoft.agent.common.internalhandler.splunk.transport.HECTransport: There was an error executing the request.
java.util.concurrent.ExecutionException: org.asynchttpclient.exception.RemotelyClosedException: Remotely closed
at java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:357) ~[?:1.8.0_252]
at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1908) ~[?:1.8.0_252]
at org.asynchttpclient.netty.NettyResponseFuture.get(NettyResponseFuture.java:213) ~[?:?]
at com.mulesoft.agent.common.internalhandler.splunk.transport.HECTransport.send(HECTransport.java:127) ~[?:?]
at com.mulesoft.agent.common.internalhandler.AbstractSplunkInternalHandler.flush(AbstractSplunkInternalHandler.java:173) ~[?:?]
at com.mulesoft.agent.buffer.BufferedHandler.flushBuffer(BufferedHandler.java:241) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_252]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_252]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_252]
Caused by: org.asynchttpclient.exception.RemotelyClosedException: Remotely closed
at org.asynchttpclient.exception.RemotelyClosedException.INSTANCE(Unknown Source) ~[?:?]
INFO 2020-07-21 11:05:48,083 [pool-58-thread-2] [event: ] com.mulesoft.agent.buffer.BufferedHandler: Trying to retry flushing on buffer for EventTrackingSplunkInternalHandler. Remaining attempts: 0
Added below sections in log4j2 file
<Http name="Splunk" url="http://xxxx-xxxxx-xxx:8088/services/collector/raw">
<Property name="Authorization" value="Splunk e052f3fa-xxxxxxxxxx" ></Property>
<PatternLayout pattern="[%d{MM-dd HH:mm:ss}] %-5p %c{1} [%t]: %m%n"></PatternLayout>
</Http>
and
<AsyncRoot level="INFO">
<AppenderRef ref="Splunk" ></AppenderRef>
</AsyncRoot>
Upvotes: 0
Views: 977
Answers (1)
Reputation: 25709
The error that you see is unrelated to sending logs from log4j2 to Splunk. You have followed the instructions from the link under title "Enabling Splunk on Server Group Using Anypoint Runtime Manager". That part of the article is for sending events from inside the application, through the Runtime Manager Agent to Splunk. That is completely separated from logging. Disable Splunk Event Tracking in Runtime Manager and the error should go away.
Upvotes: 1
Related Questions
- MDC Logging With MuleSoft Runtime 4.4
- Forward Flex Gateway Logs to Splunk
- mule log files into DB
- Forward syslog stream using Splunk Forwarder
- Forwarding logs from kubernetes to splunk
- Mule Logging for sensitive Data
- Integrating logstash (elk) with mulesoft
- Mule Log4j2 configuration
- Mule ESB - moving mule application logs to different location
- how to configure logs as data source from remote unix server in splunk