Hi all,
testing out Splunk, and wondering is there some kind of out-of-the-box solution to correctly process syslog files that were created from log4j SyslogAppender?
I've tried to follow the guide http://wiki.splunk.com/Community:StripSyslog, but unfortunetally it does not work.
I'm using log pattern specified in http://wiki.apache.org/logging-log4j/syslog :
%t %5r %-5p %-21d{yyyyMMdd HH:mm:ss,SSS} %c{2} [%x] %m %n
Should i use another pattern?
Note: i do not want to log directly from log4j to splunk, i want splunk to read from syslog.
Are there any working solutions?
I strayed away from using the syslogappender and just installed universal forwarders where ever the log4j data was that I wanted to get at, just made things a bit cleaner. Whats your hesitation? why the need to read from syslog?