Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Do we read log data from inmemory?

Yamini
New Member
‎03-13-2016 09:51 PM

I would like to write log data to java inmemory using Memory Handlers in Java Application. Can we read these log data from java application?

Thanks,
Mini

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎03-14-2016 05:46 PM

So generally the answer here is a resounding "no you cannot." Remember that on almost all modern operating systems, the kernel enforces a process boundary wall. It is not trivial for process 1 to reach over, under, or around that wall to read the memory of your Java process.

Yes, there is the concept of SYSV shared memory or memory mapped files - but these generally require lots of coordination and agreement between processes so that locks are taken when the shared memory is being updated and so that the layout of the shared memory is understood and makes sense to both processes. The layout of the Java heap and in-memory objects is not entirely clear to non-Java processes and different JVMs format both heaps and objects differently!

It is just too much to ask Splunk to be able to yoink log events out of the address space of another process. Write them to a file, or a socket, or use the HTTP event collector and a log4j output .. just not memory, please.

(It is also entirely possible I have misunderstood your question)

View solution in original post

Reply
Solved! Jump to solution

Yamini
New Member
‎03-14-2016 09:41 PM

Thank you for reply.

I have heard that we have splunkjavalogging library. which may solve my problem.

Why I am going for memory is, for some conerns I could not write logs to file.

Using SplunkLogging we can directly write logs to Splunk sever.

Thanks & Regards,
Yamini

0 Karma
Reply
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎03-14-2016 05:46 PM

So generally the answer here is a resounding "no you cannot." Remember that on almost all modern operating systems, the kernel enforces a process boundary wall. It is not trivial for process 1 to reach over, under, or around that wall to read the memory of your Java process.

Yes, there is the concept of SYSV shared memory or memory mapped files - but these generally require lots of coordination and agreement between processes so that locks are taken when the shared memory is being updated and so that the layout of the shared memory is understood and makes sense to both processes. The layout of the Java heap and in-memory objects is not entirely clear to non-Java processes and different JVMs format both heaps and objects differently!

It is just too much to ask Splunk to be able to yoink log events out of the address space of another process. Write them to a file, or a socket, or use the HTTP event collector and a log4j output .. just not memory, please.

(It is also entirely possible I have misunderstood your question)

Reply
Solved! Jump to solution

Rob
Splunk Employee
Splunk Employee
‎03-14-2016 04:43 PM

How do you normally access the log data in-memory? Do you pipe it STDOUT? or is there a file that is eventually generated? Also, what do you do when the application/host unexpectedly fails to keep the log files for troubleshooting?

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...