javasplunksplunk-sdk

Unable to connect Java with splunk cloud

I want to connect my java program to Splunk Cloud and send logs there.

I tried to connect with Splunk enterprise (installing on my local machine). In this case it's connected successfully and I can see the logs there too.

I don't know why I'm unable to get connect my java program to Splunk Cloud.

My code looks like this.

    Map<String, Object> connectArgs= new HashMap<String, Object>(); 
    HttpService.setSslSecurityProtocol( SSLSecurityProtocol.TLSv1_2);
    connectArgs.put("host", "xxx.splunkcloud.com"); //this is the part of the url what I found in the url of my splunk cloud account.
    connectArgs.put("username", "un");
    connectArgs.put("password", "pswd");
    connectArgs.put("scheme", "https"); // I tried http also here
    connectArgs.put("port", 8089); // I tried 8088 too nothing works
    
    Service splunkService= Service.connect(connectArgs);
    
    Args logArgs= new Args();
    logArgs.put("sourcetype", "helloWorldSplunk");
    
    Receiver receiver= splunkService.getReceiver();
    receiver.log("main", logArgs, "Hello from java SDE program to Splunk");
    
    System.out.println("END");

The error what I get while execuiting the above code =>

Exception in thread "main" java.lang.RuntimeException: Connection timed out: connect
at com.splunk.HttpService.send

Furthermore I've one more question here:

How to connect my JavaEE app to Splunk? Do I've same the procedure like I follow above? Or something different.

Solution

  • If you're trying to send to Splunk's HTTP Event Collector (presumed from the reference to port 8088), then you'll need the right URL. The exact URL depends on if you're using free or paid Splunk Cloud account and where that account is hosted (AWS or Google).

    The standard form for the HEC URI in Splunk Cloud Platform free trials is as follows:

<protocol>://inputs.<host>:<port>/<endpoint>

The standard form for the HEC URI in Splunk Cloud Platform is as follows:

<protocol>://http-inputs-<host>:<port>/<endpoint>

The standard form for the HEC URI in Splunk Cloud Platform on Google Cloud is as follows:

<protocol>://http-inputs.<host>:<port>/<endpoint>

Where:

    <protocol> is either http or https
    You must add http-inputs- before the <host>
    <host> is the Splunk Cloud Platform instance that runs HEC
    <port> is the HEC port number
        8088 on Splunk Cloud Platform free trials
        443 by default on Splunk Cloud Platform instances

    See https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector#Send_data_to_HTTP_Event_Collector_on_Splunk_Cloud_Platform for the details.