简体   繁体   中英

Is there a log4j appender for Moogsoft?

Our current approach is to:

  1. Send all events to Splunk (through Splunk's own log4j-appender ).
  2. Define Splunk alerts, which trigger Moogsoft.

Obviously, this increases the latency and relies on Splunk more than necessary. Which makes me wonder, if someone has already developed a Moogsoft-appender for log4j.

A simple search hasn't brought anything up -- hence this question.

i haven't done this, but log4j has a SocketAppender https://howtodoinjava.com/log4j/log4j-socketappender-and-socket-server-example/

that might fit with Moogsofts SocketLam https://docs.moogsoft.com/en/configure-the-socket-lam.html

Alternatively: https://github.com/logstash/log4j-jsonevent-layout gives json layout to log4j which then could be received with a REST Lam

I don't know of anyone that has put together an actual appender, but I don't think you'd need one. An HTTP appender with a JSON layout sending to a Moogsoft REST adapter should be able to do the job, and might be a lot easier to set up than handling raw bytes off a socket.

I haven't done it so I'm not sure how much work it would be to set up. I suspect there's some work involved on either the log4j side to get the layout to look like Moogsoft wants it, or on the Moogsoft side to normalize what it gets sent.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM