MuleSoft — Splunk integration

MuleSoft-Splunk integration leverages the strengths of MuleSoft’s comprehensive integration capabilities and Splunk’s advanced data analytics and visualization tools, creating a potent synergy. This how-to guide illustrates a seamless process for incorporating Splunk into your MuleSoft integration. Begin by configuring MuleSoft connectors to establish a reliable connection with Splunk, enabling seamless data exchange. Utilize MuleSoft’s robust orchestration capabilities to streamline data flows, ensuring compatibility with Splunk’s data formats. Finally, capitalize on Splunk’s analytics and visualization prowess to derive actionable insights from integrated data. This integration empowers organizations with a unified platform for efficient data management, analysis, and visualization.

MuleSoft:

Create a simple flow. Just a listener and a logger. The category should be Splunk.Logger

Flow:

 <http:listener-config name="HTTP_Listener_config" doc:name="HTTP Listener config" doc:id="efbea956-5a03-4c45-a55f-0b97d4e88b50">
  <http:listener-connection host="0.0.0.0" port="8081" />
 </http:listener-config>
 <flow name="splunk-flow" doc:id="4cf131c5-4c27-4259-ade8-15cfd247d330" >
  <http:listener doc:name="/test" doc:id="c5bbee39-e0cf-4ed0-bf42-2fb606985f20" config-ref="HTTP_Listener_config" path="/test"/>
  <logger level="INFO" doc:name='Log "Log 1"' doc:id="36063de5-fb6b-4e9a-bcc8-2b082dc67991" message='#["Log 1"]' category="Splunk.Logger"/>
 </flow>

This is your log4j and pom.xml. We added Configuration status, SplunkHttp, and AppenderRef to log4j.

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="INFO" name="cloudhub" packages="com.mulesoft.ch.logging.appender,com.splunk.logging,org.apache.logging.log4j">
    <Appenders>
        <RollingFile name="FILE"
                     fileName="/opt/mule/mule-CURRENT/logs/mule-${sys:domain}.log"
                     filePattern="/opt/mule/mule-CURRENT/logs/mule-${sys:domain}-%i.log">

            <PatternLayout pattern="[%d{MM-dd HH:mm:ss.SSS}] %-5p %c{1} [%t]: %m%n"/>
            <DefaultRolloverStrategy max="10"/>
            <Policies>
                <SizeBasedTriggeringPolicy size="10 MB" />
            </Policies>
        </RollingFile>
        <SplunkHttp
      name="socket"
      url="http://127.0.0.1:8088"
      token="a7478a3f-d9c3-40d6-bb08-97caed78b4bf" 
      batch_size_count="1"
      disableCertificateValidation="true"/>
        <Log4J2CloudhubLogAppender name="CLOUDHUB"
                addressProvider="com.mulesoft.ch.logging.DefaultAggregatorAddressProvider"
                applicationContext="com.mulesoft.ch.logging.DefaultApplicationContext"
                appendRetryIntervalMs="${sys:logging.appendRetryInterval}"
                appendMaxAttempts="${sys:logging.appendMaxAttempts}"
                batchSendIntervalMs="${sys:logging.batchSendInterval}"
                batchMaxRecords="${sys:logging.batchMaxRecords}"
                memBufferMaxSize="${sys:logging.memBufferMaxSize}"
                journalMaxWriteBatchSize="${sys:logging.journalMaxBatchSize}"
                journalMaxFileSize="${sys:logging.journalMaxFileSize}"
                clientMaxPacketSize="${sys:logging.clientMaxPacketSize}"
                clientConnectTimeoutMs="${sys:logging.clientConnectTimeout}"
                clientSocketTimeoutMs="${sys:logging.clientSocketTimeout}"
                serverAddressPollIntervalMs="${sys:logging.serverAddressPollInterval}"
                serverHeartbeatSendIntervalMs="${sys:logging.serverHeartbeatSendIntervalMs}"
                statisticsPrintIntervalMs="${sys:logging.statisticsPrintIntervalMs}">

            <PatternLayout pattern="[%d{MM-dd HH:mm:ss}] %-5p %c{1} [%t]: %m%n"/>
        </Log4J2CloudhubLogAppender>
    </Appenders>
    <Loggers>
        <AsyncRoot level="INFO">
         <AppenderRef ref="socket"/>
            <AppenderRef ref="FILE"/>
            <AppenderRef ref="CLOUDHUB"/>
        </AsyncRoot>
        <AsyncLogger name="com.gigaspaces" level="ERROR"/>
        <AsyncLogger name="com.j_spaces" level="ERROR"/>
        <AsyncLogger name="com.sun.jini" level="ERROR"/>
        <AsyncLogger name="net.jini" level="ERROR"/>
        <AsyncLogger name="org.apache" level="WARN"/>
        <AsyncLogger name="org.apache.cxf" level="WARN"/>
        <AsyncLogger name="org.springframework.beans.factory" level="WARN"/>
        <AsyncLogger name="org.mule" level="INFO"/>
        <AsyncLogger name="com.mulesoft" level="INFO"/>
        <AsyncLogger name="org.jetel" level="WARN"/>
        <AsyncLogger name="Tracking" level="WARN"/>
    </Loggers>
</Configuration>

  <repository>
   <id>splunk-artifactory</id>
   <name>Splunk Releases</name>
   <url>http://splunk.jfrog.io/splunk/ext-releases-local</url>
  </repository>

   <dependency>
   <groupId>com.splunk.logging</groupId>
   <artifactId>splunk-library-javalogging</artifactId>
   <version>1.7.3</version>
  </dependency>
  <dependency>
   <groupId>org.apache.logging.log4j</groupId>
   <artifactId>log4j-core</artifactId>
   <version>2.10.0</version>
  </dependency>
  <dependency>
   <groupId>org.apache.logging.log4j</groupId>
   <artifactId>log4j-api</artifactId>
   <version>2.10.0</version>
  </dependency>

This is it. Now let’s install Splunk.

Splunk:

Download and install: https://www.splunk.com/en_us/products/splunk-enterprise.html

After the installation, check http://127.0.0.1:8000/ in your browser.

Now you need to create a token you are going to use in your log4j.

Settings -> Data Inputs -> HTTP Event Collector -> New token

Give it a name and click next. Pick log4j as the source type and select all indexes. Pick all the indexes.

After that, you should see your token on the list. Copy and paste the value in your MuleSoft log4j.

Also, edit your Global Settings.

The setup is done. Start your application and trigger the logger.

Now go into search. Search your event ID (correlation ID) and you should see this response.

This is it folks. Hope you enjoyed it. 😊