Log messages from Apigee Edge Cloud into Splunk Cloud

We have below things :

1. Apigee Edge SAAS Standard Cloud license version of Apigee.

2. Splunk Cloud 15 days trial account.

Usecase is We need to integrated Apigee Edge Cloud with Splunk Cloud. Does Apigee Edge SAAS Standard Cloud supports this ?

If yes , can someone explain the steps . I need to use Apigee Edge Cloud to Log over TCP to Splunk Cloud using Message Logging Policy.

What should come in <Host>XX.XX.XX.XX</Host>

<MessageLogging name="Log-to-splunk-over-TCP">
    <DisplayName>Log to splunk over TCP</DisplayName>
    <Syslog>
        <Message>Message = "Something happened and I am logging via TCP"</Message>
        <Host>XX.XX.XX.XX</Host>
        <Port>2900</Port>
        <Protocol>TCP</Protocol>
    <SSLInfo>
        <Enabled>true</Enabled>
    </SSLInfo>
    </Syslog>
</MessageLogging>

Note: I have already gone through the links like below :

https://community.apigee.com/articles/13298/log-messages-into-splunk.html

0 5 1,448
5 REPLIES 5

Yes, Apigee supports connecting to Splunk cloud.

The Host is your splunk cloud syslog endpoint. Do you have that?

I am not a Splunk expert; I am aware that Splunk exposes a HTTP Event Collector. Some people call it the "HEC".

You may need to use THAT to allow Apigee to log to Splunk. And in that case you would use a ServiceCallout, not a MessageLogging policy to accomplish the task.

I am unsure of the Splunk Cloud support for a Syslog listener, in the cloud. You need to check that.

For background, Syslog and HTTP are two different protocols that Splunk may support for collecting event information. Splunk, depending on your configuration, may support one or the other or both. You need to check.

As per Splunk documentation ->

"For security, Splunk Cloud accepts connections only from forwarders with the correct Secure Sockets Layer (SSL) certificates. If you want to send data from a TCP or UDP source such as syslog, use the Splunk Universal Forwarder to listen to the source and forward the data to your Splunk Cloud deployment."

A forwarder would need to be set up which would listen on the TCP IP and the hostname of the machine that is on.

Not applicable

You can use splunk in message logging and send over TCP .

If you have http also can use service callout or javascript to log.

this only works with Splunk Enterprise, Splunk Cloud does not support forwarding from APIGEE Cloud or any other TCP sources

Did you try service callout with http?