AEM AS Cloud Service integration with Splunk SourceType Not Working | Community
Skip to main content
M
manish2v1
March 8, 2025

AEM AS Cloud Service integration with Splunk SourceType Not Working

  • March 8, 2025
  • 2 replies
  • 771 views

Hi Team,

 

Trying to forward aemaccess AEM logs from AEM Splunk to our own Splunk with below config 

.config

       LogForwarding-dev.yaml 

 

kind: "LogForwarding"
version: "1"
metadata:
  envTypes: ["dev"]
data:
  splunk:
    default:
      enabled: false
      host: "<splunk_host_name>"
      token: "${{SPLUNK_TOKEN}}"
      index: "<splunk_index>"
      sourcetype: "aemaccess"

 

Logs from all source types are syncing to splunk instead of just aemaccess logs.

 

Kindly suggest if there is more specific configuration to only pick logs from specific log source.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

M
manish2v1Author
March 8, 2025

I have also tried following configuration:

kind: "LogForwarding"
version: "1"
metadata:
  envTypes: ["dev"]
data:
  splunk:
    default:
      enabled: false
      host: "<splunk_host_name>"
      token: "${{SPLUNK_TOKEN}}"
      index: "<splunk_index>"
       sourcetype: 
         - aemaccess 
         - aemrequest.   a 

 This configuration also does not work. 

    daniel-strmecki
    Community Advisor and Adobe Champion
    daniel-strmeckiCommunity Advisor and Adobe Champion
    Community Advisor and Adobe Champion
    March 9, 2025

    Hi @manish2v1,

    I don't think picking one specific sourcetype is supported in the YAML configuration. According to the docs: "The sourcetype field will have one of the following values, depending on the specific log: aemaccess, aemerror, aemrequest, aemdispatcher, aemhttpdaccess, aemhttpderror, aemcdn".

    Here, they are talking about the sourcetype field in Splunk, not YAML config. If you require that functionality, open a feature request.

     

    Good luck,

    Daniel

      M
      manish2v1Author
      March 9, 2025

      Thanks! Daniel

       

      Yes, it would be good to only forward specific logs. I will open a feature request.

       

      Regards,

      Manish

      P
      Adobe Employee
      PavanGaddamAdobe Employee
      Adobe Employee
      March 12, 2025

      @manish2v1 Specific log files forwarding is not available through "LogForwarding" config as of now, but you can choose to discard the specific logs at your Splunk. Refer [0] for more details on the configuration required at your splunk to discard specific logs.

       

      [0] - https://docs.splunk.com/Documentation/Splunk/9.4.1/Forwarding/Routeandfilterdatad#Filter_event_data_and_send_to_queues

       

        Terms & ConditionsAccessibility statement

        Loading footer...