{"id":16536,"library":"splunk-logging","title":"Splunk Logging for JavaScript","description":"The `splunk-logging` package provides a straightforward JavaScript interface for Node.js applications to send log data to Splunk Enterprise or Splunk Cloud via the HTTP Event Collector (HEC). The current stable version is 0.11.1, with releases occurring periodically to address dependencies and minor enhancements rather than a fixed cadence. This library simplifies the process of sending events by handling connection details, batching, and retries automatically. Key features include configurable batching settings (interval, maximum count, and maximum size), support for custom event formatting, and options for SSL certificate validation. While primarily community-supported, it is an official Splunk project designed for seamless integration with Splunk HEC endpoints, making it a robust choice for Node.js-based logging into the Splunk ecosystem.","status":"active","version":"0.11.1","language":"javascript","source_language":"en","source_url":"https://github.com/splunk/splunk-javascript-logging","tags":["javascript","splunk","HTTP","event","collector","logging","stream"],"install":[{"cmd":"npm install splunk-logging","lang":"bash","label":"npm"},{"cmd":"yarn add splunk-logging","lang":"bash","label":"yarn"},{"cmd":"pnpm add splunk-logging","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"For ESM modules in Node.js, the `Logger` class is a named export.","wrong":"import SplunkLogger from 'splunk-logging';","symbol":"Logger","correct":"import { Logger } from 'splunk-logging';"},{"note":"Modern CommonJS destructuring for the `Logger` class.","wrong":"const Logger = require('splunk-logging');","symbol":"Logger","correct":"const { Logger } = require('splunk-logging');"},{"note":"Traditional CommonJS import as shown in older examples.","wrong":"var Logger = require('splunk-logging');","symbol":"Logger","correct":"var SplunkLogger = require('splunk-logging').Logger;"}],"quickstart":{"code":"import { Logger } from 'splunk-logging';\n\nconst config = {\n    token: process.env.SPLUNK_HEC_TOKEN ?? '',\n    url: process.env.SPLUNK_HEC_URL ?? 'https://splunk.local:8088'\n};\n\nconst splunkLogger = new Logger(config);\n\n// Optionally enable SSL certificate validation (highly recommended for production)\n// splunkLogger.requestOptions.strictSSL = true;\n\nconst payload = {\n    // Message can be anything; doesn't have to be an object\n    message: {\n        service: 'my-node-app',\n        level: 'info',\n        event_id: Math.floor(Math.random() * 1000000),\n        details: 'User activity logged successfully.',\n        timestamp: new Date().toISOString()\n    },\n    // Optional metadata\n    metadata: {\n        source: 'my-node-app',\n        sourcetype: 'node:json',\n        host: 'my-server'\n    }\n};\n\nconsole.log('Sending payload', JSON.stringify(payload, null, 2));\nsplunkLogger.send(payload, function(err, resp, body) {\n    if (err) {\n        console.error('Error sending data to Splunk:', err);\n        return;\n    }\n    // If successful, body will be { text: 'Success', code: 0 }\n    console.log('Response from Splunk:', body);\n});\n","lang":"typescript","description":"Demonstrates configuring a Splunk logger with environment variables for token and URL, then sending a structured JSON payload to the HTTP Event Collector, and logging the Splunk response."},"warnings":[{"fix":"To enable SSL validation, set `Logger.requestOptions.strictSSL = true` immediately after initializing your SplunkLogger instance. Ensure your Node.js environment trusts the certificate authority for your Splunk instance.","message":"By default, SSL certificate validation is disabled (`Logger.requestOptions.strictSSL = false`). This poses a significant security risk, especially in production environments where secure communication is critical.","severity":"gotcha","affected_versions":">=0.0.1"},{"fix":"Review your logger configuration, especially custom `requestOptions`, if upgrading from versions prior to 0.11.0. Thoroughly test network interactions to ensure continued compatibility.","message":"In version 0.11.0, the underlying HTTP client implementation was switched from the deprecated 'request' library to 'needle'. While designed for compatibility, users relying on specific behaviors, undocumented options, or advanced configurations of the 'request' library might encounter subtle changes or unexpected behavior.","severity":"breaking","affected_versions":">=0.11.0"},{"fix":"Refer to the official project's GitHub page for the latest tested Node.js versions. If encountering network-related issues, try testing with the Node.js versions explicitly stated as supported.","message":"The library does not automatically handle all possible Node.js versions. While tested with v10 and v14, newer Node.js LTS versions may introduce subtle breaking changes in core modules (e.g., `http`, `https`) that could affect the underlying `needle` client.","severity":"gotcha","affected_versions":">=0.11.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Either disable SSL validation (`Logger.requestOptions.strictSSL = false` - *not recommended for production*) or ensure that the Splunk HEC endpoint's SSL certificate chain is valid and trusted by your Node.js environment. You might need to add custom CA certificates to your system's trust store or configure Node.js to use them.","cause":"Node.js could not verify the SSL certificate of the Splunk HEC endpoint, often due to self-signed certificates, an expired certificate, or a missing Certificate Authority (CA) bundle.","error":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"},{"fix":"Verify that the `url` configuration in your `SplunkLogger` instance is correct, ensure the Splunk HEC service is running and configured to listen on the specified port, and check network connectivity and firewall rules between your application server and the Splunk host.","cause":"The Splunk HTTP Event Collector endpoint is unreachable, not running, or a firewall is blocking the connection from your application's host to the Splunk instance.","error":"connect ECONNREFUSED <splunk-host>:<port>"},{"fix":"Double-check the HEC token in your `Logger` configuration against the token configured in your Splunk Enterprise or Splunk Cloud instance. Ensure the token is enabled and has the necessary permissions to receive events.","cause":"The HTTP Event Collector token provided in the logger configuration is invalid, expired, or not correctly configured on the Splunk instance.","error":"{ text: 'Invalid token', code: 4 }"}],"ecosystem":"npm"}