Splunk doesn’t require Java and Splunk Enterprise doesn’t use it. Upgrading JVM won’t impact Splunk. If you a are using any apps/add-ons to fetch details from JVM then you must confirm from respective app developers.
Another inquiry we ran across in our research was “What is the Splunk SDK for Java?”.
Here is what my research found. This SDK contains library code and examples designed to enable developers to build applications using Splunk. With the Splunk Enterprise SDK for Java you can write Java applications to programmatically interact with the Splunk engine. The SDK is built on top of the REST API, providing a wrapper over the REST API endpoints.
What is the Splunk plug-in for Eclipse?
The Splunk Plug-in for Eclipse is now available. It provides tooling to support creating projects in the Eclipse Integrated Development Environment (IDE) with the Splunk Software Development Kit (SDK) for Java, and for running Java applications with instrumentation on the Java Virtual Machine (JVM) that logs the application’s activity to Splunk.
Does splunk use log4j?
In summary: Core Splunk Enterprise functionality does not use Log4j and is therefore not impacted. However, if Data Fabric Search (DFS) and Splunk Analytics for Hadoop (Hunk) product features are used, there is an impact because these product features leverage Log4j.
What versions of Log4j does Splunk Enterprise include?
All recent non-Windows versions of Splunk Enterprise include Log4j version 2 for the DFS feature. Windows versions of Splunk Enterprise do not include Log4j version 2. Customers may follow the guidance in the “Removing Log4j version 2 from Splunk Enterprise” section below to remove these packages out of an abundance of caution.
Splunk has provided an official patch for supported versions 8.1.7.1 and 8.2.3.2. Versions of UBA prior to 5.0 leveraged Apache Storm, which embeds Log4j.
You should be wondering “What is the latest security advisory for Splunk apps?”
A supplemental security advisory for Splunk Apps was published on December 14 and is being updated on an ongoing basis. Splunk also reviewed a Denial of Service Vulnerability ( CVE-2021-45105) found in Log4j version 2.16.0. Apache has designated this vulnerability a severity rating of 7.5 (High).
What is the Splunk REST API?
The Splunk REST API consists of over 160 endpoints that provide access to almost every feature of Splunk. The majority of the Splunk Enterprise SDK for Java API follows a convention of exposing resources as collections of entities, where an entity is a resource that has properties, actions, and metadata that describes the entity.
The majority of the Splunk Enterprise SDK for Java API follows a convention of exposing resources as collections of entities, where an entity is a resource that has properties, actions, and metadata that describes the entity. The entity/collection pattern provides a consistent approach to interacting with resources and collections of resources.
How will Splunk address cve-2021-45105 and cve-21-44832?
Unless CVE-2021-45105 or CVE-2021-44832 increase in severity, Splunk will address these vulnerabilities as part of the next regular maintenance release of each affected product. Customers also have the option to remove Log4j Version 2 from Splunk Enterprise out of an abundance of caution.