Instrument Java applications

Instrument your Java applications with the Secure Application JVM agent.

The Secure Application JVM agent, splunk-otel-javaagent-csa, adds APM instrumentation to your Java application and sends the data it collects to the Splunk Distribution of OpenTelemetry Collector. Follow these steps to add the JVM agent to your application and to configure it to send the OpenTelemetry events and logs that Secure Application needs.

Important:

To monitor attacks your applications must be running on Java versions 8 - 23. Java 24+ is not universally supported.

  1. Find the JAR file you need for the type of monitoring you want:
    Vulerability monitoring
    Secure Application JVM agent version 2.25.1
    Attack monitoring
    Secure Application JVM agent version 2.25.1
  2. Download the JAR file:
    CODE 
    curl -L https://repo1.maven.org/maven2/com/splunk/splunk-otel-javaagent-csa/version/splunk-otel-javaagent-csa-version.jar -o splunk-otel-javaagent-csa.jar
  3. Start your application with the JVM agent.

    On the command line, configure the agent using system properties or environment variables. System properties override environment variables.

    Table 1. JVM agent parameters
    System property Environment variable Description
    argento.allow.security.event None Activates the JVM agent to start collecting attack events so that those events can be sent to the back end for analysis. You must include this flag to populate the Attacks page.
    otel.exporter.otlp.endpoint OTEL_EXPORTER_OTLP_ENDPOINT FQDN and gRPC port of your OpenTelemetry collector.

    Example: http://otel-collector:4318
    otel.resource.attributes OTEL_RESOURCE_ATTRIBUTES

    Resource attributes to associate with your Java application.

    Required:

    • service.name (set to same value as otel.service.name)

    Recommended:

    • deployment.environment.name
    • service.namespace
    otel.service.name OTEL_SERVICE_NAME Service name of your Java application.
    Tip: service.namespace is now an optional parameter in otel.resource.attributes. For information about this parameter, see Service Attributes. For help with the JVM agent, see Instrument Java applications for Splunk Observability Cloud.
    Syntax
    Note: To populate the Attacks page, add the JVM startup flag argento.allow.security.event=true to your java command as shown below.
    BASH 
    java -javaagent:./splunk-otel-javaagent-csa.jar \  
-Dotel.service.name=service-name \ 
-Dotel.resource.attributes=deployment.environment.name=environment-name,service.name=service-name,service.namespace=namespace-name \
-Dotel.exporter.otlp.endpoint=http://collector-endpoint:collector-port \
-Dargento.allow.security.event=true \
-jar application-name.jar

    For the meaning of these flags, see the JVM agent parameters table above.

    Substitute placeholders with values specific to your environment.

    Example
    BASH 
    java -javaagent:./splunk-otel-javaagent-csa.jar \ 
-Dotel.service.name=myService \ 
-Dotel.resource.attributes=deployment.environment.name=us0,service.name=myService,service.namespace=myServiceNamespace \
-Dotel.exporter.otlp.endpoint=http://otel-collector:4318 \
-Dargento.allow.security.event=true \
-jar myapp.jar

Your Java application launches with the JVM agent enabled. The JVM agent does the following:

  • Collects a list of runtime libraries, formats them as OTLP logs, and sends the data to the OTLP exporter endpoint specified above.

  • Collects potential attack events at runtime.

  • Reports library data once at application startup and then every 24 hours thereafter.