Getting Data In

how to get logs from a new source type?

pavanae
Builder

Until Now we are getting the logs of ".log" format in our environment. in which we mention "sourcetype=log4j" in the inputs.conf file. But we added a new path to the inputs.conf in which these files end with ".out" format. we asussually used the same sourcetype "log4j" for these logs too but unfortunately it didn't got worked.

Can anyone please suggest what source type we need to use for ".out" files like

*

[monitor:/Home_DB/Oracle/Middleware/user_projects/domains/webcenter/servers/webcenter-delivery1/logs/webcenter-delivery1.out]
index = cclb

sourcetype = ?

*

The following is the sample log file which is in ".out" format. Please suggest me a way to add these source type logs.

Jul 09, 2015 3:28:44 PM net.sf.ehcache.CacheManager addShutdownHookIfRequired
INFO: The CacheManager shutdown hook is enabled because net.sf.ehcache.enableShutdownHook is set to true.
Jul 09, 2015 3:28:44 PM net.sf.ehcache.CacheManager addShutdownHookIfRequired
INFO: The CacheManager shutdown hook is enabled because net.sf.ehcache.enableShutdownHook is set to true.
Jul 09, 2015 3:28:44 PM net.sf.ehcache.Cache createDiskStore
INFO: * Running custom ehcache jar using numOfDiskStores=10
Jul 09, 2015 3:28:45 PM com.sun.jersey.server.impl.application.WebApplicationImpl initiate
INFO: Initiating Jersey application, version 'Jersey: 1.1.4.1 11/24/2009 01:30 AM'
Oracle WebCenter Sites 11gR1 11.1.1.8.0
Copyright (c) 2011,2013, Oracle and/or its affiliates. All Rights Reserved.

Oracle WebCenter Sites 11.1.1.8.0 Build Date: Jul 11 2014 at 15:16:48 Build Number: 35 Revision:165274

Jul 09, 2015 3:28:46 PM net.sf.ehcache.CacheManager addShutdownHookIfRequired
INFO: The CacheManager shutdown hook is enabled because net.sf.ehcache.enableShutdownHook is set to true.
Oracle WebCenter Sites 11gR1 11.1.1.8.0
Copyright (c) 2011,2013, Oracle and/or its affiliates. All Rights Reserved.

Oracle WebCenter Sites |Satellite Server 11.1.1.8.0 Build Date: Jul 11 2014 at 15:16:48 Build Number: 35 Revision:165274

Oracle WebCenter Sites 11gR1 11.1.1.8.0
Copyright (c) 2011,2013, Oracle and/or its affiliates. All Rights Reserved.

Oracle WebCenter Sites |Satellite Server 11.1.1.8.0 Build Date: Jul 11 2014 at 15:16:48 Build Number: 35 Revision:165274

Oracle WebCenter Sites 11gR1 11.1.1.8.0
Copyright (c) 2011,2013, Oracle and/or its affiliates. All Rights Reserved.

Oracle WebCenter Sites |Satellite Server 11.1.1.8.0 Build Date: Jul 11 2014 at 15:16:48 Build Number: 35 Revision:165274

2015-07-09 15:28:51,881 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] -

GMS: address is 10.100.236.92:38365

2015-07-09 15:28:54,639 INFO [org.jasig.cas.util.AutowiringSchedulerFactoryBean] -
2015-07-09 15:28:55,376 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction] -
Jul 09, 2015 3:28:55 PM com.sun.jersey.spi.spring.container.servlet.SpringServlet getContext
INFO: Using default applicationContext
Jul 09, 2015 3:28:55 PM com.sun.jersey.spi.spring.container.SpringComponentProviderFactory register
INFO: Registering Spring bean, TicketResource, of type com.fatwire.wem.sso.cas.integration.rest.TicketResource as a root resource class
Jul 09, 2015 3:28:55 PM com.sun.jersey.spi.spring.container.SpringComponentProviderFactory register
INFO: Registering Spring bean, TicketGrantingTicketResource, of type com.fatwire.wem.sso.cas.integration.rest.TicketGrantingTicketResource as a root resource class
Jul 09, 2015 3:28:55 PM com.sun.jersey.server.impl.application.WebApplicationImpl initiate
INFO: Initiating Jersey application, version 'Jersey: 1.1.4.1 11/24/2009 01:30 AM'

2015-07-09 15:29:14,586 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
2015-07-09 15:29:14,611 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 found to be removed. Removing now.>
2015-07-09 15:29:14,611 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Initializing MDCLoggingContext
Initializing MDCLoggingContext
Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: /AE/Oracle/Middleware/user_projects/domains/webcenter/ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties
Not found in 'user.home' (/home/weblogic) directory: /home/weblogic/esapi/ESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.
SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader!
Attempting to load validation.properties via file I/O.
Attempting to load validation.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: /AE/Oracle/Middleware/user_projects/domains/webcenter/validation.properties
Not found in SystemResource Directory/resourceDirectory: .esapi/validation.properties
Not found in 'user.home' (/home/weblogic) directory: /home/weblogic/esapi/validation.properties
Loading validation.properties via file I/O failed.
Attempting to load validation.properties via the classpath.
SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/ (root)' using current thread context class loader!
Attempting to load antisamy-esapi.xml as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: /AE/Oracle/Middleware/user_projects/domains/webcenter/antisamy-esapi.xml
Not found in SystemResource Directory/resourceDirectory: .esapi/antisamy-esapi.xml
Not found in 'user.home' (/home/weblogic) directory: /home/weblogic/esapi/antisamy-esapi.xml
2015-07-09 15:30:54,587 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] -
2015-07-09 15:30:54,588 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] -
2015-07-09 15:32:54,580 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] -
2015-07-09 15:32:54,580 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] -
2015-07-09 15:34:54,580 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] -
2015-07-09 15:34:54,581 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] -

2015-07-09 15:35:56,608 INFO [org.jasig.cas.util.AutowiringSchedulerFactoryBean] -
2015-07-09 15:35:56,611 INFO [org.jasig.cas.util.JBossCacheFactoryBean] -
log4j:WARN No appenders could be found for logger (com.fatwire.logging.cs.cache.ehcache).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

0 Karma
1 Solution

FritzWittwer_ol
Contributor

what do you mean with it didn't got worked? The sourcetype is in the end a kind of a field which every event gets as soon as it gets indexed. This field may then be used to define field extractions and so on, but you could use any value you like there and you should get the events indexed.

View solution in original post

0 Karma

FritzWittwer_ol
Contributor

what do you mean with it didn't got worked? The sourcetype is in the end a kind of a field which every event gets as soon as it gets indexed. This field may then be used to define field extractions and so on, but you could use any value you like there and you should get the events indexed.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...