i have configured Splunk Enterprise in my local and universal forwarder in my VM.
now i need to fetch the tomcat logs from VM to my local splunk
i have configured the Splunk inputs.conf as below:
[default]
host = PC316522
[tcp://:9997]
connection_host=dns
and serverclass.conf as below:
[serverClass:Universal Forwarders:app:sendtoindexer]
restartSplunkWeb = 0
restartSplunkd = 0
stateOnClient = enabled
[serverClass:Universal Forwarders:app:Splunk_TA_windows]
restartSplunkWeb = 0
restartSplunkd = 0
stateOnClient = enabled
[serverClass:Universal Forwarders]
whitelist.0 = 10.223.68.78
and in my VM, inputs.conf:
[default]
host = CTSC00637603501
[monitor://D:\TOMCAT8\apache-tomcat-8.0.26-windows-x64\apache-tomcat-8.0.26\logs]
disabled=false
and outputs.conf as below:
[tcpout]
defaultGroup = default-autolb-group
[tcpout:default-autolb-group]
server = 10.226.217.238:8089
[tcpout-server://10.226.217.238:8089]
disabled=false
and deploymentclient.conf as below:
[deployment-client]
phoneHomeIntervalInSecs = 1800
[target-broker:deploymentServer]
targetUri = 10.226.217.238:8089
phoneHomeIntervalInSecs = 1800
But while searching for logs in Splunk, am not getting the client tomcat logs, could you please help me on this.
Thanks,
Gautami. K
... View more