I am working in machine learning recently. My goal is need to see logs from locally installed tomcat in splunk search.
I installed apache tomcat at a drive in my local machine. then opened splunk instance, I installed tomcat add ons, followed this instruction(splunk docs). created inputs.conf file and placed it in Splunk_TA_tomcat/local folder. then restarted splunk . after i went to search page. i entered this command sourcetype = tomcat:access:log. i got nothing. please help me.
1. Create an
inputs.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/local.
2. Add the following stanzas. Modify the directory name if necessary to use the actual directory your Tomcat files are stored in.
[monitor:///Applications/apache-tomcat-8.0.23/logs/catalina.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/localhost.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/manager.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/host-manager.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/localhost_access_log.*.txt]
disabled = false
followTail = false
index = main
sourcetype = tomcat:access:log
... View more