I am working in machine learning recently. My goal is need to see logs from locally installed Tomcat in Splunk search.
I installed Apache Tomcat at a drive in my local machine. Then opened Splunk instance, I installed Tomcat add ons, followed this instruction (splunk docs), created inputs.conf file and placed it in Splunk_TA_tomcat/local folder. Then restarted Splunk. After I went to search page, I entered this command sourcetype = tomcat:access:log. I got nothing.
1. Create an inputs.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/local.
2. Add the following stanzas. Modify the directory name if necessary to use the actual directory your Tomcat files are stored in.
[monitor:///Applications/apache-tomcat-8.0.23/logs/catalina.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/localhost.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/manager.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/host-manager.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/localhost_access_log.*.txt]
disabled = false
followTail = false
index = main
sourcetype = tomcat:access:log
