我最近在机器学习方面工作。我的目标是需要在 Splunk 搜索中查看本地安装的 Tomcat 的日志。
我在本地机器的驱动器上安装了 Apache Tomcat。然后打开 Splunk 实例,我安装了 Tomcat 插件,按照此说明(splunk 文档),创建了 inputs.conf 文件并将其放在 Splunk_TA_tomcat/local 文件夹中。然后重新启动 Splunk。进入搜索页面后,我输入了这个命令sourcetype = tomcat:access:log。我什么都没有。
1. Create an inputs.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/local.
2. Add the following stanzas. Modify the directory name if necessary to use the actual directory your Tomcat files are stored in.
[monitor:///Applications/apache-tomcat-8.0.23/logs/catalina.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/localhost.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/manager.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/host-manager.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log
[monitor:///Applications/apache-tomcat-8.0.23/logs/localhost_access_log.*.txt]
disabled = false
followTail = false
index = main
sourcetype = tomcat:access:log
