All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to add web sphere logs into Splunk Websphere App

TimothyPeh
Engager
‎06-24-2013 01:13 AM

I am currently doing a POC where I want to index 1 websphere log file on my local host onto the Splunk app and see what kind of analysis can I do. However, I cannot find the option to upload to the app.

I can upload it generically to the search app but not to the Websphere App.

Tags (3)
0 Karma
Reply

okrabbe_splunk
Splunk Employee
Splunk Employee
‎06-24-2013 06:08 AM

If you just want to locally index one file you should be able to just set the index = websphere and as long as you did not rename the file it should automatically detect the sourcetype.

One thing I would recommend is to look at the file $SPLUNK_HOME/etc/apps/splunk_for_was/defaults/props.conf and take a look at how Splunk is determining sourcetypes. You will see it is matching source names and then setting a sourcetype. Further settings are then applied based on those sourcetypes. By having the correct index, sourcetypes, and field extractions this makes the dashboards in the WAS application work correctly.

If this is all very confusing to you I might recommend then taking a step back and reading through the install guide for the WAS application.

http://docs.splunk.com/Documentation/WAS/latest/InstallGuide/

Hope this helps.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...