All Apps and Add-ons

Is anyone using this Websphere application?

jpmackl
New Member

Hi, Is anyone using this application? I see several downloads, but 0 stars for a ranking, just trying to get input if this is working, it appears to be a great application? I would like some feedback. Thank you!

0 Karma
1 Solution

hortonew
Builder

Our team is using it. I'm looking through the configs at the moment and it seems there are a lot of problems in the props.conf. They say you can use this on both search head / indexers. Some of the extractions are search time without a transform (EXTRACT-) and some are suppose to be index time (TRANSFORM-) only TRANSFORM should in fact be TRANSFORMS- (note the 's').

I'm considering separating the search time vs. index time extractions into two separate apps.

View solution in original post

0 Karma

millern4
Communicator

I installed this app about a year or so now and have a new internal request to ingest WebSphere logs into Splunk. Since the dashboards are still using Advanced XML rather than Simple I was debating trying to just create my own TA rather than install the app.

Have either of you done this approach already? I'd be interested in learning from your knowledge in how you accomplished this since hte last time I did this I use the createInputs.jar file to ingest the logs whereas now the customer wants the logs from the individual hosts which I'd like better since the createInputs method only pulled the hostnames from the originating system.

Thanks in advance.

0 Karma

hortonew
Builder

I still have the default app installed, with my own modifications as indicated above. The syntax of the word TRANSFORMS was wrong. I haven't really touched the app since the app would be for a different team - i've just installed it and modified props.conf.

0 Karma

hortonew
Builder

Our team is using it. I'm looking through the configs at the moment and it seems there are a lot of problems in the props.conf. They say you can use this on both search head / indexers. Some of the extractions are search time without a transform (EXTRACT-) and some are suppose to be index time (TRANSFORM-) only TRANSFORM should in fact be TRANSFORMS- (note the 's').

I'm considering separating the search time vs. index time extractions into two separate apps.

0 Karma
Get Updates on the Splunk Community!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...