I have WebSphere installed on Server A and it is configured with SplunkWAS and enabled as a LightWeightForwarder.
The logs are forwarded to Server B. This is working successfully and the WebSphere index is logging all the WebSphere logs except the application logs, SystemOut.log, SystemErr.log, Native*.log.
On Server A, the WebSphere logs are symbolically linked to a different folder, I was thinking this may be the issue except that the FFDC logs are also sym linked and work fine. Any ideas?
I modified the inputs.conf manually in the SplunkWAS application but this also doesn't work.
INPUTS.conf - first entry not working??? Before I changed it the first two monitors were "opt" and not "logs", else the same. Other two monitors are working...
[monitor:///logs/WebSphere6-1/AppServer/profiles/AppSrv01/logs//...]
whitelist = native./.log$|.Server/.log$|System./.log$|http_.*/.log$|/.pid$
crcSalt =
disabled = 0
index = websphere
[monitor:///logs/WebSphere6-1/AppServer/profiles/AppSrv01/logs/ffdc/...]
sourcetype = WebSphere:ServerExceptionLog
crcSalt =
disabled = 0
index = websphere
[monitor:///opt/WebSphere6-1/AppServer/profiles/AppSrv01/...]
whitelist = javacore.*/.txt$
crcSalt =
disabled = 0
index = websphere
