Oracle Weblogic App for Splunk: How to deploy the ...

manishsuri · ‎04-28-2015

Hi All,

We are unable to get the weblogic domains & server details in the "Weblogic App for Splunk" in the splunk applications.
Please advise regarding this.

Steps we have done so far:

Installed splunk (6.2.2-255606) in the linux server, Same server we have installed weblogic server (10.3.6) and created domain as well.Here we are trying to achieve this weblogic applications to integrate with splunk app.

Splunk Home: /oracle/Splunk/splunk
Weblogic Home: /oracle/app/Middleware/wlserver_10.3

1) Deployed add-on file "oracle-weblogic-app-for-splunk_10-beta2.tgz" in the splunk application.
2) Deployed Sideview utils file "sideview_utils.tar" in the splunk application.
3) Updated the required weblogic & admin server details in inputs.conf and setWlstEnv.sh, as per the TA installation document. Later we placed the files in the below stated location

$SPLUNK_HOME/etc/deployment-apps/Function1_WebLogicServer_TA/local/inputs.conf &
$SPLUNK_HOME/etc/deployment-apps/Function1_WebLogicServer_TA/bin/setWlstEnv.sh folders.

E.g.: Below lines are modified in the inputs.conf file in our environment, did same for EVERY HOUR & # EVERY DAY

EVERY MINUTE
[script://./bin/runWlstScriptsMinute.sh /oracle/Splunk/splunk/etc/deployment-apps/Function1_WebLogicServer_TA /oracle/app/Middleware/wlserver_10.3]
disabled = false
index = wls
sourcetype = wls_trash
interval = 300

E.g.: Below lines are modified in the setWlstEnv.sh in our environment

export BEA_HOME=/oracle/app/Middleware
export SPLUNK_HOME=/oracle/Splunk/splunk
export DOMAIN_COUNT=1
export DOMAIN_PATH_1=/oracle/app/Middleware/user_projects/domains/soa_domain
export ADMIN_SERVER_1=AdminServer
export ADMIN_PORT_1=8080

Both files are updated as per the TA document "Splunk for Oracle Weblogic Server (v.1.0.1Beta)".
Then moving forward to step 6, documents says that "Once you have completed these configurations, deploy the TA to the forwarder residing on the WLS Admin Server by either Using the Splunk deployment server or copying the TA to the forwarder manually."

Please advise me regarding this deployment, am not clear in this step. Currently I have kept this config file folder "Function1_WebLogicServer_TA" under "$SPLUNK_HOME/etc/deployment-apps/". Please let me know where & how to deploy this files.

Regards
Athish

kevin_function1 · ‎05-20-2015

Hello Athish,

While the use of the Splunk Deployment Server is an organized and scalable solution for Splunk deployments, it does not appear that you need one in this case. Try moving the Function1_WebLogicServer_TA to $SPLUNK_HOME/etc/apps (/oracle/Splunk/splunk/etc/apps). When you do, you will also need to edit your inputs.conf to reflect the new location.

manishsuri · ‎05-20-2015

Hi Kevin,

Thanks for your valueable suggestions.
As advised i will move the Function1_WebLogicServer_TA to $SPLUNK_HOME/etc/apps (/oracle/Splunk/splunk/etc/apps) folder in my environment.

Also please let me know, how to deploy after that.
It means (How to get the weblogic logs and managed server logs details in the splunk applications), Please advise if you aware.

Regards
Athish,

ckatpally · ‎05-20-2015

Hello Athish,
The app is pre-configured to forward the logs details and the console info to the indexer. Make sure your path is correct in the inputs.conf. If errors persist follow the troubleshooting document that comes along with the deployment package. You may also need to make sure the weblogic and splunk path is correctly reflected in the shell scripts in the bin folder.

-Chetana

Oracle Weblogic App for Splunk: How to deploy the TA configurations to the forwarder residing on the WLS Admin Server?

Steps we have done so far:

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?