All Apps and Add-ons

Splunk-Add on for Tomcat - Totally lost on what I am doing.

mc210274
New Member

Hello,

I am totally new to Splunk so please be patient with me.

I installed Splunk 8.0.0 on a Windows Server 2016 machine and I am able to pull in Windows Event Logs and search them without an issue. However, besides the Windows Event Logs we also have several machines running Tomcat and we want to pull in the Tomcat Logs as well. So I installed the Splunk-Add on for Tomcat 2.0 and this is where all the trouble starts. And yes I read through the whole Splunk-Add for Tomcat documentation but it does not really make sense to me.

So installed the Splunk-Add on for Tomcat and I first went to Applications --> Set-up for the Add-on. The settings on here already do not make any sense to me. I have about 10 servers running tomcat. If I set a specific host name in the JMX path how am I going to add the additional 9 Tomcat servers? See screenshot below:
alt text

After that I went into Settings --> Data Input --> Splunk Add-On for Tomcat --> + Add New but alll I get in there is this:

alt text

When I click on Next the then I get the error message
------------ Encountered the following error while trying to save: setEntity - tried to commit empty entity----------------------------

As I stated before I read through the Splunk documentation and tried to figure out what I need to do to add at least one of my test Tomcat Servers to the add on but I just dont get it. Can someone please point me into the right direction.

Thank you

Tags (1)
0 Karma
1 Solution

anantcd
Explorer

As per your requirement (which involves ingesting data from multiple Tomcat Servers using JMX), I would recommend using Splunk Add-on for Java Management Extensions (JMX) to ingest data.
You can find more details about app configuration here.

View solution in original post

0 Karma

anantcd
Explorer

As per your requirement (which involves ingesting data from multiple Tomcat Servers using JMX), I would recommend using Splunk Add-on for Java Management Extensions (JMX) to ingest data.
You can find more details about app configuration here.

0 Karma

anantcd
Explorer

Not sure why links are not working. Reposting the links in comments:
Splunkbase: https://splunkbase.splunk.com/app/2647/#/overview
Docs: https://docs.splunk.com/Documentation/AddOns/released/JMX/Configureinput

0 Karma
Get Updates on the Splunk Community!

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...