I installed Splunk add-on for apache web server on my UF and configured as per the documentation. I am able to see logs in my indexer but facing issue with the "tags".
Only "web" and "error" tags are being generated.
No data is displayed when i run data validation search:tag=web tag=inventory tag=activity sourcetype=apache:access OR tag=web tag=inventory tag=activity sourcetype=apache:error
Below are the configuration files :
cat inputs.conf-bash-4.2$ cat inputs.conf[monitor:///var/log/httpd/error_log*]sourcetype=apache:errorindex=webserverdisabled = 0
[monitor:///var/log/httpd/access_log*]sourcetype=apache:access:kvindex=webserverdisabled = 0
I have only one config file "inputs.conf" in the above path.
NOTE: I need this app to work fine in order to use it with Splunk ITSI web server module.
On base installation it seems that there are only those two tags present on tags.conf.
web = enabled
error = enabled
If you are needing more, then you must add those by yourself or use another TA which defined those other.