Re: Splunk add-on for apache web server data verif...

akash2303 · ‎08-31-2021

Hi Guys,

I installed Splunk add-on for apache web server on my UF and configured as per the documentation. I am able to see logs in my indexer but facing issue with the "tags".

Only "web" and "error" tags are being generated.

No data is displayed when i run data validation search:
tag=web tag=inventory tag=activity sourcetype=apache:access OR tag=web tag=inventory tag=activity sourcetype=apache:error

Below are the configuration files :

cd /opt/splunkforwarder/etc/apps/Splunk_TA_apache

cat inputs.conf
-bash-4.2$ cat inputs.conf
[monitor:///var/log/httpd/error_log*]
sourcetype=apache:error
index=webserver
disabled = 0

[monitor:///var/log/httpd/access_log*]
sourcetype=apache:access:kv
index=webserver
disabled = 0

I have only one config file "inputs.conf" in the above path.

NOTE: I need this app to work fine in order to use it with Splunk ITSI web server module.

PLEASE HELP!

isoutamo · ‎09-01-2021

Hi

On base installation it seems that there are only those two tags present on tags.conf.

[eventtype=access_log_event]
web = enabled

[eventtype=error_log_event]
error = enabled

If you are needing more, then you must add those by yourself or use another TA which defined those other.

r. Ismo

Splunk add-on for apache web server data verification failing

administration

configuration

search

troubleshooting

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation