All Apps and Add-ons

Splunk add-on for apache web server data verification failing

akash2303
Loves-to-Learn Lots

Hi Guys,

I installed Splunk add-on for apache web server on my UF and configured as per the documentation. I am able to see logs in my indexer but facing issue with the "tags".

Only "web" and "error" tags are being generated.

No data is displayed when i run data validation search:
tag=web tag=inventory tag=activity sourcetype=apache:access OR tag=web tag=inventory tag=activity sourcetype=apache:error

 

Below are the configuration files :

cd /opt/splunkforwarder/etc/apps/Splunk_TA_apache

cat inputs.conf
-bash-4.2$ cat inputs.conf
[monitor:///var/log/httpd/error_log*]
sourcetype=apache:error
index=webserver
disabled = 0

[monitor:///var/log/httpd/access_log*]
sourcetype=apache:access:kv
index=webserver
disabled = 0

I have only one config file "inputs.conf" in the above path.

NOTE: I need this app to work fine in order to use it with Splunk ITSI web server module.

PLEASE HELP!

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

On base installation it seems that there are only those two tags present on tags.conf.

[eventtype=access_log_event]
web = enabled

[eventtype=error_log_event]
error = enabled

 If you are needing more, then you must add those by yourself or use another TA which defined those other.

r. Ismo

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!