Re: Splunk add-on for apache web server data verif...

akash2303 · ‎08-31-2021

Hi Guys,

I installed Splunk add-on for apache web server on my UF and configured as per the documentation. I am able to see logs in my indexer but facing issue with the "tags".

Only "web" and "error" tags are being generated.

No data is displayed when i run data validation search:
tag=web tag=inventory tag=activity sourcetype=apache:access OR tag=web tag=inventory tag=activity sourcetype=apache:error

Below are the configuration files :

cd /opt/splunkforwarder/etc/apps/Splunk_TA_apache

cat inputs.conf
-bash-4.2$ cat inputs.conf
[monitor:///var/log/httpd/error_log*]
sourcetype=apache:error
index=webserver
disabled = 0

[monitor:///var/log/httpd/access_log*]
sourcetype=apache:access:kv
index=webserver
disabled = 0

I have only one config file "inputs.conf" in the above path.

NOTE: I need this app to work fine in order to use it with Splunk ITSI web server module.

PLEASE HELP!

isoutamo · ‎09-01-2021

Hi

On base installation it seems that there are only those two tags present on tags.conf.

[eventtype=access_log_event]
web = enabled

[eventtype=error_log_event]
error = enabled

If you are needing more, then you must add those by yourself or use another TA which defined those other.

r. Ismo

Splunk add-on for apache web server data verification failing

administration

configuration

search

troubleshooting

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

How to Send Splunk Observability Alerts to Webex teams in Minutes

Are you a member of the Splunk Community?