All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

rsyslog for websphere application server

splunker_123
Path Finder
‎12-16-2013 01:41 PM

Hi

we are collecting the logs to splunk indexer via rsyslog,we've got quite a number of unix serves monitored in this fashion and it is all working well
Now I want to include Websphere application logs into rsyslog so that splunk can pick it up from there do you have any recommended way of doing this or can you let me know how to achieve this please?
Cheers

Reply
1 Solution
Solved! Jump to solution
Solution

jtrucks
Splunk Employee
Splunk Employee
‎12-16-2013 01:58 PM

One method is to install a Splunk Forwarder on the WAS machines and use the Splunk Forwarder Add-on for WebSphere Application Server app. This allows you to easily parse the logs for the right fields in Splunk.

If you need to continue using rsyslog only and not a Splunk Forwarder on the machine, you can enable SYSLOG output for most Websphere products. Set these to send to localhost or directly to the Splunk Indexer.

With a little looking, I've found that some Websphere products can send a subset of data via syslog natively, but most of the time it only can output to files on disk directory. In this case, use the Text File Input Module for rsyslog to configure the daemon to read your Websphere log files and send them along.

--
Jesse Trucks
Minister of Magic

View solution in original post

Reply
Solved! Jump to solution
Solution

jtrucks
Splunk Employee
Splunk Employee
‎12-16-2013 01:58 PM

One method is to install a Splunk Forwarder on the WAS machines and use the Splunk Forwarder Add-on for WebSphere Application Server app. This allows you to easily parse the logs for the right fields in Splunk.

If you need to continue using rsyslog only and not a Splunk Forwarder on the machine, you can enable SYSLOG output for most Websphere products. Set these to send to localhost or directly to the Splunk Indexer.

With a little looking, I've found that some Websphere products can send a subset of data via syslog natively, but most of the time it only can output to files on disk directory. In this case, use the Text File Input Module for rsyslog to configure the daemon to read your Websphere log files and send them along.

--
Jesse Trucks
Minister of Magic
Reply
Solved! Jump to solution

splunker_123
Path Finder
‎02-17-2014 01:14 PM

Hi..This worked for me..thanks for your help

we've included the file name we want to monitor in syslog conf and via syslog we are sending to a shared drive where splunk forwarders are installed and from there indexed to splunk indexer.It is working but the log is not getting indexed after logroate is done at 4.00am it losts the track of the new log file getting generated .Is there a way to sort this out?

0 Karma
Reply
Solved! Jump to solution

splunker_123
Path Finder
‎12-16-2013 02:33 PM

Thanks for your reply I will try that and let you know:)

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...