Archive

SAP Business Objects Logs in Splunk

Engager

Our organization has Splunk Universal Forwarder installed on the same server our SAP Business Objects server is installed. We have SAP Business Objects logs in two folders:

  • Our SAP BusinessObjects Enterprise logs
  • Tomcat logs

Is there a way to point the Splunk forwarder to those folders to collect those logs? Or, if it is already doing so, is there a way to returns just the logs from those folders in a search?

0 Karma

Communicator

Hi @SlothB77 how did you SAP BO logs onboardng go? We are looking to do the same. Do you have any tips for this and did you have to write any custom props/transforms?

0 Karma

SplunkTrust
SplunkTrust

@SlothB77,

You can set up a monitor in your splunk forwarder's $SPLUNK_HOME/etc/system/default/inputs.conf to monitor the log from the folders . Sample configuration

[monitor://path/to/file]
sourcetype="type of your log"
index="index you want to use for these logs"
setting_n-1 = value
settings_n = value

Details are in http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/Monitorfilesanddirectorieswithinputs.conf

Once you have the logs in splunk , you could just search for the source or sourceype what you have used above.

Eg :

source="path to SAP enterprise log" OR source="path to tomcat log"