I have recently installed the apache addon (from file: splunk-add-on-for-apache-web-server_100.tgz) to heavy forwarder and parallel to other addons (like: ) which are already working in my environment. The location is: /opt/splunk/etc/apps.
However, when i am trying to parse the httpd error log file, it seems sourcetype "apache:error " is not able to read the fields correctly for file: /var/log/httpd/error_log. I have got only a few fields, like host, source, sourcetype, type, index, linecount, and punct only. I was expecting it to show more of it. Is it correct?
I have doubt if i have really installed addon correctly. Or any other problem??