Hi,
I am new to splunk and tyring to configure forwarding of weblogic output logs. Splunk enterprise is installed/set up on serverA and universal forwarder on serverB which has weblogic server running on it. Below is the inputs.conf of universal forwarder on serverB.
inputs.conf of universal forwarder:
[monitor:///opt/user_projects/domains/wlsDomain/servers/ms1/logs/ms1.log]
disabled = false
sourcetype = log4j
index = true
./splunk list forward-server
When I do a search "host=serverB", I do not see any data from the weblogic server. Can anybody please help me with set up or let me know where can I find useful documentation (i tried for apache http and it works, but not for weblogic).
The "index" parameter in your inputs.conf file should name the Splunk index in which your data will be stored; unless your index is named "true", you probably need something else here. Make sure you have created an index on the indexer to hold the data, and that it is named here. See this documentation for an example of what should be in inputs.conf. You should also have an "outputs.conf" file defined that tells the forwarder where to send its data. See the documentation here for more information on outputs.conf.