I want to monitor the error logs using Splunk. And create dashboards for the same.
Sample logs :
[Sun Jul 09 03:25:02 2017] [info] Apache/2.2.32 (Unix) DAV/2 configured -- resuming normal operations
[Sun Jul 09 04:06:13 2017] [error] [client 126.96.36.199] File does not exist : /var/www/html/robots.txt
[Mon Jul 10 20:24:52 2017] [error] (111) Connection refused : proxy: HTTP: attempt to connect to 127.0.0.1:8484 failed
[Tue Jul 19 23:02:01 2017] [error] [client 188.8.131.52] user test: authentication failure for "/~dcid/test1": Password Mismatch
Information from the above sample logs :
1. File does not exist
2. connection failed
3. authentication failed
There are hundred types of errors present in logs. And hence creating eventtypes for each error text is not a good way.
So, please help me with this.
Thanks in advance!
Have you checked out the Splunk Add-on for Apache Web Server already?