Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

IBM Websphere system out log files

pboon
New Member
‎07-23-2019 03:29 AM

Hi, We have configured our Index server and also installed the universal forwarder on our websphere server and installed the add-on for splunk for the WAS but we cannot get any info to populate. i have read through many posts to try and get the systemout logs and going through this multiple times without success.
https://docs.splunk.com/Documentation/AddOns/released/IBMWAS/Installationoverview
https://docs.splunk.com/Documentation/AddOns/released/IBMWAS/Configureotherloginputs
and loads more but still cannot get the info to display. Do we need to edit the output.conf on the windows IBM WAS server to monitor the systemout.log files? if so can someone advise how? or is there another location i am missing to any changes i need to make.

we have also installed Chameleon DataStage App for Splunk to see if this will give us the systemout logs but we still cannot display any info.

Tags (1)
0 Karma
Reply

skalliger
Motivator
‎07-24-2019 07:44 AM

Hi,

how did you set-up the UF? Is the user (if not running as LOCAL SYSTEM) able to actually read the logs inside the WAS logs directory? If so, have you configured the .conf files accordingly? When I look into the default folder of the IBM TA, I see multiple files that need to be edited, e.g.:

ibm_was.conf needs to adjusted (copy to a newly created local directory):

[was_global_settings]
index = main
was_install_dir =
log_level = INFO

Maybe also other files need to be adjusted, I haven't read to the whole instructions.

Skalli

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...