Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Tomcat pattern not working

_joe
Contributor
‎08-09-2021 12:51 PM

Hello all,

I was wondering if I could please get some suggestions on why Tomcat isn't honoring my pattern values. I am following the instructions here:  https://docs.splunk.com/Documentation/AddOns/released/Tomcat/Recommendedfields

As recommended by Splunk documentation, we setup the following in className="org.apache.catalina.valves.AccessLogValve " in of server.xml

prefix="localhost_access_log_splunk" suffix=".txt"
pattern="%t, x_forwarded_for=?%{X-Forwarded-For}i?, remote_ip=?%a?,....

The filename and fields log as expected.


The only issue is instead of quotation (") marks, I am just seeing question marks (i.e. ...x_forwarded_for=?-?, remote_ip=?1.2.3.1?, remote_host=?1.2.3.2?,..)

Splunk Add-on for Tomcat: https://splunkbase.splunk.com/app/2911/

 

Labels (1)
Labels
Preview file
62 KB
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎11-23-2021 09:37 AM

How did you input those settings? Quotes are notorious for being "the wrong ones", especially when copy-pasted from an unknown source.

0 Karma
Reply

MuratKuru
Explorer
‎10-22-2021 02:07 AM

I have the same problem.
Where you able to solve this issue? 

0 Karma
Reply

_joe
Contributor
‎11-23-2021 09:32 AM

Sorry, not really. It seems some Tomcat instances need to be escaped by something different, I'm no sure why. 

Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...