Re: WebSphere SystemOut.log import missing much of...

dr18 · ‎10-20-2020

Brand newbie here... After I finished the tutorial, I tried to import WebSphere Application Server files for the first time.

I have an 11 MB SystemOut.log file which I'm trying to import into Splunk.

Well, it shows one event from the latest date in the file.. and then skips back 11 months. There's plenty of data from the current year. Considering this is a filetype which Splunk natively recognizes, I wouldn't expect any configuration to get it parsed properly.

I tried installing the WebSphere add-in and that didn't help the situation

Any ideas?

Thanks!

dr18 · ‎10-21-2020

Sorry, it turns out that I was looking at the import screen, which only shows the first 1000 lines. Search actually finds the rest of it. Thanks!

to4kawa · ‎10-20-2020

will you provide the log | head 10?

WebSphere SystemOut.log import missing much of the file.

Windows

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation