Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SAP Business Objects Logs in Splunk

SlothB77
Engager
‎08-06-2018 11:36 AM

Our organization has Splunk Universal Forwarder installed on the same server our SAP Business Objects server is installed. We have SAP Business Objects logs in two folders:

  • Our SAP BusinessObjects Enterprise logs
  • Tomcat logs

Is there a way to point the Splunk forwarder to those folders to collect those logs? Or, if it is already doing so, is there a way to returns just the logs from those folders in a search?

0 Karma
Reply

becksyboy
Contributor
‎05-21-2019 07:48 AM

Hi @SlothB77 how did you SAP BO logs onboardng go? We are looking to do the same. Do you have any tips for this and did you have to write any custom props/transforms?

0 Karma
Reply

renjith_nair
Legend
‎08-06-2018 08:25 PM

@SlothB77,

You can set up a monitor in your splunk forwarder's $SPLUNK_HOME/etc/system/default/inputs.conf to monitor the log from the folders . Sample configuration

[monitor://path/to/file]
sourcetype="type of your log"
index="index you want to use for these logs"
setting_n-1 = value
settings_n = value

Details are in http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/Monitorfilesanddirectorieswithinputs.conf

Once you have the logs in splunk , you could just search for the source or sourceype what you have used above.

Eg : 

source="path to SAP enterprise log" OR source="path to tomcat log"
---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...