Security
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to confgure splunk to monitor apache web server

vahabudeen
New Member
‎12-16-2014 10:55 PM

Hi all
I have installed Splunk Enterprise trial on a windows 7 machine to collect logs from my Apache server ,also installed Splunk universal forwarder on my Apache server (centos 6).how do i configure These two to monitor my apache web server.

Here is what i have done ...though it doesn't help
outputs.conf

[tcpout:Apache]
server=ApacheserevrIP:9997

inputs.conf

[monitor:/var/log/httpd/access_log]
sourcetype = access_log

Please direct me to the correct solution

Thanks in advance

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎12-16-2014 11:09 PM

Hi vahabudeen,

first check that inputs.conf it should be like this:

[monitor:///var/log/httpd/access_log]

You missed some slashes there. Next, have you enabled receiving on your indexer? See docs http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/Enableareceiver and last but not least make sure the forwarder is able to reach / communicate with the indexer on that port (firewalls, routing ....)

hope this helps ...

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
Legend
‎12-16-2014 11:09 PM

Hi vahabudeen,

first check that inputs.conf it should be like this:

[monitor:///var/log/httpd/access_log]

You missed some slashes there. Next, have you enabled receiving on your indexer? See docs http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/Enableareceiver and last but not least make sure the forwarder is able to reach / communicate with the indexer on that port (firewalls, routing ....)

hope this helps ...

cheers, MuS

Reply
Solved! Jump to solution

vahabudeen
New Member
‎12-16-2014 11:33 PM

Thanks MuS
Thanks for your response. I have modified input.conf based on your answer.i have enabled listening port for 9997 .then ????i am really new to splunk ,,those links are really confusing me,,please direct me to the steps where i can accomplish this with only required few steps i apologize if i done anything wrong..

Thanks in advance

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎12-16-2014 11:39 PM

Your step by step instruction is http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial Part3 and Part4 are essential, especially to new users.

But as small hint, search the index=main or sourcetype=access_logs on your indexer

0 Karma
Reply
Solved! Jump to solution

vahabudeen
New Member
‎12-17-2014 12:49 AM

after configuration of universal forwarder to send logs to Splunk manager ,how can i verify whether it is received or not??
then only i would be able to move with "add data" and dashboard steps ,,isn't it??

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎12-17-2014 12:59 AM

on your indexer, check the index=_internal and/or fire this command on your forwarder $SPLUNK_HOME/bin/splunk list forward-server No need to add data because you already receive your logs from the forwarder; this would only be needed if your really want to add something else.

Open the search app and search for your events by running a basic first search like index=* sourcetype=access_logs and run it over all time to verify events are getting in. Next step would be to create a useful search and some fancy dashboard that fits your needs.

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top