Splunk Dev

Web Intelligence for apache logs

heinrich_piard
New Member

What is the log format Web Intelligence app expects apache log files in? This is how I have setup the format but web intelligence does not show any data.

www.test.test.com 180.148.99.141 - - [13/Jan/2012:13:55:09 -0500] "GET /portlets/current_news.json?BLOCKSIZE=30 HTTP/1.1" 200 15588 "-" "Jakarta Commons-HttpClient/3.1"0/194888
0 Karma

araitz
Splunk Employee
Splunk Employee

Per Splunk's default field extractions:

[access-extractions]
# matches access-common or access-combined apache logging formats
# Extracts: clientip, clientport, ident, user, req_time, method, uri, root, file, uri_domain, uri_query, version, status, bytes, referer_url, referer_domain, referer_proto, useragent, cookie, other (remaining chars)

Your logs seem formatted correctly, but perhaps you have not assigned them the sourcetype of "access_combined". What sourcetype do your Apache logs currently show?

heinrich_piard
New Member

[folded comment in to question - araitz]

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...