Splunk ITSI

How can I enable the dumpAllThreads input from the Apache Tomcat add-on for another JMX-based application server?

jhollfelder_spl
Splunk Employee
Splunk Employee

I am working to normalize the data for Oracle WebLogic which is heavily JMX based so that I can leverage the Application Server module in ITSI.

The Apache Tomcat add-on that is Splunk built gives me 90% of what I need for the WebLogic use case however I am missing the JMX thread info that is returned as separate events using the dumpAllThreads modular input in the Apache Tomcat add-on.

What is required to generalize the dumpAllThreads input for Tomcat so it can be used by another application that has a JMX server?

Thank you in advance for your help.

Labels (1)
0 Karma

tauliang
Communicator

Just trying to understand, Application Server module in ITSI only supports Tomcat and WebSphere out of the box. Are you trying to use the underlying TA to onboard WebLogic?

0 Karma

jhollfelder_spl
Splunk Employee
Splunk Employee

The Oracle WebLogic application server is similar to Apache Tomcat in data sources (access logs and JMX data) so I used the Apache Tomcat add-on to see what the fields, eventtypes, tags, etc were and have worked to normalize the onboarded data using the JMX add-on and onboarded access logs in order to leverage the Application Server module KPIs, entity discovery and dashboard in ITSI. I also needed to modify some of the dashboard panel saved searches but otherwise am down to a short list of fields I'm still trying to run down for WebLogic that don't directly translate from the generic JMX add-on.

One of the key datasources I still need that is configured as a modular input for the Tomcat add-on is the dumpAllThreads modular input that appears to connect to the JMX server and then dump each thread and state as a separate event. That is currently what I am trying to get in order to continue populating out the Application Server KPIs and dashboard panels in ITSI.

0 Karma

sureshms
Engager

This sounds non-trivial as it requires a WebLogic server set up. It is probably a good idea to reach out to the “Get Data In” teams.

jhollfelder_spl
Splunk Employee
Splunk Employee

Agreed - I created an internal Splunk JIRA requesting assistance with this. I'm hopeful that whatever was done for the Apache Tomcat add-on to pull in thread info can be generalized for the JMX add-on. I don't know what was required to originally setup that modular input though so working with the "Getting Data In" team appears to be the best option. Thanks all!

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...