Hi All, I'm trying to add weblogic 10.3 log files to indexer and I'm struggling to get the timestamp parsed correctly. I'm new to Splunk so may need little bit of more step-through/concept help so please ignore my lack of understanding. I add the data via local log file. Its more for ad-hoc analysis at this point.. will get to forwarder later! I specify source type as log4j In the preview srceen the dates don't match as well as the timestamp is wrong compared to data in log messages. My log file has data like this <13/08/2012 12:00:14 AM EST> <[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)'> < > <> <> <1344175214433> <Failed to communicate with proxy: xx.xx.xx.xxx/8080. Will try connection xx.xx.xx.xxx/8081 now. The parsing/output in Preview looks like this 8/6/12 3:00:14.000 PM ####<13/08/2012 12:00:14 AM EST> As you can see the parsing of the date time isn't working and I get an exclamation mark in preview complaining about 'could not use strptime to parse the timestamp...' currently applied settings looks like this in preview page: NO_BINARY_CHECK=1 TIME_FORMAT=%d/%m/%Y %I:%M:%S %p TZ=Australia/Melbourne These previous posts dont work and complains about syntax at startup time. http://splunk-base.splunk.com/answers/8142/how-do-i-extract-useful-information-into-fields-from-oracle-weblogic-application-server-logs Any help would be appreciated... Thanks heaps, Parth ... View more

Hi, I'm interested in knowing how to use splunk for detailed apache performance monitoring. We are used to using Hyperic for lot of these (http://www.hyperic.com/products/apache-monitoring) but I couldn't find specific 'adapters' in splunk that expose lot of these information from apache (to splunk). Enabling lot of these in logging and then using splunk to analyse & create dashboards/alert the way forward or there are other ways? I'm newbie to splunk so thanks in-advance if this is a really 'dumb' question... cheers, Parth ... View more