About the walkthrough setup
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
About the walkthrough setup
The step-by-step walkthroughs in this manual use data generated for a multi-tier application that allows phone subscribers to activate and manage their accounts over the web and perform tasks such as add users or phones to their account or pay their bills. The application deployment includes servers spread across three domains in three different regions of the United States:
- 30 webservers that output web logs in key-value paired log4j format; in the example, the Splunk source type is
weblog. - 30 middletier servers that output J2EE logs in an xml=type format; in the example, the Splunk source type is
j2eelog. - 30 API servers that output logs with multi-line events; in the example, the Splunk source type is
apilog. - 3 MySQL servers that output text error logs; in the example, the Splunk source type is
mysqld.
In order to get the beginner up and running, the walkthroughs assume a simple Splunk deployment, with one central Splunk instance that both indexes the data and performs searches. For most application management use cases, you need to set up forwarders to gather the data from remote machines and possibly configure a distributed Splunk deployment. See Advanced Indexing Strategy for a discussion of the different options for deploying Splunk.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 View the Article History for its revisions.