Apache logs - local
To get data from Apache web server logs into Splunk, point Splunk at a file, or a directory containing Apache logs:
1. From the Home page in Splunk Web, click Add data.
2. Under the To get started... banner, click Apache logs.
3. Click Next under Consume Apache logs on this Splunk server.
4. On the Get data from files and directories page, specify the source of the data by clicking on one of the three available choices.
5. In the Source field, enter the path to the file or directory you want Splunk to monitor:
You can usually leave the other fields blank, including the fields under the More settings option. Look here for detailed information on those fields.
6. Click Save.
7. From the Success page, click Search to start searching. You can enter any term that’s in your data, or you can click on a source, source type or host to see data from the different directories within your Apache log directory, the different types of data in those directories, or the different hosts that sent the Apache log data in the first place.
For more information on getting data from files and directories, see "Monitor files and directories" in this manual.
IIS logs - local
JMS/JMX - write your own
This documentation applies to the following versions of Splunk® Enterprise: