Enable saved searches for the Splunk Add-on for Tomcat
The Splunk Add-on for Tomcat includes two preconfigured lookup generation saved searches that you need to enable if you are using this add-on with Splunk IT Service Intelligence. These saved searches are based on the data collected through JMX and file based logs. You need to configure JMX inputs and set up the Splunk Add-on for Tomcat in order to collect the data. After the data has been indexed by the Splunk platform, you can manually run the saved searches in order to populate the lookup files then set a frequency to run them that matches the frequency of configuration changes in your environment.
|Saved search name||Description|
|Tomcat application server||Saved search which populates the |
|Tomcat version number||Saved search which populates the |
You can review and enable these saved searches either in Splunk Web or in the configuration files.
Access and enable saved searches in Splunk Web
To access and enable the saved searches in Splunk Web:
1. Go to Settings > Searches, reports, and alerts.
2. Set the app context to Splunk Add-on for Tomcat.
3. Click Enable next to the searches you would like to enable.
Access and enable saved searches in
To access and enable the saved searches in the configuration files:
1. Go to
2. Copy the file to
3. In the local copy, for each search that you want to enable, change
Disabled = 1 to
Disabled = 0.
Enable and validate inputs for the Splunk Add-on for Tomcat
Troubleshoot the Splunk Add-on for Tomcat
This documentation applies to the following versions of Splunk® Supported Add-ons: released