Configure monitor inputs for the Splunk Add-on for Apache Web Server
The Splunk Add-on for Apache Web Server collects data through file monitoring. After installing the add-on, you need to configure the platform to monitor the access and error log file generated by Apache Web Server. You can user either Splunk Web to create the monitor input or edit the
Configure monitoring input through Splunk Web
Configure file monitoring inputs on your data collection node for the Apache Web Server access and error log file.
- Log into Splunk Web.
- Select Settings > Data inputs > Files & directories.
- Click New.
- Click Browse next to the File or Directory field.
- Navigate to the access log file generated by the Apache Web Server and click Next.
- Navigate to the error log file generated by the Apache Web Server and click Next.
- On the Input Settings page, next to Source type, click Select. In the Select Source Type dropdown, select Network & Security, then apache:access and apache:error or type these two source types in the search field.
- Click Review.
- After you review the information, click Submit.
Note: The default location of the access log file may vary from different system, The default location of access log usually is
/var/log/apache2/access.log, but your path may differ.
Note: The default location of the error log file may vary from different system, The default location of error log usually is
/var/log/apache2/error.log, but your path may differ. And Apache Web Server may have multiple access logs and error logs, you can add an asterisk wildcard at the end of file name to retreive all log data.
Configure monitoring input through inputs.conf
You can create an
inputs.conf file and configure the monitor input in this file instead of using Splunk Web.
- Using a text editor, create a file named
- Add the following stanza and lines, replacing
<path>with the actual path to access log and error log, and save the file.
Note: You can add an asterisk wildcard at the end of the file name to retrieve all log data.
[monitor://<path>] sourcetype=apache:access disabled = 0 [monitor://<path>] sourcetype=apache:error disabled = 0
- Restart the Splunk platform for the new input to take effect.
Configure the Apache Web Server to send logs to Splunk Add-on for Apache Web Server
Troubleshoot the Splunk Add-on for Apache Web Server
This documentation applies to the following versions of Splunk® Supported Add-ons: released