Splunk® Supported Add-ons

Splunk Add-on for IBM WebSphere Application Server

Enable saved search for the Splunk Add-on for IBM WebSphere Application Server

The Splunk Add-on for IBM WebSphere Application Server includes a preconfigured lookup generation saved search that you need to enable if you are using this add-on with Splunk IT Service Intelligence. This saved search is based on the data collected through JMX and file based logs. You need to configure JMX inputs, configure server log inputs, and configure monitor inputs for the gc.log and serverindex.xml logs in order to collect the data. After the data has been indexed by the Splunk platform, manually run the saved search in order to populate the lookup file then set a frequency to run it that matches the frequency of configuration changes in your environment.

Saved search name Description
Server Index - WAS Inventory Lookup Generates the ibm_was_inventory lookup file. Populates the appserver_port_number and application_server fields in the events.

You can review and enable the saved search either in Splunk Web or in the configuration files.

Access and enable saved search in Splunk Web

To access and enable the saved search in Splunk Web:

1. Go to Settings > Searches, reports, and alerts.

2. Set the app context to Splunk Add-on for IBM WebSphere Application Server.

3. Click Enable next to Server Index - WAS Inventory Lookup.

Access and enable saved search in savedsearches.conf

To access and enable the saved search in the configuration files:

1. Go to $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/default/savedsearches.conf.

2. Copy the file to /local.

3. In the local copy, change disabled = 1 to disabled = 0.

Last modified on 16 September, 2024
Configure global settings, HPEL inputs, and server log inputs for IBM WebSphere Application Server   Lookups for the Splunk Add-on for IBM WebSphere Application Server

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters