Configure dumpAllThreads inputs for the Splunk Add-on for Tomcat
After you have set up the Splunk Add-on for Tomcat, validate that the correct inputs have been created. You need to update and enable the dumpAllThreads input to collect thread information from your Tomcat servers. You can enable the input either through Splunk Web or through the configuration files.
The file monitoring inputs for the local Tomcat logs are enabled by default, but it is a good idea to confirm that they have been created.
Configure Tomcat inputs via Splunk web
- In the Splunk Add-on for Tomcat, click the Inputs tab.
- Click Create New Input.
- In the Add Input box, complete the following fields:
Field Description Name Enter a unique name for the input. Tomcat Account Select your Tomcat account name configured under the Configurations page. Collection Interval The data collection interval, in seconds. Index The index that stores the collected data from this input. The default index is main. - Click Save.
Configure Tomcat inputs via inputs.conf
To configure inputs manually in inputs.conf, create stanzas using the following parameters and add them to $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/local/inputs.conf. If the file or path does not exist, create it.
[tomcat://<name>] account = <string> object_name = java.lang:type=Threading operation_name = dumpAllThreads signature = boolean, boolean params = true, true split_array = true duration = <integer>
If you want to use the default inputs, the default value of the inputs can be found in $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/default/inputs.conf. You can copy the file to the local folder and edit it using the parameters table below.
Input Parameters
Each attribute in the following table corresponds to a field in Splunk Web:
| Attribute | Corresponding field in Splunk Web | Description |
|---|---|---|
account
|
Tomcat Account | Account from which data is to be collected. |
object_name
|
ObjectName | The object name of the MBean on which the method is to be invoked. Supported is java.lang:type=Threading
|
operation_name
|
OperationName | The name of the operation to be invoked. Supported is dumpAllThreads
|
signature
|
Signature | Enter the java data types separated by comma. Supported is boolean, boolean
|
params
|
Parameters | Enter the values for the data types(entered in Signature) separated by comma. Supported is true, true
|
split_array
|
SplitArray | False] True to split up the whole data chunk into events and false if otherwise. Supported is true
|
duration
|
Collection Interval | Collection interval at which the data should be collected. |
index
|
Index | The index in which to store Tomcat input data. The default is default. |
Validate file monitoring inputs
Validate that file monitoring inputs have been successfully created.
1. Go to Settings > Data inputs > Files & directories.
2. Click App in the column headings to organize the results by app name, then scroll to Splunk_TA_tomcat in that column.
3. Review the list of files being monitored to ensure it is as you expect. They should be enabled by default.
Note: If you subsequently change the directory in which the log files are stored, generate new file monitoring inputs for the new location by using Settings > Data inputs > Files & directories page or update the local copy of inputs.conf file
Validate Data Collection
To verify the add-on has been installed successfully and that all expected data is being ingested into the Splunk platform, run the following searches depending on which inputs you have configured.
Performance data and thread information:
sourcetype=tomcat:jmx
catalina*.log, localhost*.log, manager*.log, and host-manager*.log:
sourcetype=tomcat:runtime:log
locahost_access_log*.txt:
sourcetype=tomcat:access:log
locahost_access_log_splunk*.txt:
sourcetype=tomcat:access:log:splunk
| Set up the Splunk Add-on for Tomcat | Enable saved searches for the Splunk Add-on for Tomcat |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!