Splunk® Supported Add-ons

Splunk Add-on for Tomcat

Download manual as PDF

Download topic as PDF

Enable and validate inputs for the Splunk Add-on for Tomcat

After you have set up the Splunk Add-on for Tomcat, validate that the correct inputs have been created. You need to enable the dumpAllThreads input to collect thread information from your Tomcat servers. You can enable the input either through Splunk Web or through the configuration files.

The file monitoring inputs for the local Tomcat logs are enabled by default, but it is a good idea to confirm that they have been created.

Enable the dumpAllThreads input using Splunk Web

1. Go to Settings > Data Inputs and click on Splunk Add-on for Tomcat. You will see an input has been created called dumpAllThreads.

2. Click Enable next to the input to begin the data collection.

Enable the dumpAllThreads input in inputs.conf

1. Copy the inputs.conf file from $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/default to $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/local.

2. Open the file in a text editor. The contents look like this:

[tomcat]
interval = 60

[tomcat://dumpAllThreads]
object_name = java.lang:type=Threading
operation_name = dumpAllThreads
params = true, true
signature = boolean, boolean
split_array = true
duration = 120
disabled = true

3. Change disabled = true to disabled = false. This will enable the input.

4. Restart the Splunk platform.

Validate file monitoring inputs

If you configured file monitor inputs in the setup page by checking the Enable data collection from Tomcat log files box, validate that they were created successfully.

1. Go to Settings > Data inputs > Files & directories.

2. Click App in the column headings to organize the results by app name, then scroll to Splunk_TA_tomcat in that column.

3. Review the list of files being monitored to ensure it is as you expect. They should be enabled by default.

Note: If you subsequently change the directory in which the log files are stored, return to the setup page and check the Enable data collection from Tomcat log files box again and save the settings to generate new file monitoring inputs for the new location.

Validate Data Collection

To verify the add-on has been installed successfully and that all expected data is being ingested into the Splunk platform, run the following searches depending on which inputs you have configured.

Performance data and thread information:

sourcetype=tomcat:jmx

catalina.log, localhost.log, manager.log, and host-manager.log:

sourcetype=tomcat:runtime:log

locahost_access_log:

sourcetype=tomcat:access:log

PREVIOUS
Set up the Splunk Add-on for Tomcat
  NEXT
Enable saved searches for the Splunk Add-on for Tomcat

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters