Splunk® Supported Add-ons

Splunk Add-on for Tomcat

Download manual as PDF

Download topic as PDF

Enable saved searches for the Splunk Add-on for Tomcat

The Splunk Add-on for Tomcat includes two preconfigured lookup generation saved searches that you need to enable if you are using this add-on with Splunk IT Service Intelligence. These saved searches are based on the data collected through JMX and file based logs. You need to configure JMX inputs and set up the Splunk Add-on for Tomcat in order to collect the data. After the data has been indexed by the Splunk platform, you can manually run the saved searches in order to populate the lookup files then set a frequency to run them that matches the frequency of configuration changes in your environment.

Saved search name Description
Tomcat application server Saved search which populates the application_server and appserver_port_number fields using the tomcat_application_server_lookup.csv lookup file.
Tomcat version number Saved search which populates the version_number field using the tomcat_version_number_lookup.csv lookup file.

You can review and enable these saved searches either in Splunk Web or in the configuration files.

Access and enable saved searches in Splunk Web

To access and enable the saved searches in Splunk Web:

1. Go to Settings > Searches, reports, and alerts.

2. Set the app context to Splunk Add-on for Tomcat.

3. Click Enable next to the searches you would like to enable.

Access and enable saved searches in savedsearches.conf

To access and enable the saved searches in the configuration files:

1. Go to $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/default/savedsearches.conf.

2. Copy the file to /local.

3. In the local copy, for each search that you want to enable, change Disabled = 1 to Disabled = 0.

Last modified on 18 March, 2020
Enable and validate inputs for the Splunk Add-on for Tomcat
Troubleshoot the Splunk Add-on for Tomcat

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters