Splunk® Supported Add-ons

Splunk Add-on for Tomcat

Download manual as PDF

Download topic as PDF

Set up the Splunk Add-on for Tomcat

After you have installed the Splunk Add-on for Tomcat, you need to configure the inputs for the add-on. If you want to collect local Tomcat logs only, you can perform this configuration using either the set up page for the Splunk Add-on for Tomcat or by editing the inputs.conf file directly.

If you want to collect thread info for all threads from Tomcat servers, you must complete the Splunk Add-on for Tomcat setup page to configure the dumpAllThreads input.

If you want to collect performance data from Tomcat servers you need to configure a JMX connection to the Tomcat server in the Splunk Add-on for JMX as described in Configure JMX inputs for the Splunk Add-on for Tomcat. You do not need to complete the Splunk Add-on for Tomcat setup page if this is the only data you want to collect.

Use the Setup Page to Configure Inputs

1. On the Splunk instance that you want to be responsible for data collection from Tomcat, usually a heavy forwarder, go to the Splunk Web home screen.

2. From the top navigation bar, click Apps > Manage Apps.

3. In the row for Splunk Add-on for Tomcat, click Set up. The add-on setup screen displays.

4. Type the URL of your Tomcat server in the Tomcat JMX URL field in the specified format.

Note: JMX remote must be enabled on the Tomcat server in order to establish the JMX connection. See https://tomcat.apache.org/tomcat-8.0-doc/monitoring.html for information.

5. Type your Tomcat server user name in the Tomcat JMX user name field.

6. Type your Tomcat server password in the Tomcat JMX password field.

7. Retype the password in the Confirm password field.

Note: The Splunk platform encrypts the Tomcat server user name and password as soon as you enter these values.

8. Type the name of the index in which to store this data in the Index field. The default value is the default Splunk index, main.

9. If you want to change the Log level, select a new level from the drop down menu. The choices are INFO, DEBUG, and ERROR.

10. Under Data collection settings, check the Enable data collection from Tomcat log files box to collect Tomcat logs on the local server. Splunk will detect Tomcat logs on the local server and dynamically generate the file monitoring inputs for them. File monitoring can be created for the following logs: catalina.log, localhost.log, manager.log, host-manager.log, and localhost_access_log.txt.

Note: If you check this box and save the settings on this page, the file monitoring data inputs will be created. Afterwards, if you return to the setup page, this box will be unchecked since the inputs have already been created. If you change the directory in which the log files are stored, you can return to this page, check the box, and save again and Splunk will create new file monitoring inputs for the new location.

11. Click Save.

Configure file monitor inputs in inputs.conf

If you would like to collect only local Tomcat log files, you can edit inputs.conf directly to create the file monitor inputs instead of using the setup page.

Note: If you would also like to collect thread information, you must use the setup page for the Splunk Add-on for Tomcat.

1. Create an inputs.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/local.

2. Add the following stanzas. Modify the directory name if necessary to use the actual directory your Tomcat files are stored in.

[monitor:///Applications/apache-tomcat-8.0.23/logs/catalina.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log

[monitor:///Applications/apache-tomcat-8.0.23/logs/localhost.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log

[monitor:///Applications/apache-tomcat-8.0.23/logs/manager.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log

[monitor:///Applications/apache-tomcat-8.0.23/logs/host-manager.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log

[monitor:///Applications/apache-tomcat-8.0.23/logs/localhost_access_log.*.txt]
disabled = false
followTail = false
index = main
sourcetype = tomcat:access:log

3. Save the file.

4. Restart the Splunk platform to put these configuration changes into effect.

Next, validate that the data inputs were created and enable the dumpAllThreads input if you used the setup page to create this input.

PREVIOUS
Configure JMX inputs for the Splunk Add-on for Tomcat
  NEXT
Enable and validate inputs for the Splunk Add-on for Tomcat

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters