Splunk® Supported Add-ons

Splunk Add-on for Tomcat

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Set up the Splunk Add-on for Tomcat

After you have installed the Splunk Add-on for Tomcat, you need to configure the inputs for the add-on. If you want to collect local Tomcat logs only, you can perform this configuration using either the Settings > Data Inputs > Files & directories page or by editing the inputs.conf file directly.

If you want to collect thread info for all threads from Tomcat servers, you must complete the Splunk Add-on for Tomcat Input page to configure the dumpAllThreads input.

If you want to collect performance data from Tomcat servers you need to configure a JMX connection to the Tomcat server in the Splunk Add-on for JMX as described in Configure JMX inputs for the Splunk Add-on for Tomcat. You do not need to complete the Splunk Add-on for Tomcat setup page if this is the only data you want to collect.

Set up basic authentication using Splunk Web

Complete these steps to set up the Splunk Add-on for Tomcat using Splunk Web:

  1. In Splunk Web, navigate the Splunk Add-on for Tomcat either by clicking the name of this add-on on the left navigation banner on through your Splunk platform Home page or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Tomcat.
  2. Go to the Tomcat Account tab.
  3. Click Add.
  4. In the Add Account dialog box, fill in the required fields:
    Field Description
    Name Add a unique name for Account.
    Tomcat JMX URL Enter the URL of your Tomcat instance in service:jmx:rmi:///jndi/rmi://<ip-address>:<port>/jmxrmi format.
    Tomcat JMX username Add server username.
    Tomcat JMX password Add server password.
  5. Note: JMX remote must be enabled on the Tomcat server in order to establish the JMX connection. See https://tomcat.apache.org/tomcat-10-doc/monitoring.html for information.

  6. Click Add:
    • If the entered information is authenticated successfully, the add-on saves the account information.
    • If you have entered incorrect credentials or an incorrect url, an error message appears on the dialog box. If you see such message, verify the information you have entered and try again.

Configure file monitor inputs in inputs.conf

If you would like to collect only local Tomcat log files, you can edit inputs.conf directly to create the file monitor inputs instead of using the Settings > Data Inputs > Files & directories page.

Note: If you would also like to collect thread information, you must use the Configuration/Inputs page for the Splunk Add-on for Tomcat.

1. Create an inputs.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/local.

2. Add the following stanzas. Modify the directory name as per the actual directory your Tomcat files are stored in.

[monitor:///Applications/apache-tomcat-10.0.12/logs/catalina.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log

[monitor:///Applications/apache-tomcat-10.0.12/logs/localhost.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log

[monitor:///Applications/apache-tomcat-10.0.12/logs/manager.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log

[monitor:///Applications/apache-tomcat-10.0.12/logs/host-manager.*.log]
disabled = false
followTail = false
index = main
sourcetype = tomcat:runtime:log

[monitor:///Applications/apache-tomcat-10.0.12/logs/localhost_access_log.*.txt]
disabled = true
followTail = false
index = main
sourcetype = tomcat:access:log

[monitor:///Applications/apache-tomcat-10.0.12/logs/localhost_access_log_splunk.*.txt]
disabled = false
followTail = false
index = main
sourcetype = tomcat:access:log:splunk

To collect CIM-compatible data using the tomcat:access:log:splunk sourcetype, you must Configure the Splunk recommended fields in the Splunk add-on for Tomcat.

3. Save the file.

4. Restart the Splunk platform to put these configuration changes into effect.


Optional Splunk Web configurations

Configure logging level using Splunk Web

  1. Go to the Splunk Add-on for Tomcat's landing page, either by clicking the name of this add-on on the left navigation banner on your on the Splunk software's home page or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Tomcat.
  2. Click the Configuration tab.
  3. Go to the Logging tab.
  4. (Optional) If you want to change the logging level, select a new level from the drop-down menu.
  5. Click Save to save your configurations.

​​==Set up the add-on using configuration files== Prerequisites

  • Only users with file system access, such as system administrators, can set up the Splunk Add-on for Tomcat using configuration files.
  • Review the steps in How to edit a configuration file in the Splunk Enterprise Admin Manual.

Never change or copy the configuration files in the default directory. The files in the default directory must remain intact and in their original location. Make changes to the files in the local directory.

Steps

Complete these steps to set up the Splunk Add-on for Tomcat using configuration files:

  1. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat and create a /local directory if it does not already exist.
  2. Create a file called splunk_ta_tomcat_account.conf in the $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/local directory.
  3. For each unique account name you want to keep, create a stanza. Make the stanza name same as the account name:
  4. Stanza Setting Description
    [account_name] jmx_url JMX URL to connect to the Tomcat server of the form service:jmx:rmi:///jndi/rmi://<ip-address>:<port>/jmxrmi
    username Username of the Tomcat server
    password Password of the Tomcat server
  5. Review the values for the settings in the $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/default/splunk_ta_tomcat_settings.conf file. The values for the settings are listed in the following table. To use different values, create a file called splunk_ta_tomcat_settings.conf in the $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/local directory. Add only the stanzas and settings that you want to change to the file in the local directory.
    Stanza Setting Description
    [logging] loglevel Specifies the verbosity of the logs. Default is INFO. Log level can be DEBUG, INFO or ERROR.
  6. Save your changes.
  7. Restart your Splunk instance.

If you have multiple search heads that are not in a search head cluster, perform these preceding steps on each search head to support search-time push integration. Configure data collection only on your data collection nodes, typically one or more heavy forwarders.

Last modified on 11 February, 2022
PREVIOUS
Configure JMX inputs for the Splunk Add-on for Tomcat
  NEXT
Configure dumpAllThreads inputs for the Splunk Add-on for Tomcat

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters