Set up the Splunk Add-on for Tomcat
After you have installed the Splunk Add-on for Tomcat, you need to configure the inputs for the add-on. If you want to collect local Tomcat logs only, you can perform this configuration using either the Settings > Data Inputs > Files & directories page or by editing the
inputs.conf file directly.
If you want to collect thread info for all threads from Tomcat servers, you must complete the Splunk Add-on for Tomcat Input page to configure the dumpAllThreads input.
If you want to collect performance data from Tomcat servers you need to configure a JMX connection to the Tomcat server in the Splunk Add-on for JMX as described in Configure JMX inputs for the Splunk Add-on for Tomcat. You do not need to complete the Splunk Add-on for Tomcat setup page if this is the only data you want to collect.
Set up basic authentication using Splunk Web
Complete these steps to set up the Splunk Add-on for Tomcat using Splunk Web:
- In Splunk Web, navigate the Splunk Add-on for Tomcat either by clicking the name of this add-on on the left navigation banner on through your Splunk platform Home page or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Tomcat.
- Go to the Tomcat Account tab.
- Click Add.
- In the Add Account dialog box, fill in the required fields:
Field Description Name Add a unique name for Account. Tomcat JMX URL Enter the URL of your Tomcat instance in service:jmx:rmi:///jndi/rmi://<ip-address>:<port>/jmxrmi format. Tomcat JMX username Add server username. Tomcat JMX password Add server password.
- Click Add:
- If the entered information is authenticated successfully, the add-on saves the account information.
- If you have entered incorrect credentials or an incorrect url, an error message appears on the dialog box. If you see such message, verify the information you have entered and try again.
Note: JMX remote must be enabled on the Tomcat server in order to establish the JMX connection. See https://tomcat.apache.org/tomcat-10-doc/monitoring.html for information.
Configure file monitor inputs in inputs.conf
If you would like to collect only local Tomcat log files, you can edit
inputs.conf directly to create the file monitor inputs instead of using the Settings > Data Inputs > Files & directories page.
Note: If you would also like to collect thread information, you must use the Configuration/Inputs page for the Splunk Add-on for Tomcat.
1. Create an
inputs.conf file in
2. Add the following stanzas. Modify the directory name as per the actual directory your Tomcat files are stored in.
[monitor:///Applications/apache-tomcat-10.0.12/logs/catalina.*.log] disabled = false followTail = false index = main sourcetype = tomcat:runtime:log [monitor:///Applications/apache-tomcat-10.0.12/logs/localhost.*.log] disabled = false followTail = false index = main sourcetype = tomcat:runtime:log [monitor:///Applications/apache-tomcat-10.0.12/logs/manager.*.log] disabled = false followTail = false index = main sourcetype = tomcat:runtime:log [monitor:///Applications/apache-tomcat-10.0.12/logs/host-manager.*.log] disabled = false followTail = false index = main sourcetype = tomcat:runtime:log [monitor:///Applications/apache-tomcat-10.0.12/logs/localhost_access_log.*.txt] disabled = true followTail = false index = main sourcetype = tomcat:access:log [monitor:///Applications/apache-tomcat-10.0.12/logs/localhost_access_log_splunk.*.txt] disabled = false followTail = false index = main sourcetype = tomcat:access:log:splunk
To collect CIM-compatible data using the
tomcat:access:log:splunk sourcetype, you must Configure the Splunk recommended fields in the Splunk add-on for Tomcat.
3. Save the file.
4. Restart the Splunk platform to put these configuration changes into effect.
Optional Splunk Web configurations
Configure logging level using Splunk Web
- Go to the Splunk Add-on for Tomcat's landing page, either by clicking the name of this add-on on the left navigation banner on your on the Splunk software's home page or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Tomcat.
- Click the Configuration tab.
- Go to the Logging tab.
- (Optional) If you want to change the logging level, select a new level from the drop-down menu.
- Click Save to save your configurations.
==Set up the add-on using configuration files== Prerequisites
- Only users with file system access, such as system administrators, can set up the Splunk Add-on for Tomcat using configuration files.
- Review the steps in How to edit a configuration file in the Splunk Enterprise Admin Manual.
Never change or copy the configuration files in the default directory. The files in the default directory must remain intact and in their original location. Make changes to the files in the local directory.
Complete these steps to set up the Splunk Add-on for Tomcat using configuration files:
- Navigate to
$SPLUNK_HOME/etc/apps/Splunk_TA_tomcatand create a
/localdirectory if it does not already exist.
- Create a file called
- For each unique account name you want to keep, create a stanza. Make the stanza name same as the account name:
- Review the values for the settings in the
$SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/default/splunk_ta_tomcat_settings.conffile. The values for the settings are listed in the following table. To use different values, create a file called
$SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/localdirectory. Add only the stanzas and settings that you want to change to the file in the
Stanza Setting Description [logging] loglevel Specifies the verbosity of the logs. Default is
INFO. Log level can be
- Save your changes.
- Restart your Splunk instance.
||jmx_url||JMX URL to connect to the Tomcat server of the form service:jmx:rmi:///jndi/rmi://<ip-address>:<port>/jmxrmi|
|username||Username of the Tomcat server|
|password||Password of the Tomcat server|
If you have multiple search heads that are not in a search head cluster, perform these preceding steps on each search head to support search-time push integration. Configure data collection only on your data collection nodes, typically one or more heavy forwarders.
Configure JMX inputs for the Splunk Add-on for Tomcat
Configure dumpAllThreads inputs for the Splunk Add-on for Tomcat
This documentation applies to the following versions of Splunk® Supported Add-ons: released