WebSphere - local
To get data from WebSphere logs into Splunk, point Splunk at a file, or a directory containing WebSphere logs:
1. From the Home page in Splunk Web, click Add data.
2. Under the To get started... banner, click WebSphere logs, metrics and other data.
3. Click Next under Consume WebSphere server logs from this Splunk server.
4. On the Get data from files and directories page, specify the source of the data by clicking on one of the three available choices.
5. In the Source field, enter the path to the file or directory you want Splunk to monitor:
You can usually leave the other fields blank, including the fields under the More settings option. Look here for detailed information on those fields.
6. Click Save.
7. From the Success page, click Search to start searching. You can enter any term that’s in your data, or you can click on a source, source type or host to see data from the different directories within your syslog directory, the different types of data in those directories, or the different hosts that sent the syslog data in the first place.
For more information on getting data from files and directories, see "Monitor files and directories" in this manual.
FSChange - local
IIS logs - local
This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14