JMS/JMX - write your own
You can write custom Java Message Service (JMS) or Java Management Extension (JMX) scripts and then set up Splunk to run the scripts at regular intervals to gather data about your Java MBeans, VMs or other J2EE-based technical services.
First, write and test your JMS or JMX script. Once that's done, place it in $SPLUNK_HOME/bin/scripts on the Splunk instance you want to monitor your Java environment.
Then, point Splunk at this script:
1. From the Home page in Splunk Web, click Add data.
2. Under the To get started... banner, click WebSphere logs, metrics and other data.
3. Click Next under Collect messages from JMS.
4. On the Add New page, specify the name of your script, including any required arguments.
5. Tell Splunk how often you want to run the script by specifying the desired interval in the Interval field.
6. Optionally, you can tell Splunk to override the default source value for your script, by putting a string into the Source name override field.
7. You can also set the sourcetype of the events generated by this script by choosing From list in the Set sourcetype drop-down, then selecting the desired choice from the Select source type from list drop-down. Or, choose Manually from "Set sourcetype," and then enter a string in the Source type field that appears.
You can usually leave the other fields unchanged, including the fields under the More settings option. Look here for detailed information on these fields.
8. Click Save.
9. From the Success page, click Search to start searching. You can enter any term that’s in your data, or you can click on a source, source type or host to see data from the different directories within your syslog directory, the different types of data in those directories, or the different hosts that sent the syslog data in the first place.
For more information on getting data from scripts into Splunk, see "Get data from APIs and other remote data interfaces through scripted inputs" in this manual.
Apache logs - local
Overview of event processing
This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14