Saturday, December 15, 2012

Splunk and WebLogic

Tired of grepping like a monkey? Use SPLUNK

The tutorial videos on their home page are excellent.

for managed server logs:

for access logs:

The tutorial video on installing Splunk on Linux is here  (you must create an account).
Downloaded splunk-5.0.1-143156-Linux-x86_64.gz . Put in /opt2, tar xvf splunk-5.0.1-143156-Linux-x86_64.gz,
cd /opt2/splunk/
./splunk start

log into as admin / changeme
change password
add data, A file or directory of files, Consume any file on this Splunk server, select a weblogic file
the choices available are:

    A file or directory of files
    Windows event logs
    Windows Registry
    Windows performance metrics

    Unix/Linux logs and metrics
    File integrity monitoring
    Configuration files
    Cisco device logs

    llS logs
    Apache logs
    WebSphere logs, metrics and other data
    Any other data...

Out of the box, the WebLogic files are not recognized
You can read the book Exploring Splunk at

To install the WebLogic Eventy Type app:

the menu is: splunk, Manager, Apps, Upload App, and provide the weblogic.tar.gz downloaded from the link

Cool video on how to add a directory of files for indexing:

