Question

我最近正在从事机器学习。我的目标是需要在splunk搜索中查看来自本地安装的tomcat的日志。

我在本地计算机的驱动器上安装了apache tomcat。然后打开splunk实例，我安装了tomcat add ons，遵循此说明（splunk docs）。创建inputs.conf文件并将其放置在Splunk_TA_tomcat / local文件夹中。然后重新启动splunk。我去搜索页面之后。我输入此命令sourcetype = tomcat：access：log。我什么都没有。请帮助我。

1. Create an inputs.conf file in $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/local.

 2. Add the following stanzas. Modify the directory name if necessary to use the actual directory your Tomcat files are stored in.

 [monitor:///Applications/apache-tomcat-8.0.23/logs/catalina.*.log]
 disabled = false
 followTail = false
 index = main
 sourcetype = tomcat:runtime:log

 [monitor:///Applications/apache-tomcat-8.0.23/logs/localhost.*.log]
 disabled = false
 followTail = false
 index = main
 sourcetype = tomcat:runtime:log

 [monitor:///Applications/apache-tomcat-8.0.23/logs/manager.*.log]
 disabled = false
 followTail = false
 index = main
 sourcetype = tomcat:runtime:log

 [monitor:///Applications/apache-tomcat-8.0.23/logs/host-manager.*.log]
 disabled = false
 followTail = false
 index = main
 sourcetype = tomcat:runtime:log

 [monitor:///Applications/apache-tomcat-8.0.23/logs/localhost_access_log.*.txt]
 disabled = false
 followTail = false
 index = main
 sourcetype = tomcat:access:log

如何在splunk 7.2.0中获取tomcat日志？

0 个答案: