Recently I had to monitor and analyze the logs after go live for couple of days . Attended Splunk training earlier but didn't get chance to use it much and started exploring it.
- Basic installation is simple , downloaded the latest version from
For the installation instructions ,check this video
- After successful installation , it asked me to enter the userid and password (For the first time login default user id and password are "admin/changeme")
- For simple log file analysis like log4j logs … etc , you just need to feed the input data or log files
- Splunk provides out of the box App to analyze and monitor websphere appserver server config and logs (events).
- You can install this WAS app from the Splunk UI directly
6. provide the Splunk account details to download the app , once the installation is done it asks restart.
You need provide the was admin crendentials If you want to gather the JMX metrics (Like WAS out of the box PMI metrics).
By default it provides couple of dashboards
On each WAS machine from which you will collect log data, you must install a Splunk universal forwarder and the Splunk Forwarder Add-on for WAS. If you want to collect JMX performance data, then you must have a stand-alone host with network access to the WAS Deployment Manager and an installed Splunk universal forwarder with the Splunk Forwarder Appliance Add-on for WAS installed. To collect, search,and store the data in your environment you must have a Splunk instance with the Splunk App for WAS installed.
Note: As I have single server , I have installed it as a standalone App , In this case you do not need the FA or the Forwarder Add-ons.
For detailed integration information , check the below link