Splunk and WebLogic

Tired of grepping like a monkey? Use SPLUNK

The tutorial videos on their home page are excellent.

for managed server logs:

http://splunkbase.splunk.com/apps/All/3.x/app:WebLogic+Event+Types#


for access logs:

http://splunkbase.splunk.com/apps/All/3.x/app:WebLogic+Access




The tutorial video on installing Splunk on Linux is here  (you must create an account).
Downloaded splunk-5.0.1-143156-Linux-x86_64.gz . Put in /opt2, tar xvf splunk-5.0.1-143156-Linux-x86_64.gz,
cd /opt2/splunk/
./splunk start

log into http://myserver.com:8000/en-GB/account/login?return_to=%2Fen-GB%2F as admin / changeme
change password
add data, A file or directory of files, Consume any file on this Splunk server, select a weblogic file
the choices available are:


    A file or directory of files
    Syslog
    Windows event logs
    Windows Registry
    Windows performance metrics

    Unix/Linux logs and metrics
    File integrity monitoring
    Configuration files
    OPSEC LEA
    Cisco device logs

    llS logs
    Apache logs
    WebSphere logs, metrics and other data
    Any other data...

Out of the box, the WebLogic files are not recognized
You can read the book Exploring Splunk at http://www.splunk.com/web_assets/v5/book/Exploring_Splunk.pdf

To install the WebLogic Eventy Type app:
http://docs.splunk.com/Documentation/Splunk/3.4.13/Admin/InstallSplunkApplications

the menu is: splunk, Manager, Apps, Upload App, and provide the weblogic.tar.gz downloaded from the link http://splunkbase.splunk.com/apps/All/3.x/app:WebLogic+Event+Types#

Cool video on how to add a directory of files for indexing: