Videos

Stuff Splunkers Should Know (1) - PerfMon / WMI Collection in Splunk 4.2

Added by Michael Wilde
Splunk + SCOM - Troubleshooting .NET at Lightspeed!

Added by Michael Wilde

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Added by Michael Wilde

Latest Activity

William S and Please... Dee Esssss :-) joined splunkninja

1 hour ago

Amine Recoba is now a member of splunkninja

yesterday

Welcome Them!

Michael Wilde replied to Nikita's discussion Count failures and success via transaction

"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"

Friday

Linus Myrefelt updated their profile

May 22

Marie updated their profile

May 21

Marie is now a member of splunkninja

May 21

Welcome Them!

Jitter and matthew arguin joined splunkninja

May 18

Matthew Carter and Nikita joined splunkninja

May 17

Using the websphere_trlog_sys* source types

Splunk has graciously included the websphere_trlog_sysout and websphere_trlog_syserr source types out of the box. They seem to handle the log entries very well.

However, due to the way IBM writes out these logs when they get rolled, you will also need to include the following line in your inputs.conf for your WAS logs:

crcSalt = <SOURCE>

Otherwise, Splunk will think it has already processed the log and ignore the new ones WebSphere AppServer creates. The Splunk docs describe the crcSalt option in more detail.

Tags: websphere