I have to setup Splunk for 100 servers, each server will have 5-10 JVMs, Each JVM generates 3-4 log files. I would like to index logs to a central Splunk server and along with data , I would also like to send custom fields. so that I can uniquely search JVM logs or different files. for example a NullPinterException in JVM= "ABC" and in log file Server.log or in jms.log.
How can I design the deployment and custom fields?
The deployment looks like the following
Server A->
JVM 1->
server.log
jakarta.log
httpd.log
jms.log
JVM 2->
server.log
jakarta.log
httpd.log
jms.log
Server B->
JVM 3->
server.log
jakarta.log
httpd.log
jms.log
JVM 4->
server.log
jakarta.log
httpd.log
↧