The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: SplunkAdministration: Splunk to monitor Oracle logs

Previous Topic: Problem to Index Linux Auditd  |   Next Topic: unable to see database logs


Posts 1–4 of 4
1
posted by: subhanjan  |  posts
date: May 30, 2009
permalink

Hi,
We have a splunk server Server A with receiving enabled from Server B.In Server B we have enabled forwarding and have set the LightForwarder mode.In Server B we have enabled Data Inputs->Files and Directories->Add Input and gave the customized path /oracle/test/admin/bdump/alert_test.log.
We are unable to see the path or logs in ServerA.
In ServerB we can see the following message in Splunk log

05-31-2009 08:14:46.697 INFO SavedSplunker - SavedSplunker::main: Found 0 saved searches ready to run

05-31-2009 08:15:16.698 INFO SavedSplunker - SavedSplunker::main: Found 0 saved searches ready to run

Can we monitor my Oracle logs?Did we missed something in configuration.

2
posted by: araitz  |  posts
date: June 1, 2009
permalink

On server B, can you show me:

- $SPLUNK_HOME/etc/system/local/inputs.conf

- $SPLUNK_HOME/etc/system/local/outputs.conf

- the output of 'splunk list monitor'

On server A, can you show me:

- $SPLUNK_HOME/etc/system/local/inputs.conf

Does the alert log have a header or any binary data in it? I don't believe it does, but it doesn't hurt to check.

3
posted by: subhanjan  |  posts
date: June 6, 2009
permalink

Thanks a lot.I cracked it myself going through the docs..

4
posted by: mateenbebal  |  posts
date: January 23, 2010
permalink

Subhanjan,

Can u guide me in extracting logs from oracle database(Solaris-Forwarder) to windows server 2003 (Splunk Indexer) ?
Or can u refer the docs to me ?

Thanks,
Mateen.