Data comes in 'Search' but not seen in the dashboard via the default 'Apps' (Apache Tomcat app)
We can see the data in 'Search' but don't see any data in the dashboard after configuring the 'Apache tomcat apps'.
Does anyone have any idea what are we missing here?
-
Prachi,
The most likely scenario is that your Tomcat logs have been customized to include other fields; therefore, the parsing rules embedded in the App are not properly parsing your logs.
You can test this by clicking the link "Show in Search" on any of the Panels not rendering in your installed Dashboards - this will take you to the query behind the data Panel. The query will read something like:
_sourceCategory = "Labs/Tomcat"
| parse regex "(?<remote_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+(?<user>\S+)\s+(?<hostname>[\S]+)\s+\[" nodrop
| parse regex "(?<remote_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+(?<local_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+(?<user>\S+)\s+(?<hostname>[\S]+)\s+\[" nodrop
| parse regex "\s+\[(?<date>[^\]]+)\]\s+\"(?<method>\w+)\s+(?<uri>\S+)\s+(?<protocol>\S+)\"\s+(?<status_code>\d+)\s+(?<size>[\d-]+)" nodrop
| parse regex "\"\s+\d+\s+[\d-]+\s+(?<timetaken>[\d-]+)"
| lookup latitude, longitude, country_code, country_name, region, city, postal_code, area_code, metro_code from geo://default on ip = remote_ip
| count by latitude, longitude, country_code, country_name, region, city, postal_code, area_code, metro_code
| sort _countIf you have custom fields, you will need to edit the parse statements (lines 2-5) in order to extract the desired fields.
Hope this helps.
Mario
Please sign in to leave a comment.
Comments
1 comment