I started working on splunk recently. I have couple of Apache tomcat servers and I want to analyze the logs and create the reports using the splunk tool. I went through all the basic documentation required for Splunk but still was not able to figure out what all things it can achieve.
What I tried so far is below mention search string
host="myhostname" source="mylogfile.log*"
I am now able to get basic search result but not able to achieve reporting type of queries.
Can you share good tutorials for tomcat-splunk integration where I can get basic idea for reports such as
1) How many users accessed the application functionality in a day,week,month depending on access logs of server ?
2) Error codes occurred and it's frequency Diagram.
3) User specific error reports.
4) Can Splunk trigger some notification after it get's particular error code in log files.
For all above queries I have data and also I am able to use my Unix scripts to perform the work , but I want to reduce the manual intervention and also add some visaul data analysis over the shell scripts.
Please let me know if you have links of good tutorials or information on same. Many Thanks in advance.
