2 of 2 people found this helpful
Splunk is great for monitoring Tableau Server, and you should just forward all the logs. What worked well for me is to index Windows server event logs too, and then use that as a drilldown into the Tableau logs. One of the difficulties with Tableau logs is that error messages seen by users are rarely of any use for searching in Tableau logs. Many/most Tableau Server errors also end up in Windows event logs, so you can start with a Windows event log of interest, then find surrounding Tableau Server log entries.
To format Windows events (from the Tableau Server) into a tabular format, you can start try something like this. In this example, the Splunk index name is win, servers of interest are MYSERVER1, MYSERVER2 and domain is xxx.yyy.com
index=win ("ComputerName=MYSERVER1" OR "ComputerName=MYSERVER2") 4096 | rex field=Message "catalina-exec-.* (?<SITE1>.*) xxx.yyy.com\\\(?<ADUser>.*) ERROR" | rex field=Message "backgroundJobRunnerScheduler-1 (?<SITE2>.*) ERROR " | rex field=Message "wgsessionId=(?<SESS>.*) com.tableausoftware.controller.*" |rex field=Message "requestId=(?<REQUEST>.*): [a-z]" | rex mode=sed field=ComputerName s/.xxx.yyy.com//g | eval SITE=coalesce(SITE1,"").coalesce(SITE2,"") | table _time SourceName SITE ADUser ComputerName Type Message SESS REQUEST
Andrew, Nice post.
I see that about 25 logs generated by Tableau Server are available when the Status | Log download link is executed.
It would be nice to setup Splunk monitoring on this entire set.
By any chance have you seen (or can provide) a listing of the Splunk "source type" for these?
Presumably the HTTPD one is regular apache. And I'll skip Zookeeper perhaps....
But the others ... do I need to analyze the format of each log and create a Splunk "source type" for each log variant?
I asked Tableau Support about this ... and they said they don't offer any help dealing with log files...