Configuring CLM for Splunk
One answer
I have only minimal experience with Splunk, but my common sense best guess is that you will have to take the CLM logs as they are and use Splunk to analyze them. I am not aware of a way to redirect the logs. The logs sit is a folder.
Comments
If it just the folder location, splunk can handle that. It's the log conent. The WAS console is needed to turn on http and http error logging. (see https://docs.splunk.com/Documentation/AddOns/released/IBMWAS/Setup). that I have to take them the log content 'as is' with liberty since console customization isn't available. My understanding of our security rules (customer driven) is that the http logging is required before the firewall will be opened. From what I can see I think you are correct and I'm afraid we'll need to convert from WAS-liberty to regular WAS. Not something I'm looking forward to.
I have sent a question to a customer that is looking into Liberty Profile and Splunk. Not sure if they have a similar challenge though. Have you checked if Liberty Profile (WLP) supports a similar approach? I know it is possible to download the diagnostics/Logs from the diagnostics page.
Also, there are a lot of new MBeans based reporting capabilities in 6.0.3 and beyond.
Sorry, but that customer directly reads the log files.