Skip to content

Upgrade the Splunk Add-on for Tomcat

Upgrade note for 3.3.1

When upgrading from version 3.3.0 to 3.3.1, Splunk administrators must manually clean up duplicate or older Java dependency jars from:

$SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/bin/java/jmx-op-invoke-1.2.0/lib

Delete the following files if present:

  • commons-lang3-3.14.0.jar
  • log4j-api-2.18.0.jar
  • log4j-core-2.18.0.jar

Also remove any additional older versions matching these patterns if multiple versions are present:

  • commons-lang3-<version-number>.jar
  • log4j-api-<version-number>.jar
  • log4j-core-<version-number>.jar

Keep only the following versions shipped with Splunk Add-on for Tomcat 3.3.1:

  • log4j-core-2.25.3.jar
  • commons-lang3-3.18.0.jar
  • log4j-api-2.25.3.jar

Upgrade note for 3.3.0

To upgrade Splunk Add-on for Tomcat from v2.1.0 to v3.0.0:

  1. In Splunk Web, navigate to Settings > Data Inputs and click on Splunk Add-on for Tomcat.

  2. Deactivate the inputs configured in your existing version of the Splunk Add-on for Tomcat.

  3. Upgrade the add-on to version v3.0.0 either by clicking the Upgrade button, or by following the installation steps in the Install topic of this manual.

  4. In Splunk Web, navigate to the Splunk Add-on for Tomcat.

  5. On the Splunk Add-on for Tomcat configuration page, navigate to the Account tab, by clicking Configuration > Account. Configure your Tomcat account, see the Set up the Splunk Add-on for Tomcat topic in this manual for more information.

  6. Navigate to the Inputs page, by clicking Inputs tab.

  7. Add the account you have configured by editing the dumpAllThreads input.

  8. Activate the reconfigured dumpAllThreads input.

  9. (Optional) If you are using the savedsearches of Tomcat, refer the Migrating from CSV lookups to KV store lookups under Activate saved searches for the Splunk Add-on for Tomcat section for detailed steps.

Before upgrading the Splunk add-on for Tomcat to version 2.1.0 from version 2.0.1 or lower, follow these steps: If you want to use the tomcat:access:log:splunk sourcetype to collect CIM-compatible data, follow these steps to Configure Splunk recommended fields in Splunk add-on for Tomcat instead.

Note

Splunk Cloud Platform deployments on Victoria Experience do not require Inputs Data Manager (IDM). If your deployment is on Victoria Experience you can run add-ons that contain scripted and modular inputs directly on the search head. To determine if your deployment has the Classic or Victoria experience, see Determine your Splunk Cloud Platform Experience.

For the Classic Experience:

  1. Deactivate the “dumpAllThreads” input if activated, on your Heavy Forwarder (HF) or Inputs Data Manager (IDM) from the user interface.

  2. Upgrade the Splunk add-on for Tomcat to the version 2.1.0.

  3. Restart your Splunk instance.

  4. Activate the “dumpAllThreads” input.