Skip to main content


Splunk Lantern

Web server data


Web servers are the backend application behind every website that delivers all content seen by browser clients. Web servers access static HTML pages and run application scripts in a variety of languages that generate dynamic content and call other applications, such as middleware. Web servers can vary widely, and can include:

  • Java – J2EE: Java is the most popular programming language due to its versatility, relative ease of use and rich ecosystem of developer tools. Via the J2EE platform, which includes APIs, protocols, SDKs and object modules, Java is widely used for enterprise apps including web applets, middle-tier business logic and graphic front ends. Java is also used for native Android mobile apps.
  • Apache: Apache is one of the oldest and most-used web servers on the internet, powering millions of enterprise, government and public sites. Apache keeps detailed records of every transaction: every time a browser requests a webpage, Apache logs capture multiple datapoints about the request.

Web server data includes items such as the time, remote IP address, browser type, and page requested. They also includes various error conditions, such as a request for a missing file or attempts to access a file without appropriate permissions. These logs are critical in debugging both web application and server problems, but are also used to generate traffic statistics, track user behavior, and flag security attacks, such as attempted unauthorized entry or DDoS. In the Common Information Model, web server data is typically mapped to the Web Data model.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: 

Use cases for the Splunk platform