Table of Contents

weblogic-blog-overview.png

What You’ll Learn

This guide shows how to forward logs from Oracle WebLogic Server to OpenObserve using Fluent Bit. You'll learn:

  • Why native WebLogic logging falls short for observability
  • How to use Fluent Bit to send WebLogic logs to OpenObserve
  • How to use VRL (Vector Remap Language) support to cleanly parse and structure the logs for querying, dashboards, and alerting.

What Is Oracle WebLogic?

Oracle WebLogic Server is a Java EE application server used to build, deploy, and run enterprise-level applications. It's widely adopted for hosting large-scale Java applications, offering features like clustering, load balancing, and high availability. WebLogic handles everything from web application delivery to business logic execution, and generates extensive logs capturing server events, deployments, and runtime behaviors.

Oracle WebLogic produces several types of logs that capture different aspects of the application’s behavior. Two common ones are:

Log Type Path Examples Description
Server Logs <DOMAIN_HOME>/servers/<server_name>/logs/<server_name>.log General runtime logs including startup, shutdown, deployments, and exceptions
Access Logs <DOMAIN_HOME>/servers/<server_name>/logs/access.log (if enabled) HTTP request and response logging for web applications

By default, these logs are written in plain text and are often rotated based on file size or age. For example, a typical log line might look like this:

####<2025-08-04T09:00:00.123+0530> <Error> <Thread-12> <weblogic.servlet.internal.WebAppServletContext> <BEA-000000> <Failed to load class com.example.MyClass>

While these logs are rich in context, they’re often hard to search or extract metrics from.

Why Native WebLogic Logging Falls Short

WebLogic’s logging system was built for manual inspection, not for scalable observability.

You’ll start to quickly reach limitations when you try to:

  • Search logs across servers: Without a centralized log store, you’re stuck grepping files one machine at a time.
  • Stream logs in real time: WebLogic doesn’t support log streaming natively. Everything is local and delayed.
  • Extract structured fields: The logs aren’t in JSON or any structured format. Tools like Fluent Bit or Logstash can’t parse them cleanly without custom logic.
  • Trigger alerts based on patterns or volume: WebLogic offers diagnostics via WLDF, but it lacks real-time alerting capabilities based on log content or trends.

These limitations make it difficult to monitor applications effectively, especially at scale.

This is where OpenObserve helps! With Fluent Bit handling collection and OpenObserve providing built-in support for parsing via VRL, you can turn unstructured WebLogic logs into structured, searchable, and actionable data with minimal configuration.

Architecture Overview

Sending Logs from WebLogic to OpenObserve Flow

  • WebLogic writes logs to a local file (e.g., AdminServer.log)
  • Fluent Bit tails that file and sends it to OpenObserve over HTTP
  • OpenObserve uses a VRL mapping rule to parse raw log lines into structured fields

What You’ll Need

  1. An OpenObserve account (self-hosted or cloud)
  2. A running Oracle WebLogic Server (AdminServer or ManagedServer)
  3. Access to its log files (AdminServer.log, access.log, etc.)
  4. Fluent Bit installed on the WebLogic host (installation guide)

Step 1: Collect Credentials from OpenObserve

Login to your OpenObserve dashboard and collect the following:

  1. Organization: Your organization name.Found in the top-right of your OpenObserve UI Fetching organization name from OpenObserve UI

  2. Username/Password: Get your Username, Password and Hostname from the Data Sources page: Fetching Authorization token from OpenObserve UI Note: You can copy the entire “output” section. It will be used in Fluent Bit Configuration file.

Step 2: Configure Fluent Bit to Tail WebLogic Logs

  1. Create or modify your Fluent Bit configuration file (e.g., /etc/fluent-bit/fluent-bit.conf) with the following:

    [SERVICE]
       Flush        5
       Log_Level    info
    
    [INPUT]
       Name         tail
       Path         /opt/weblogic/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log
       Tag          weblogic
       DB           /var/log/flb_adminserver.db
    
    [OUTPUT]
       Name http
       Match *
       URI /api/<org_name>/<stream_name>/_json
       Host <host>
       Port 5080
       tls Off
        Format json
        Json_date_key    _timestamp
        Json_date_format iso8601
        HTTP_User <openobserve_username>
        HTTP_Passwd <openobserve_password>
        compress gzip
    

    Replace:

    • <org_name>: your OpenObserve organization name
    • <stream_name>: desired stream name (e.g. weblogic-logs)
    • <openobserve_username>/<openobserve_password>: your OpenObserve credentials
    • <host>: Openobserve host name
  2. Start Fluent Bit and Forward Logs using:

fluent-bit -c fluent-bit.conf

Trigger log events in WebLogic to test. Fluent Bit should pick them up from the log files and send them to OpenObserve.

Step 3: Verify Logs in OpenObserve

  1. Go to your OpenObserve dashboard and navigate to your stream (e.g. weblogic-logs) Viewing WebLogic logs in OpenObserve UI

  2. You should see entries like: WebLogic logs entries in OpenObserve

{
  "_timestamp": "XXXXXXX",
  "log": "####<2025-08-04T09:00:00.123+0530> <Error> <Thread-12>    <weblogic.servlet.internal.WebAppServletContext> <BEA-000000> <Failed to load class com.example.MyClass>"
}

Step 4: Parse Logs with VRL Mapping in OpenObserve

Once logs start appearing in OpenObserve, they’ll arrive as raw strings. To make them searchable and usable for alerts or dashboards, we need to extract key fields like timestamp, level, component, and message.

OpenObserve supports VRL (Vector Remap Language) to parse and transform log lines as they are ingested.

Add a VRL Mapping

  1. Go to Streams → weblogic-logs → Click on “VRL Function Editor”
  2. Use the following VRL script:
.match = parse_regex!(
 .log,
 r'^####<(?P<timestamp>[^>]+)>\s+<(?P<level>[^>]+)>\s+<(?P<component>[^>]+)>s+(?P<message>.*)$'
)

.level = .match.level
.component = .match.component
.timestamp = .match.timestamp
.message = .match.message
del(.match)

Example Input

####<2025-08-04T09:00:00.123+0530> <Error> <Thread-12> <Failed to load class com.example.MyClass>

Parsed Result

{
  "timestamp": "2025-08-04T09:00:00.123+0530",
  "level": "Error",
  "component": "Thread-12",
  "message": "Failed to load class com.example.MyClass"
}

Similarly, you can extract other useful information.

Using VRL to structure WebLogic logs in OpenObserve

You can now:

  • Search for logs by level, component, or keywords in message
  • Filter or group logs in dashboards
  • Set up alerts based on error level or component patterns

Troubleshooting Common Issues

  • Logs Not Appearing in OpenObserve

    • Confirm Fluent Bit is running and not reporting output errors in its logs.
    • Ensure the OPENOBSERVE_STREAM and OPENOBSERVE_ORG values exactly match what's configured in OpenObserve. They are case-sensitive.
    • The output URI in Fluent Bit should follow this pattern: /api/<org>/<stream>/_json
  • Logs Arrive but Fields Missing

    • VRL Regex Doesn’t Match: If logs appear but fields like level or timestamp are missing, the regex in your VRL script may not match the log structure.
  • Other Issues:

    • Use cURL to Isolate Issues: Before debugging Fluent Bit further, use a manual curl request to confirm OpenObserve ingestion works:
    curl -X POST \
       -H "Authorization: Basic <AUTH_KEY>" \
       -H "Content-Type: application/json" \
       -d '[{"log": "test log"}]' \
       https://<OPENOBSERVE_HOST>/api/<ORG>/<STREAM>/_json
    

Conclusion

By streaming WebLogic logs into OpenObserve, you're no longer limited by legacy log viewers or local file-based troubleshooting. This setup supports:

  • Fast, scalable search across large volumes of WebLogic logs
  • Structured logging with VRL pipelines for easy filtering and correlation
  • Longer retention without the high storage costs of traditional logging systems
  • Unified observability by bringing logs, metrics, and traces into a single platform

Next Steps

  • Search and Filter Logs: Use OpenObserve's powerful search syntax to filter by level, component, and more.
  • Customize Your VRL Pipeline: Add more fields like thread ID, class name, or error codes using OpenObserve's Vector Remap Language.
  • Build Dashboards: Create real-time visualizations for error rates, throughput, or slow components.
  • Configure Alerts: Trigger alerts based on log patterns, thresholds, etc.

As you can see, OpenObserve makes it simple to parse, search, and act on your log data.

Get started today and experience the power of OSS log observability that doesn’t break the bank.

About the Authors

Simran Kumari

Simran Kumari

LinkedIn

Passionate about observability, AI systems, and cloud-native tools. All in on DevOps and improving the developer experience.

Chaitanya Sistla

Chaitanya Sistla

LinkedIn

Chaitanya Sistla is a Principal Solutions Architect with 16X certifications across Cloud, Data, DevOps, and Cybersecurity. Leveraging extensive startup experience and a focus on MLOps, Chaitanya excels at designing scalable, innovative solutions that drive operational excellence and business transformation.

Latest From Our Blogs

View all posts