Splunk is a bit of a beast if all you want is to aggregate your Tomcat log files. Depending on your deployment, the licensing on Splunk can quickly get into the tens of thousands of dollars. Ouch! Instead, use the Log4J appender for RabbitMQ that lets you dump all your Log4J events into a queue, where you can use any AMQP client you want to monitor, filter, and otherwise manipulate the log events. It's part of the larger umbrella of private, hybrid cloud utilities opensourced and posted on GitHub. http://github.com/jbrisbin/vcloud/tree/master/amqp-appender/ The blog post announcing it is on jbrisbin.com: Log4J Logging with RabbitMQ