<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: How to get data from the AIX errpt into Splunk? in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/How-to-get-data-from-the-AIX-errpt-into-Splunk/m-p/126913#M26128</link>
    <description>&lt;P&gt;Why wouldn't you just use syslog.config entry "*.err        @splunkhost:port" or does this give different results?&lt;/P&gt;</description>
    <pubDate>Fri, 08 May 2020 00:47:37 GMT</pubDate>
    <dc:creator>barberoon</dc:creator>
    <dc:date>2020-05-08T00:47:37Z</dc:date>
    <item>
      <title>How to get data from the AIX errpt into Splunk?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/How-to-get-data-from-the-AIX-errpt-into-Splunk/m-p/126910#M26125</link>
      <description>&lt;P&gt;How to get data from the AIX errpt into Splunk?&lt;/P&gt;</description>
      <pubDate>Thu, 10 Apr 2014 10:40:11 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/How-to-get-data-from-the-AIX-errpt-into-Splunk/m-p/126910#M26125</guid>
      <dc:creator>sbennacer_splun</dc:creator>
      <dc:date>2014-04-10T10:40:11Z</dc:date>
    </item>
    <item>
      <title>Re: How to get data from the AIX errpt into Splunk?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/How-to-get-data-from-the-AIX-errpt-into-Splunk/m-p/126911#M26126</link>
      <description>&lt;P&gt;The errpt is command to generate  a report of logged errors,  you can send the result to splunk in different way , you can use a forwarder to forward the generated report of logged errors to Splunk&lt;BR /&gt;
Or you can create and ODM entry to run the logger command whenever an error is logged&lt;BR /&gt;
 1. Create an ODM entry to run the "logger" command whenever an error is logged.&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;    # vi /tmp/syslog.add
    errnotify:
            en_name="syslog1"
            en_persistenceflg = 1
          en_method = "logger -pnotice Msg from Error Log: $(errpt -a -l $1 | grep -v 'ERROR_ID TIMESTAMP’)"
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;OL&gt;
&lt;LI&gt;&lt;P&gt;Add the entry to ODM&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;# odmadd /tmp/syslog.add
&lt;/CODE&gt;&lt;/PRE&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;P&gt;Add a syslog entry to forward "notice" priority messages to splunk  host “splunkhost "&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;# vi /etc/syslog.conf
*.notice        @splunkhost:port
&lt;/CODE&gt;&lt;/PRE&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;P&gt;Refresh the syslog demon to pick up the new entry&lt;/P&gt;

&lt;P&gt;refresh -s syslogd&lt;/P&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;P&gt;In Splunk you will need to create new data input for syslog  following the doc &lt;A href="http://docs.splunk.com/Documentation/Storm/Storm/User/Howtosetupsyslog"&gt;http://docs.splunk.com/Documentation/Storm/Storm/User/Howtosetupsyslog&lt;/A&gt;&lt;/P&gt;&lt;/LI&gt;
&lt;/OL&gt;

&lt;P&gt;note : IBM link about errpt command &lt;BR /&gt;
&lt;A href="http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds2/errpt.htm"&gt;http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds2/errpt.htm&lt;/A&gt; &lt;/P&gt;</description>
      <pubDate>Thu, 10 Apr 2014 10:58:21 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/How-to-get-data-from-the-AIX-errpt-into-Splunk/m-p/126911#M26126</guid>
      <dc:creator>sbennacer_splun</dc:creator>
      <dc:date>2014-04-10T10:58:21Z</dc:date>
    </item>
    <item>
      <title>Re: How to get data from the AIX errpt into Splunk?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/How-to-get-data-from-the-AIX-errpt-into-Splunk/m-p/126912#M26127</link>
      <description>&lt;P&gt;But there have a problem, the log not format, all in a line:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;Msg from Error Log: --------------------------------------------------------------------------- LABEL: OPMSG IDENTIFIER: AA8AB241 Date/Time: Fri Sep 2 15:33:12 CST 2016 Sequence Number: 77 Machine Id: 00FA6AD04C00 Node Id: PDC_F1M3_C04_P02_zabbixtest Class: O Type: TEMP WPAR: Global Resource Name: OPERATOR Description OPERATOR NOTIFICATION User Causes ERRLOGGER COMMAND Recommended Actions REVIEW DETAILED DATA Detail Data MESSAGE FROM ERRLOGGER COMMAND this is a Error log test. 
&lt;/CODE&gt;&lt;/PRE&gt;</description>
      <pubDate>Mon, 05 Sep 2016 06:28:24 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/How-to-get-data-from-the-AIX-errpt-into-Splunk/m-p/126912#M26127</guid>
      <dc:creator>liupeng0518</dc:creator>
      <dc:date>2016-09-05T06:28:24Z</dc:date>
    </item>
    <item>
      <title>Re: How to get data from the AIX errpt into Splunk?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/How-to-get-data-from-the-AIX-errpt-into-Splunk/m-p/126913#M26128</link>
      <description>&lt;P&gt;Why wouldn't you just use syslog.config entry "*.err        @splunkhost:port" or does this give different results?&lt;/P&gt;</description>
      <pubDate>Fri, 08 May 2020 00:47:37 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/How-to-get-data-from-the-AIX-errpt-into-Splunk/m-p/126913#M26128</guid>
      <dc:creator>barberoon</dc:creator>
      <dc:date>2020-05-08T00:47:37Z</dc:date>
    </item>
  </channel>
</rss>

