Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Re: ActiveMQ JMS connection
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I'm able to make a connection and also pool/browse messages from the queue.
My configuration is very similar to what described here :
http://blogs.splunk.com/2013/04/11/splunking-websphere-mq-queues-and-topics/
from inputs.conf
[jms://queue/:dynamicQueues/TestQ2]
browse_mode = all
browse_queue_only = 1
durable = 0
index_message_header = 1
index_message_properties = 1
init_mode = jndi
jms_connection_factory_name = ConnectionFactory
jndi_initialcontext_factory = org.apache.activemq.jndi.ActiveMQInitialContextFactory
jndi_provider_url = tcp://192.168.1.10:61616
sourcetype = syslog
strip_newlines = 1
browse_frequency = -1
destination_user =
index = main
But I have some strange phenomena :
Let say I have 9 messages in Queue called TestQ2.
When I run source="jms://queue/:dynamicQueues/TestQ2"
I've got 9,890 events .
When I filtered it with
source="jms://queue/:dynamicQueues/TestQ2"|dedup event_id
I got 9 events.
Please assist.
Regards,
Dmitry
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Because you have browse mode enabled. Browsing does not dequeue messages. And you have the frequency at -1 , so essentially it is in a constant browsing state of the same 9 messages.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello ! This post is great !
I need know something, how can i create the?
jms_connection_factory_name & jndi_initialcontext_factory
Any documentation fot this objects?
Regards in advance !
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ActiveMQ have good documentation : http://activemq.apache.org/jndi-support.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Because you have browse mode enabled. Browsing does not dequeue messages. And you have the frequency at -1 , so essentially it is in a constant browsing state of the same 9 messages.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you can't consume the message , and you have to use a queue (vs a topic) , then I suggest you use mirrored queues : http://activemq.apache.org/mirrored-queues.html
Then you can turn off browse mode and consume directly from that mirror queue and you'll only get 1 copy of each message indexed in Splunk.
Dequeue = take off the queue
Enqueue = put on the queue
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Damien,
and thank you for an answer.
I understand the point ,but what if I can't consume message ,I need only browse existing messages.
If I understand right this is what you mean when you use dequeue ?
When I change frequency to higher value,I see the same issue,but much slowly.
There are plenty of tools for browse (HermesJMS for example)
but I would like to offer to our client to use Splunk for JMS too.
Regards,
Dmitry
Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco
Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data
Your summer travels continue with new course releases
