Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- ActiveMQ JMS connection
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I'm able to make a connection and also pool/browse messages from the queue.
My configuration is very similar to what described here :
http://blogs.splunk.com/2013/04/11/splunking-websphere-mq-queues-and-topics/
from inputs.conf
[jms://queue/:dynamicQueues/TestQ2]
browse_mode = all
browse_queue_only = 1
durable = 0
index_message_header = 1
index_message_properties = 1
init_mode = jndi
jms_connection_factory_name = ConnectionFactory
jndi_initialcontext_factory = org.apache.activemq.jndi.ActiveMQInitialContextFactory
jndi_provider_url = tcp://192.168.1.10:61616
sourcetype = syslog
strip_newlines = 1
browse_frequency = -1
destination_user =
index = main
But I have some strange phenomena :
Let say I have 9 messages in Queue called TestQ2.
When I run source="jms://queue/:dynamicQueues/TestQ2"
I've got 9,890 events .
When I filtered it with
source="jms://queue/:dynamicQueues/TestQ2"|dedup event_id
I got 9 events.
Please assist.
Regards,
Dmitry
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Because you have browse mode enabled. Browsing does not dequeue messages. And you have the frequency at -1 , so essentially it is in a constant browsing state of the same 9 messages.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello ! This post is great !
I need know something, how can i create the?
jms_connection_factory_name & jndi_initialcontext_factory
Any documentation fot this objects?
Regards in advance !
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ActiveMQ have good documentation : http://activemq.apache.org/jndi-support.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Because you have browse mode enabled. Browsing does not dequeue messages. And you have the frequency at -1 , so essentially it is in a constant browsing state of the same 9 messages.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you can't consume the message , and you have to use a queue (vs a topic) , then I suggest you use mirrored queues : http://activemq.apache.org/mirrored-queues.html
Then you can turn off browse mode and consume directly from that mirror queue and you'll only get 1 copy of each message indexed in Splunk.
Dequeue = take off the queue
Enqueue = put on the queue
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Damien,
and thank you for an answer.
I understand the point ,but what if I can't consume message ,I need only browse existing messages.
If I understand right this is what you mean when you use dequeue ?
When I change frequency to higher value,I see the same issue,but much slowly.
There are plenty of tools for browse (HermesJMS for example)
but I would like to offer to our client to use Splunk for JMS too.
Regards,
Dmitry
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
