I have successfully installed the JMS Messaging Modular Input with the intention of monitoring Websphere MQ statistics. (e.g. Queue Depth, Oldest Message Age, etc...). I am able to successfully pull test messages off the queue and index them with Splunk.
However, when I pull messages off the statistics queue, the format is crazy, and looks like this:
Fri Aug 05 13:21:06 EDT 2016 name=QUEUE_msg_received event_id=ID:414d512051756575654d6772202020205d9a9f572010d5f4 msg_dest=SplunkStatsQueue msg_body=$� D�0QueueMgr � 2016-08-05 � 13.20.36 � 2016-08-05 � 13.21.06 ��K D�0SplunkQueue � 2016-08-01 �13.26.01�� ����� �� ��� �����K D�0SYSTEM.ADMIN.STATISTICS.QUEUE � 2016-08-01 �13.23.02�� ��"���� �|� �|�� �����K D�0SYSTEM.ADMIN.COMMAND.QUEUE � 2016-08-01 �13.23.01�� ����� �X� �X�� �����K D�0AMQ.MQEXPLORER.416946394 � 2016-08-05 �10.15.48��+ �\ ����� ��u�� ��u�� �����
Is there something I am missing that will translate this message format into readable statistics? Perhaps a setting on the MQ side?
My MQ days date back to when it was still called MQSeries, but if I remember correctly, the message format of the statistics queue contains binary fields. There is a PCF header at the beginning of the payload and the remaining message parts contain fields that are not MQFMT_STRING. In order to make them readable, you probably need to provide a Java message handler that translates the non-readable fields into strings.
You may find that the methods available here will help you pull out the fields of those statistics messages by name.
I hope that gets you pointed in a good direction.
Preferable to do something on the MQ side , but if you can't then something you can do with the JMS Mod Input is plug in your own custom message handler to pre process the raw received data before indexing in Splunk. In your case this custom message handler would decode your non-Ascii payload for you.
Requires only simple Java coding skills. Here is a simple example of a custom handler.
You implement the
handleMessage method and do something with the received
Message object , then output the event to Splunk.