All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk for TIBCO RVD

OL
Communicator
‎09-14-2011 09:06 AM

Hello,

One of my customers is look at capturing TIBCO RVD messages using Splunk. Would anyone have an idea who I could listen to TIBCO? I know that it is a multicast using UDP, but when I configure a UDP input in Splunk, I don't get any message at all. The monitor has been done on a server which is receiving messsage, having the TIBCO RVD receiver down (otherwise port issue).

Regards,
Olivier

Tags (1)
Reply

Claw
Splunk Employee
Splunk Employee
‎08-02-2012 06:02 PM

This is a summary of Tibco data aquisition schemes I put together for a customer. The sources are from many different Splunk Technical Masters.

If you want to read data from a tibco multicast port then there is an example application here.

http://splunk-base.splunk.com/apps/50964/indexing-events-from-multicast-address

===================================================================

If you want to read the logs from the TIBCO BW engine look here.

http://splunk-base.splunk.com/apps/22276/splunk-for-tibco-businessworks-engine

===================================================================

With TIBCO EMS, create a EMS/JMS client listener (or set of listeners) and dequeue the message into Splunk using a scripted input. You may want to use a forwarder if you need to distribute the data evenly to multiple indexers.

I have a reference implementation that uses Weblogic, but it should be the same concepts. You'll have to modify the listener code to use EMS classes.

http://splunk-base.splunk.com/apps/22388/jms-receiver-for-indexing

For JMX, see if they can get a JMX client from your customer or a Tibco expert that collects statistics and you can modify it to print to standard out and make it into a scripted input. I don't know how much JMX is a standard, but you can show them this app's input to get an idea for what is needed.

http://splunk-base.splunk.com/apps/25505/splunk-for-jmx

===================================================================

If your question is Tibco Common Base Event logs?

The CBE format is specified here:
http://www.eclipse.org/tptp/platform/documents/resources/cbe101spec/CommonBaseEvent_SituationData_V1..., which is a 75 page document with 10 authors, but appears to describe a reasonably simple XML schema. I know we can trivially build a sourcetype around this; the customer's question is whether we already have one.

Here are notes I sent a customer last week from the knowledge I created to sufficiently deliver a sample dashboard that allowed searching of a transaction ID to return all associated workflow events.

"""
props.conf:
REPORT-tibcoFields = xml_extractions

transforms.conf :
[xml_extractions]
REGEX=<ns1:(\S+)[^>]+>([^<]+)<\/ns1
FORMAT=$1::$2
MV_ADD=true

Also, if wanting to do something similar, automagically, using search language, this should do it:
sourcetype=tibco earliest=@d | xmlkv
"""

===================================================================

We did extensive analysis of Tibco logs at Cricket, and we did most everything with xmlkvrecursive from xmlutils. Spath would probably do all of this natively now in 4.3. XML utils is at: http://splunk-base.splunk.com/apps/22338/xmlutils.

The logs had a namespace format similar to what's in your props.conf file. We did not find anything difficult to do.

0 Karma
Reply

dmaislin_splunk
Splunk Employee
Splunk Employee
‎04-24-2012 08:29 PM

http://sideviewapps.com/apps/splunk-for-tibco-businessworks-engine/

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...