- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- oracle data input causing errors log in splunkd?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Am trying to receive oracle logs to splunk server using dbipoll script.
However,splunkd.log has the following errors since the script is scheduled to run every 60 secs,although there are still some events coming in from oracle server:
06-24-2010 14:15:56.011 INFO TcpInputProc - Connection in raw mode from IP=1.2.3.4
06-24-2010 14:15:58.980 INFO TcpInputProc - Hostname=1.2.3.4 closed connection
06-24-2010 14:16:01.057 ERROR stats - The argument '>' is invalid.
06-24-2010 14:16:25.517 ERROR stats - The argument '>' is invalid.
06-24-2010 14:16:55.836 INFO TcpInputProc - Connection in raw mode from IP=1.2.3.4
06-24-2010 14:16:58.944 INFO TcpInputProc - Hostname=1.2.3.4 closed connection
I suspect the error lies in the script but not sure about it,as can't seem to find anything wrong with it yet. Or could it be some other issues?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks.
The line:
06-24-2010 14:16:01.057 ERROR stats - The argument '>' is invalid.
is referring to one of my scheduled search...
That aside,Im still receiving oracle logs at tcp port using the script,on and off. However I noticed during certain period of time in a day there are 0 events recorded in Splunk. This period usually from 12pm noon till 12 midnight..
I've checked the actual oracle logs and there are events during this time.Oracle doesn't seem to have any errors as well. Any idea?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks.
The line:
06-24-2010 14:16:01.057 ERROR stats - The argument '>' is invalid.
is referring to one of my scheduled search...
That aside,Im still receiving oracle logs at tcp port using the script,on and off. However I noticed during certain period of time in a day there are 0 events recorded in Splunk. This period usually from 12pm noon till 12 midnight..
I've checked the actual oracle logs and there are events during this time.Oracle doesn't seem to have any errors as well. Any idea?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adding DATETIME_CONFIG = current in props.conf solves it..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm, I don't see anything Oracle-specific in your sample events.
If the ERROR stats message is repeating, then look for a busted saved search. (I think savedsearches.log would have more info for you, if your running 4.1)
The TcpInputProc messages are faily normally to, if you have a forwarder sending messages (or are receiving plain TCP on a TCP input) to your splunk indexer.
BTW, If you are trying to load data from oracle log files, then let me know. I have a number of oracle sourcetypes defined so I may be able to provide some sample configs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not sure how splunk handles Oracle DB logs and I'm not sure if splunk natively understands Oracle DB logs. You may need to do some type of work on props.conf and transforms.conf in order to allow splunk to recognize the log data and parse it accordingly.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
