Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Re: timestamp in output
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
At first thanks for this great App!!
We use SPLUNK4JMX in a big environment with a lot of JMX output. Cause of a lot of data sometimes there is a issue to index all the data realtime. So it could be, that some logoutputs will be indexed by splunk a little bit later and become a wrong timestamp. This is reflected in holes in our graphs.
I found this in your readme about timestamps:
'By default, no timestamp is added , instead relying on the SPLUNK index time as the event time.'
Because we can not rely of our SPLUNK index we need a way to become timestamps into our output. Is there an easy way to do this?
Thanks and Best Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi fritzsplunk,
Thanks for the great feedback..always great to hear how the app is being used !
Splunk4JMX has a framework that allows you to plugin your own custom output formatter implementation,
So in your case,you could have a custom formatter that prepends your own date on the logged event.
I also have some new code that allows you to pass parameters to existing formatters.So you could pass a "dateformat" to the Default Formatter which will implicitly prepend a date to the event.
Simple example :
<jmxpoller>
<formatter className="com.dtdsoftware.splunk.formatter.DefaultFormatter">
<param name="dateformat" value="yyyy-MM-dd HH:mm:ss:SSSZ" />
</formatter>
<jmxserver host="localhost" jvmDescription="cassandra" jmxport="7199">
<mbean domain="java.lang" properties="type=OperatingSystem">
<attribute name="FreePhysicalMemorySize" outputname="freePhysMem"/>
</mbean>
</jmxserver>
</jmxpoller>
I will get this code released on Splunkbase , hopefully by tomorrow, and this should sort you out 🙂
Feel free to contact me directly (damien@dtdsoftware.com) and I will give you an email when it's ready.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi fritzsplunk,
Thanks for the great feedback..always great to hear how the app is being used !
Splunk4JMX has a framework that allows you to plugin your own custom output formatter implementation,
So in your case,you could have a custom formatter that prepends your own date on the logged event.
I also have some new code that allows you to pass parameters to existing formatters.So you could pass a "dateformat" to the Default Formatter which will implicitly prepend a date to the event.
Simple example :
<jmxpoller>
<formatter className="com.dtdsoftware.splunk.formatter.DefaultFormatter">
<param name="dateformat" value="yyyy-MM-dd HH:mm:ss:SSSZ" />
</formatter>
<jmxserver host="localhost" jvmDescription="cassandra" jmxport="7199">
<mbean domain="java.lang" properties="type=OperatingSystem">
<attribute name="FreePhysicalMemorySize" outputname="freePhysMem"/>
</mbean>
</jmxserver>
</jmxpoller>
I will get this code released on Splunkbase , hopefully by tomorrow, and this should sort you out 🙂
Feel free to contact me directly (damien@dtdsoftware.com) and I will give you an email when it's ready.
Community Content Calendar, September edition
Splunkbase Unveils New App Listing Management Public Preview
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
