Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- timestamp in output
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
At first thanks for this great App!!
We use SPLUNK4JMX in a big environment with a lot of JMX output. Cause of a lot of data sometimes there is a issue to index all the data realtime. So it could be, that some logoutputs will be indexed by splunk a little bit later and become a wrong timestamp. This is reflected in holes in our graphs.
I found this in your readme about timestamps:
'By default, no timestamp is added , instead relying on the SPLUNK index time as the event time.'
Because we can not rely of our SPLUNK index we need a way to become timestamps into our output. Is there an easy way to do this?
Thanks and Best Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi fritzsplunk,
Thanks for the great feedback..always great to hear how the app is being used !
Splunk4JMX has a framework that allows you to plugin your own custom output formatter implementation,
So in your case,you could have a custom formatter that prepends your own date on the logged event.
I also have some new code that allows you to pass parameters to existing formatters.So you could pass a "dateformat" to the Default Formatter which will implicitly prepend a date to the event.
Simple example :
<jmxpoller>
<formatter className="com.dtdsoftware.splunk.formatter.DefaultFormatter">
<param name="dateformat" value="yyyy-MM-dd HH:mm:ss:SSSZ" />
</formatter>
<jmxserver host="localhost" jvmDescription="cassandra" jmxport="7199">
<mbean domain="java.lang" properties="type=OperatingSystem">
<attribute name="FreePhysicalMemorySize" outputname="freePhysMem"/>
</mbean>
</jmxserver>
</jmxpoller>
I will get this code released on Splunkbase , hopefully by tomorrow, and this should sort you out 🙂
Feel free to contact me directly (damien@dtdsoftware.com) and I will give you an email when it's ready.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi fritzsplunk,
Thanks for the great feedback..always great to hear how the app is being used !
Splunk4JMX has a framework that allows you to plugin your own custom output formatter implementation,
So in your case,you could have a custom formatter that prepends your own date on the logged event.
I also have some new code that allows you to pass parameters to existing formatters.So you could pass a "dateformat" to the Default Formatter which will implicitly prepend a date to the event.
Simple example :
<jmxpoller>
<formatter className="com.dtdsoftware.splunk.formatter.DefaultFormatter">
<param name="dateformat" value="yyyy-MM-dd HH:mm:ss:SSSZ" />
</formatter>
<jmxserver host="localhost" jvmDescription="cassandra" jmxport="7199">
<mbean domain="java.lang" properties="type=OperatingSystem">
<attribute name="FreePhysicalMemorySize" outputname="freePhysMem"/>
</mbean>
</jmxserver>
</jmxpoller>
I will get this code released on Splunkbase , hopefully by tomorrow, and this should sort you out 🙂
Feel free to contact me directly (damien@dtdsoftware.com) and I will give you an email when it's ready.
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain
Splunk Lantern’s Guide to The Most Popular .conf25 Sessions
