I've had both services running on the save Ubuntu 10.04 server for about a week. OSSEC is cooking along gathering information. And SPLUNK is happily displaying this data for easy quick high level viewing.
I did switch SPLUNK to the "free" license.
For days & days I've had good data. @ around noon yesterday, it started to taper DOWN...
06-18-2010 05:59:55.073 INFO Metrics - group=per_source_thruput, series="udp:10002", kbps=2.371535, eps=3.741935, kb=73.517578
host=lcua141 Options| sourcetype=splunkd Options| source=/opt/splunk/var/log/splunk/metrics.log Options
I noticed today @ 6am data stopped. This was the last entry...
6/18/10
6:00:26.048 AM
06-18-2010 06:00:26.048 INFO Metrics - group=per_source_thruput, series="udp:10002", kbps=2.371220, eps=4.258065, kb=73.507812
host=lcua141 Options| sourcetype=splunkd Options| source=/opt/splunk/var/log/splunk/metrics.log Options
I'll start by looking at this splunk log...
Any suggestions/ideas appreciated!
Thank you!
JLH
