All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

Hello Splunkers, I am currently displaying the results of different reports in a time chart. What I would like to do is when a user clicks on a specific line on the graph it redirects them to anothe... See more...
Hello Splunkers, I am currently displaying the results of different reports in a time chart. What I would like to do is when a user clicks on a specific line on the graph it redirects them to another dashboard. For Example: If the User clicks the blue line (Report 1) it would redirect them to the dashboard one If the User clicks the Red line (Report 2) it would redirect them to the dashboard two ....           Below is the XML I have coded up: <dashboard theme="dark"><label>Reports </label> <row> <panel> <chart> <title>Total AA's</title> <search ref="Total Reports"></search> <option name="charting.drilldown">all</option> <drilldown> <set token="Report1">$click.name2$</set> <set token="Report2">$click.name2$</set> <set token="Report3">$click.name2$</set> <set token="Report4">$click.name2$</set> </drilldown> </chart> </panel> </row> </dashboard>   Is there a way to say If user clicks Report2 then go to dashboard2?  
Hello all, I just wanted a little advice on where to go for keeping my local/inputs.conf up-to-date? I have referred to this site - https://ct.grahamedgecombe.com/  to see which endpoints are act... See more...
Hello all, I just wanted a little advice on where to go for keeping my local/inputs.conf up-to-date? I have referred to this site - https://ct.grahamedgecombe.com/  to see which endpoints are active and also turned to https://transparencyreport.google.com/https/certificates where I can search for my certificates to determine which in which CT servers I should be able to find the logs.  The problem is, I cannot find some of my certificates. The problem is I still cannot find all my certificates. For one cert, google said it was in 4 different log servers (digicert_yeti2020, google_argon2020 (listed twice), digicert_yeti2020 ) - all of which I am pulling. I was only able to find one related log by cross-referencing the google 'index' which correlates to the 'LeafIndex' field. The event only had the fields LogEntryType ,Timestamp, and LeafIndex To be clear, I am getting lots of well-formed logs from many sources, including the ones mentioned. 
Horizon Chart Custom Visualization does not support drilldown. How to enable drilldown to get the split by field name and clicked value as tokens. PS: Documenting answer for Simple XML JS extension ... See more...
Horizon Chart Custom Visualization does not support drilldown. How to enable drilldown to get the split by field name and clicked value as tokens. PS: Documenting answer for Simple XML JS extension to enable drilldown. Custom Viz can be enhanced to send the drilldown tokens.
The following query is being used to model IOPs before and after moving a load from one disk array to another.  The "pre-load" snapshot is captured by the first mstats command, while the append is ga... See more...
The following query is being used to model IOPs before and after moving a load from one disk array to another.  The "pre-load" snapshot is captured by the first mstats command, while the append is gathering the number of IOPs over time for the load being moved onto the array.  I'll then simply add the IOPs from both queries to get what it would look like if that load existed on that array for the period of time I'm querying.  I'm getting accurate data for both mstats commands, but my calculated field isn't showing any values.  I've done a ton of searching and trial and error but can't find a way to do this without an append or to get it to work with an append/appendcols. Any help would be appreciated.  Array_Name and sgname are dimensions for grouping results.   | mstats sum(HostIOs) as HostIOs WHERE index=my_index AND Array_Name=myarray span=5m by sgname | append[mstats sum(HostIOs) as sgIOs WHERE index=my_index AND sgname=my_sg span=5m by sgname] | eval totalIOPs=sgIOs+HostIOs | timechart sum(HostIOs) as preload sum(totalIOPs) as postload span=5m   I suspect the append is getting added to the results AFTER everything else runs but I can't seem to make anything work.  Hopefully it's clear what I'm after.  
Hi Everyone, I have a search query as below: index=xyz sourcetype=uio source="user.log" process (Type ="*") (Name_Id ="*") (Request_URL ="*")| convert timeformat="%Y-%m-%d" ctime(_time) AS Date|s... See more...
Hi Everyone, I have a search query as below: index=xyz sourcetype=uio source="user.log" process (Type ="*") (Name_Id ="*") (Request_URL ="*")| convert timeformat="%Y-%m-%d" ctime(_time) AS Date|stats count by Date Name_Id Type Request_URL I am getting the data for Date Name_Id Type Request_URL  There are multiple Request_URL's .Some of the samples are https://xyz/api/flow/process-groups/0a4ffa54-c204-3e9e-a16d-83a4845f83a7 https://uio/api/flow/process-groups/1b6877ea-0174-1000-0000-00003d8351cd I want one more column (Any name) in my search query.Which will Replace Request_URL string like this.  This new column should be hyperlink. https://abc.com/api/?processGroupId=0a4ffa54-c204-3e9e-a16d-83a4845f83a7 https://abc.com/api/?processGroupId=1b6877ea-0174-1000-0000-00003d8351cd I want to display both Request_URL and this new column in my search data Its like whenever Request_URL https://xyz/api/flow/process-groups/0a4ffa54-c204-3e9e-a16d-83a4845f83a7 will come . The new column which will be hyperlink should be this https://abc.com/api/?processGroupId=0a4ffa54-c204-3e9e-a16d-83a4845f83a7. I want both to get displayed. Can someone guide me on that. Thanks in advance.
This is on a Windows Server. If we do an uninstall of the UF on the server and then reinstall a newer UF version on the server, when it gets its apps pushed back down to it from the deployment serve... See more...
This is on a Windows Server. If we do an uninstall of the UF on the server and then reinstall a newer UF version on the server, when it gets its apps pushed back down to it from the deployment server; will it reread all of the logs that it might have already processed before? Things like the Windows Eventlogs System/Security/Application logs? I am working with one of our teams that is building out a method of request for getting agents onto a new server and then pushing out the inputs it will collect.  One of the steps utilized from other agents (different tools) that this process would emulate is for when a new request to make a change to an existing server would be to uninstall an existing agent and then install the latest version we have in our build process. I am worried that if this is done then it would go back and reread all of the log events in any logs that the server would have setup for reading. I have currently had them not do this process for Splunk UF and am looking to have them just do a check on the currently installed Splunk version and only run an upgrade if needed (not uninstall/reinstall).  
When attempting to connect to get objects from the OCI bucket (get_objs_from_bucket), the following error is returned: Exception: AWS HTTP request return status code 403 (Forbidden): The required i... See more...
When attempting to connect to get objects from the OCI bucket (get_objs_from_bucket), the following error is returned: Exception: AWS HTTP request return status code 403 (Forbidden): The required information to complete authentication was not provided. I am not confident that I've entered the oraclecloud.com endpoint correctly. How do I confirm we are using the correct endpoint, and would an invalid endpoint lead to the 403 exception we're seeing?
Hi all, I’m getting strange results when splunking container logs collected by splunk connect for k8s… when searching for the pod logs with normal SPL:       index=kubernetes earliest=08/... See more...
Hi all, I’m getting strange results when splunking container logs collected by splunk connect for k8s… when searching for the pod logs with normal SPL:       index=kubernetes earliest=08/24/2020:17:00:00 latest=08/24/2020:17:45:00 pod=nextcloud-dev-84ff5f7dfb-jj2gz | stats count       result=0 when forcing running the stats on shd:       index=kubernetes earliest=08/24/2020:17:00:00 latest=08/24/2020:17:45:00 | noop | search pod=nextcloud-dev-84ff5f7dfb-jj2gz | stats count       result=131 - looks correct when running tstats:       | tstats count where index=kubernetes pod=nextcloud-dev-84ff5f7dfb-jj2gz earliest=08/24/2020:17:00:00 latest=08/24/2020:17:45:00       result=131 - looks correct…   What may be the issue for the "normal" search noch working for the user? Running Splunk Enterprise v8.0.5.   best regards,   Andreas
All, 2 Splunk admin questions: 1) We have default_save_ttl = 604800 (7 days), but in /opt/splunk/var/run/splunk/dispatch there are folders older than 7 days according to https://docs.splunk.co... See more...
All, 2 Splunk admin questions: 1) We have default_save_ttl = 604800 (7 days), but in /opt/splunk/var/run/splunk/dispatch there are folders older than 7 days according to https://docs.splunk.com/Documentation/Splunk/8.0.5/Search/ManagejobsfromtheOS the ttl, or length of time that job's artifacts (the output it produces) will remain on disk and available (ttl=)   Should we cleanup the old searches manually via cron, is that safe?  find  /opt/splunk/var/run/splunk/dispatch/  -maxdepth 1 -type d -mtime +8 -ls|wc -l 37   Here is outputs of limits.conf: /opt/splunk/bin/splunk cmd btool limits list --debug|grep ttl /opt/splunk/etc/system/default/limits.conf indexed_csv_ttl = 300 /opt/splunk/etc/system/default/limits.conf search_ttl = 2p /opt/splunk/etc/system/default/limits.conf concurrency_message_throttle_time = 10m /opt/splunk/etc/system/default/limits.conf max_lock_file_ttl = 86400 /opt/splunk/etc/system/default/limits.conf cache_ttl = 300 /opt/splunk/etc/system/default/limits.conf default_save_ttl = 604800 /opt/splunk/etc/system/default/limits.conf failed_job_ttl = 86400 /opt/splunk/etc/system/default/limits.conf remote_ttl = 600 /opt/splunk/etc/system/default/limits.conf replication_file_ttl = 600 /opt/splunk/etc/system/default/limits.conf srtemp_dir_ttl = 86400 /opt/splunk/etc/system/default/limits.conf ttl = 600 /opt/splunk/etc/system/default/limits.conf ttl = 300 /opt/splunk/etc/system/default/limits.conf cache_ttl_sec = 300 /opt/splunk/etc/system/default/limits.conf ttl = 86400   2) Also another question regarding from ps aux |grep 1598277129 root 29785 106 0.3 764344 282356 ? Sl 13:51 (UTC) 114:48 [splunkd pid=1771] search --id=1598277129.14351_B930C604-9D78-4B47-8E19-429E50F02A65 --maxbuckets=300 --ttl=600 --maxout=500000 --maxtime=0 --lookups=1 --reduce_freq=10 --rf=* --user=redacted --pro --roles=redacted the approve Splunk search process started/completed and have a ttl of 600 (10 minutes), and from search.log can see CANCEL and status=3, why is the search still running if CANCEL was issued? We do see quite a few of those cases and the CPU load is usually high in 8.0.2. Did not have that condition in Splunk 7.2.x. Any inputs?   08-24-2020 15:47:12.345 INFO ReducePhaseExecutor - ReducePhaseExecutor=1 action=CANCEL 08-24-2020 15:47:12.345 INFO DispatchExecutor - User applied action=CANCEL while status=3 ... 08-24-2020 15:47:14.344 INFO ReducePhaseExecutor - ReducePhaseExecutor=1 action=CANCEL 08-24-2020 15:47:14.345 INFO DispatchExecutor - User applied action=CANCEL while status=3 Thanks.
Please help to find out the way to apply color based on field.   my query:   index=<> sourcetype=<> |timechart count(httpResponsecode) as httpcount by httpResponsecode       Req... See more...
Please help to find out the way to apply color based on field.   my query:   index=<> sourcetype=<> |timechart count(httpResponsecode) as httpcount by httpResponsecode       Required solution: Color is not based on count, color is based on field value if httpResponsecode = 200-299 the count of the httpResponsecode shows in GREEN httpResponsecode = 300-399 the count of the httpResponsecode shows in GREEN httpResponsecode = 400-499 the count of the httpResponsecode shows in YELLOW httpResponsecode = 500-599 the count of the httpResponsecode shows in RED   Note: I'm not looking for trendline and sparkline as well. I just need total count of each httpResponsecode but the count value shown in different color based on the httpResponsecode value.
I have run into this barrier a lot while processing Azure logs: I want to do something intuitive like |stats count by appliedConditionalAccessPolicies{}.displayName, appliedConditionalAccessPolici... See more...
I have run into this barrier a lot while processing Azure logs: I want to do something intuitive like |stats count by appliedConditionalAccessPolicies{}.displayName, appliedConditionalAccessPolicies{}.result but since there are multiple instances of each displayName-d policy per event and all of the sub-values that have the same name are MV-fielded together, my results are much less meaningful than I had intended. I'm sure the answer to this involves |spath, but I'm struggling to wrap the examples I see here and here around my data.     Ideal result makes this:  |stats count by appliedConditionalAccessPolicies{}.displayName AS policy_name, appliedConditionalAccessPolicies{}.result AS result produce something like this: policy_name     application_policy  failure 12398 application_policy  success 9889898 phone_policy success 1238988          
Hi, We run a distributed architecture in which we have organisations connecting in to our license master, and one organisation has been having trouble connecting. We checked the usual network troubl... See more...
Hi, We run a distributed architecture in which we have organisations connecting in to our license master, and one organisation has been having trouble connecting. We checked the usual network troubleshooting and it seems fine, and I eventually found a line in the splunkd log suggesting an SSL error: "WARN HttpListener - Socket error from X.X.X.X:Y while idling: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol"   So I didn't think license management traffic actually had an SSL option in the first place, and can't see any reference to it in Splunk's SSL documentation. Has anyone seen any similar errors or have any idea how it might be resolved?   Thanks, Mike
We just found out that on one site, the four indexers have cores at 2.7GHz speed while on the other site, we have core speeds of 2.20GHz and 2.40GHz. In the MC's graphs the indexer with the cores of... See more...
We just found out that on one site, the four indexers have cores at 2.7GHz speed while on the other site, we have core speeds of 2.20GHz and 2.40GHz. In the MC's graphs the indexer with the cores of 2.20GHz, seems to be lagging behind in performance. Can the splunk indexer cluster adjust to different speeds? Meaning, does the cluster master keep track of such variations and adjust? If not, what can we do to improve the load on the indexers?    
Is there a way I can substitute a string after a regular expression match? For example, i want to replace the IP address which appears after 'Chrome/' 70.31.171.12 - admin [24/Aug/2020:14:31:44.596 ... See more...
Is there a way I can substitute a string after a regular expression match? For example, i want to replace the IP address which appears after 'Chrome/' 70.31.171.12 - admin [24/Aug/2020:14:31:44.596 +0000] "GET /en-US/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+index%3D_internal+sourcetype%3Dsplunkd_ui_access+&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1598275250371 HTTP/1.1" 200 5620 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36" - e02845bc5c07fae3e33855fca82cc968 12ms I am able to use 'sed' to replace one more match of IP address but do not know how to replace a specific one. I want the event to look like this after the running sed, 70.31.171.12 - admin [24/Aug/2020:14:31:44.596 +0000] "GET /en-US/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=search&search=search+index%3D_internal+sourcetype%3Dsplunkd_ui_access+&useTypeahead=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1598275250371 HTTP/1.1" 200 5620 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/xxx.xxx.xxx.xxx Safari/537.36" - e02845bc5c07fae3e33855fca82cc968 12ms
i need to create a powershell script that will fetch a custom set of data from azure/o365 to splunk. i wanted to create the powershell script in splunk but fetch the credentials via Azure vault.  i... See more...
i need to create a powershell script that will fetch a custom set of data from azure/o365 to splunk. i wanted to create the powershell script in splunk but fetch the credentials via Azure vault.  is there a way to run the splunk powershell as a specific windows user so it can authenticate to Azure vault?    is there a better way to do this? 
I am trying to get each value to be divided by certain number (x). So if x=7, the first value would be 138. index=net_auth_long | eval time_hour=strftime(_time,"%H") | chart count over channel by ... See more...
I am trying to get each value to be divided by certain number (x). So if x=7, the first value would be 138. index=net_auth_long | eval time_hour=strftime(_time,"%H") | chart count over channel by time_hour limit=30    
Hello, We are having an issue, we have uninstalled a previous Splunk instance on our linux server and now we are trying to re-install Splunk (version 7.3.3). After starting Splunk for the first time... See more...
Hello, We are having an issue, we have uninstalled a previous Splunk instance on our linux server and now we are trying to re-install Splunk (version 7.3.3). After starting Splunk for the first time with "splunk start" there doesn't seem to be any error at first, we manage to go to the login web page but when we login we receive a 500 server error. And when we check the status of Splunk with "splunk status" we get the following message:     Error encountered, failed to start pid_check.sh to validate splunkd.pid. errno=11 Failed to determine if splunkd 5292 was running. Can't run "btool web list settings --no-log": Resource temporarily unavailable     Do you know how to solve the problem ? Or how to investigate further ? Here are some logs from splunkd.log:     08-24-2020 14:57:23.353 +0200 WARN ProcessTracker - executable=splunk-optimize failed to start reason='': Resource temporarily unavailable 08-24-2020 15:00:00.003 +0200 INFO ExecProcessor - setting reschedule_ms=3599997, for command=python /data/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py 08-24-2020 15:08:17.884 +0200 WARN Thread - webui: about to throw a ThreadException: pthread_create: Resource temporarily unavailable; 62 threads active ((same logs on repeat...)) 08-24-2020 15:10:18.355 +0200 INFO ProcessTracker - Start process: type=SplunkOptimize idx=_internal procId=199 latency_sec=118.000 08-24-2020 15:10:18.357 +0200 INFO ProcessTracker - Start process: type=SplunkOptimize idx=_audit procId=200 latency_sec=116.000 08-24-2020 15:10:18.357 +0200 WARN ProcessTracker - executable=splunk-optimize failed to start reason='': Resource temporarily unavailable 08-24-2020 15:10:19.355 +0200 INFO ProcessTracker - Start process: type=SplunkOptimize idx=_introspection procId=201 latency_sec=116.999 08-24-2020 15:17:00.654 +0200 ERROR SearchProcessRunner - preforked search=0/3 on process=0/3 caught exception. completed_searches=0, process_started_ago=0.029, search_started_ago=0.028, search_ended_ago=0.000, total_usage_time=0.028 08-24-2020 15:17:00.654 +0200 ERROR SearchProcessRunner - preforked process=0/3 died on exception: Main Thread: about to throw a ThreadException: pthread_create: Resource temporarily unavailable; 4 threads active 08-24-2020 15:23:44.592 +0200 ERROR SearchProcessRunner - Error reading from preforked process=0/5: Connection reset by peer 08-24-2020 15:23:44.607 +0200 ERROR SearchProcessRunner - preforked search=0/4 on process=0/4 caught exception. completed_searches=0, process_started_ago=0.029, search_started_ago=0.027, search_ended_ago=0.000, total_usage_time=0.027 08-24-2020 15:23:44.607 +0200 ERROR SearchProcessRunner - preforked process=0/4 died on exception: Main Thread: about to throw a ThreadException: pthread_create: Resource temporarily unavailable; 4 threads active     It seems like there is problem with the threads maybe ? We have never encountered that before. Thank you vey much !
Hello ,   We need to integrate Splunk with BOTS , please guide us . Thanks Lalit
Hi, I am trying to find the best way to query events based on windows event log 7036 , around status of a service.  I want to search for events that contain the words 'stopped' and 'running' and th... See more...
Hi, I am trying to find the best way to query events based on windows event log 7036 , around status of a service.  I want to search for events that contain the words 'stopped' and 'running' and then run a comparison that will trigger an alert if there is an event with "stopped" message but NO message containing running.  I am trying to create a alert that triggers if a service falls over, but also account for scheduled and approved restarts of the server/service.  so the search runs for the last 15 mins and if there is an event mentioning stopped, but not one mentioning running for the same service, i want the alert to trigger. is this possible. 
Hey Splunkers! Could someone please help me to remove useless header HTML events before it gets indexed into splunk. There are 300 events we need to remove and indexed actual events. I have alrea... See more...
Hey Splunkers! Could someone please help me to remove useless header HTML events before it gets indexed into splunk. There are 300 events we need to remove and indexed actual events. I have already setup FIELD_HEADER_REGEX and HEADER_FIELD_LINE_NUMBER in props.conf. Below is the event I wanted to remove. <html> <style> h1 { font-family: xxxx, Arial, Helvetica, sans-serif; font-size: xxpx; font-weight: normal; color: navy;} h2 { font-family: xxxx, Arial, Helvetica, sans-serif; font-size: xxpx; font-weight: bold; color: navy;} tr { font-family: xxxx, Arial, Helvetica, sans-serif; font-size: xxpx; font-weight: normal; color: #000000;} td { font-family: xxxx, Arial, Helvetica, sans-serif; font-size: xxpx; font-weight: normal; color: #000000; border: 0 solid dimgray; border-top-width: 1pt; border-right-width: xpt;vertical-align:text-top;} hr { font-family: xxxx, Arial, Helvetica, sans-serif; font-size: xxpx; font-weight: normal; color: navy;} body { font-family: xxxx, Arial, Helvetica, sans-serif; font-size: 12px; font-weight: normal; color: #000000;} table { font-family: xxxx, Arial, Helvetica, sans-serif; font-size: 12px; font-weight: normal; color: #000000; border: 0 solid dimgray;} td.navy {color: navy;} tr.filter { font-family: xxxx, Arial, Helvetica, sans-serif; font-size: 12px; font-weight: normal; color: #000000;} td.filter { font-family: xxxx, Arial, Helvetica, sans-serif; font-size: 12px; font-weight: normal; color: #000000; border: 0 solid dimgray;} </style> <script type="text/javascript"> <!-- function JSTrim(p_strToBeTrimmed) { var vChar var vLength var i var vFirstNotSpace var vLastNotSpace vLength = p_strToBeTrimmed.length for (i = 0; i < vLength;i++) { vChar = p_strToBeTrimmed.charAt(i) if (vChar != " ") { vFirstNotSpace = i i = vLength } } for (i = vLength-1 ; i>=0;i--) { vChar = p_strToBeTrimmed.charAt(i) if (vChar != " ") { vLastNotSpace = i i = -1 } } return p_strToBeTrimmed.substring(vFirstNotSpace,vLastNotSpace+1); } function toggle(f_level, f_thread, f_method, f_message, f_login, f_IP){ mybody=document.getElementsByTagName("body").item(0); mytable= mybody.getElementsByTagName("table").item(3); mytablebody=mytable.getElementsByTagName("tbody").item(0); trArray = mytablebody.getElementsByTagName("tr"); numOfRows =mytablebody.getElementsByTagName("tr").length; var levels = "XXX"; if(f_level != "ERR"){ levels+="XXX"; if(f_level != "XXX"){ levels+="XXX"; if(f_level != "XXX"){ levels+="XXX"; } } } // go over all the row and show/hide them for (i=1;i<numOfRows;i++) { var tdarr = trArray.item(i).getElementsByTagName("td"); thread = tdarr.item(2).childNodes.item(0).data; login = tdarr.item(3).childNodes.item(0).data; IP = tdarr.item(4).childNodes.item(0).data; logLevel = tdarr.item(5).childNodes.item(0).data; method = tdarr.item(6).childNodes.item(0).data; message = tdarr.item(7).childNodes.item(0).data; logLevel = JSTrim(logLevel); if((levels.search(XXXX) !=-1) && (thread.search(XXXX) !=-1) && (login.search(XXXX) !=-1) && (IP.search(XXXX) !=-1) && (method.search(XXXX) !=-1) && (message.search(XXXX) !=-1)){ trArray.item(i).style.display="inline"; }else{ trArray.item(i).style.display="none"; } } } function clearFilter(){ document.filterForm.level.selectedIndex = 0; document.filterForm.thread.value=""; document.filterForm.Method.value=""; document.filterForm.Message.value=""; showAll(); } function showAll(){ mybody=document.getElementsByTagName("body").item(0); mytable= mybody.getElementsByTagName("table").item(1); mytablebody=mytable.getElementsByTagName("tbody").item(0); trArray = mytablebody.getElementsByTagName("tr"); numOfRows =mytablebody.getElementsByTagName("tr").length; for (i=1;i<numOfRows;i++) { trArray.item(i).style.display="inline"; } } function filter(){ var w = document.filterForm.level.selectedIndex; var XXXX = document.filterForm.level.options[w].text; var XXXX = document.filterForm.thread.value; var XXXX = document.filterForm.Method.value; var XXXX = document.filterForm.Message.value; var XXXX = document.filterForm.Login.value; varXXXX = document.filterForm.IP.value; toggle(logLevel,JSTrim(XXXX),JSTrim(XXXX),JSTrim(XXXX), JSTrim(XXXX), JSTrim(XXXX)); } --></script> <body bgcolor="XXXXXX"> <a href="xxxxxxxxxxxxxxx >Go to previous log</a> <h2>xxxxxxxxxxxx</h2><table> <tr><td class ="filter">xxxxxxxxx</td><td class ="filter">XXX</td></tr> <tr><td class ="filter">xxxxxxxxxx</td><td class ="filter">1XXXXXX</td></tr> <tr><td class ="filter">xxxxxxxxxx</td><td class ="filter">XXXXXXX</td></tr> <tr><td class ="filter">xxxxxxxxx</td><td class ="filter">XXXXXXX</td></tr> <tr><td class ="filter">xxxxxxxxxxxx</td><td class ="filter">XXXXX</td></tr> <tr><td class ="filter">xxxxxxx</td><td class ="filter">XXXXX</td></tr> <tr><td class ="filter">xxxxxxxxx</td><td class ="filter">XXXX</td></tr> <tr><td class ="filter">xxxxxxxxxx</td><td class ="filter">1XXXXXX</td></tr> </table> <h2>Java Properties</h2> <table cellSpacing="0" style="table-layout:fixed;word-break:break-all;border-width:1.5pt"> <tr><td width="30%"><b>OS</b></td><td>&nbsp;</td></tr> <tr><td>os.name</td><td>XXXXX</td></tr> <tr><td>os.version</td><td>XXX</td></tr> <tr><td>os.arch</td><td>XXX</td></tr> <tr><td>os.home</td><td>XXX</td></tr> <tr><td width="30%"><b>XX</b></td><td>&nbsp;</td></tr> <tr><td>xxxxxxxxxx</td><td>XXXXXXXX</td></tr> <tr><td>xxxxxxxxxx</td><td>XXXXX</td></tr> <tr><td width="30%"><b>XXX</b></td><td>&XXXX;</td></tr> <tr><td>user.name</td><td>XXXXXX</td></tr> <tr><td>user.home</td><td>XX\</td></tr> <tr><td>user.dir</td><td>XXXXXXXXXXXXXXXXXX</td></tr> <tr><td>user.language</td><td>en</td></tr> <tr><td width="30%"><b>Java</b></td><td>&nbsp;</td></tr> <tr><td>java.vm.vendor</td><td>XXXXXXXXXXXX</td></tr> <tr><td>java.version</td><td>XXXX</td></tr> <tr><td>java.vm.version</td><td>XXXXXXX</td></tr> <tr><td>java.home</td><td>XXXXXXXXXXXX\java\jre</td></tr> <tr><td>java.class.path</td><td>../wrapper/wrapper.jar;../server/lib/annotations;../server/lib/ext;../server/lib/jetty-ajp-7.5.4.v20111024.jar;../server/lib/jetty-all-7.5.4.v20111024-javadoc.jar;../server/lib/jetty-annotations-7.5.4.v20111024.jar;../server/lib/jetty-client-7.5.4.v20111024.jar;../server/lib/jetty-continuation-7.5.4.v20111024.jar;../server/lib/jetty-deploy-7.5.4.v20111024.jar;../server/lib/jetty-http-7.5.4.v20111024.jar;../server/lib/jetty-io-7.5.4.v20111024.jar;../server/lib/jetty-jmx-7.5.4.v20111024.jar;../server/lib/jetty-jndi-7.5.4.v20111024.jar;../server/lib/jetty-overlay-deployer-7.5.4.v20111024.jar;../server/lib/jetty-plus-7.5.4.v20111024.jar;../server/lib/jetty-policy-7.5.4.v20111024.jar;../server/lib/jetty-rewrite-7.5.4.v20111024.jar;../server/lib/jetty-security-7.5.4.v20111024.jar;../server/lib/jetty-server-7.5.4.v20111024.jar;../server/lib/jetty-servlet-7.5.4.v20111024.jar;../server/lib/jetty-servlets-7.5.4.v20111024.jar;../server/lib/jetty-util-7.5.4.v20111024.jar;../server/lib/jetty-webapp-7.5.4.v20111024.jar;../server/lib/jetty-websocket-7.5.4.v20111024.jar;../server/lib/jetty-xml-7.5.4.v20111024.jar;../server/lib/jndi;../server/lib/jsp;../server/lib/jta;../server/lib/launcher-11.50.9999-GA-SNAPSHOT.jar;../server/lib/lxxxxxxxxxxxxxx;../server/lib/launcher-11.51.9999-SNAPSHOT.jar;../server/lib/launcher-sources.jar;../server/lib/launcher.jar;../server/lib/monitor;../server/lib/policy;../server/lib/servlet-api-2.5.jar;../server/lib/annotations/javax.annotation_1.0.0.v20100513-0750.jar;../server/lib/annotations/org.objectweb.asm_3.1.0.v200803061910.jar;../server/lib/ext/.donotdelete;../server/lib/jndi/javax.activation_1.1.0.v201005080500.jar;../server/lib/jndi/javax.mail.glassfish_1.4.1.v201005082020.jar;../server/lib/jsp/com.sun.el_1.0.0.v201004190952.jar;../server/lib/jsp/ecj-3.6.jar;../server/lib/jsp/javax.el_2.1.0.v201004190952.jar;../server/lib/jsp/javax.servlet.jsp.jstl_1.2.0.v201004190952.jar;../server/lib/jsp/javax.servlet.jsp_2.1.0.v201004190952.jar;../server/lib/jsp/jetty-jsp-2.1-7.5.4.v20111024.jar;../server/lib/jsp/jsp-impl-2.1.3-b10.jar;../server/lib/jsp/org.apache.taglibs.standard.glassfish_1.2.0.v201004190952.jar;../server/lib/jta/javax.transaction_1.1.1.v201004190952.jar;../server/lib/monitor/jetty-monitor-7.5.4.v20111024.jar</td></tr> <tr><td>java.specification.version</td><td>XXX</td></tr> <tr><td>java.specification.vendor</td><td>XXXXX</td></tr> <tr><td>java.specification.name</td><td>XXXXXX</td></tr> <tr><td>java.vendor.url</td><td>http://XXXXXX/</td></tr> <tr><td>java.vm.specification.version</td><td>XXXX</td></tr> <tr><td>java.vm.specification.vendor</td><td>XXXXXXXX</td></tr> <tr><td>java.vm.specification.name</td><td>XXXXXXXX</td></tr> <tr><td>java.class.version</td><td>XXXXXXXX</td></tr> <tr><td>java.library.path</td><td>../XXXX</td></tr> <tr><td>java.io.tmpdir</td><td>XXXXXXXXXXXX</td></tr> <tr><td>java.compiler</td><td>XXXX</td></tr> <tr><td>java.ext.dirs</td><td>XXXXXXXXXXX\java\jre\lib\ext;XXXXXXXXXXX</td></tr> <tr><td width="30%"><b>Other</b></td><td>&nbsp;</td></tr> <tr><td>Total memory</td><td>8984MB</td></tr> <tr><td>Free memory</td><td>8121MB</td></tr> <tr><td>Max memory to be used</td><td>1984MB</td></tr> <tr><td>Available Processors</td><td>8</td></tr> <tr><td>Using config file</td><td>XXXX</td></tr> </table> <form NAME ="filterForm"> <TABLE> <tr class ="filter"></TD><B>XXXXXX</B><TD></TR> <TR class ="filter"> <TD class ="filter">XXXXX:</TD> <TD class ="filter"><XXXXXXXXXX> </TD> <TD class ="filter">XXXXXX</TD> <TD class ="filter"><XXXXXXXXXX="level"> <OPTION VALUE="XXXX">XXXX</OPTION> <OPTION VALUE="XXXX">XXXX</OPTION> <OPTION VALUE="XXXX">XXXX</OPTION> <OPTION VALUE="XXXX">XXXX</OPTION> </SELECT> </TD> </TR> <TR class ="filter"> <TD class ="filter">Login:</TD> <TD class ="filter"><INPUT NAME="XXXXX" SIZE=XXXX TYPE=TEXT VALUE=""> </TD> </TR> <TR class ="filter"> <TD class ="filter">XXXX</TD> <TD class ="filter"><INPUT NAME=XXXX SIZE=XXX TYPE=TEXT VALUE=""> </TD> </TR> <TR class ="filter"> <TD class ="filter">XXXXXXXXX</TD> <TD class ="filter"><INPUT NAME="XXXXX" SIZE=XXX TYPE=TEXT VALUE=""></TD> </TR> <TR class ="filter"> <TD class ="filter">XXXXXXXXX</TD> <TD class ="filter"><XXXXXXXXX SIZE=XX TYPE=TEXT VALUE=""></TD> <TD class ="filter"></TD> <TD class ="filter"><BUTTON name="filterB" type="button" onClick="filter()" > Filter </BUTTON> <BUTTON name="clearDilterB" type="button" onClick="clearFilter()">Clear Filter</BUTTON> </TD> </TR> </TABLE> </FORM> <table width="100%" cellPadding="8" cellSpacing="1" align="right" style="table-layout:fixed;word-break:break-all;border-width:1.5pt"> <tr bgcolor="XXXX"> <td width="7%" style="color: Orange"><b>xxxxxx</td> <td width="7%" style="color: Orange">xxxxxxxxxx</td> <td width="18%" style="color: Orange"><b>xxxxxxxxxx</b></td> <td width="8%" style="color: Orange"><b>xxxxxxxxx</b></td> <td width="7%" style="color: Orange"><b>xxxxxxxxx</b></td> <td width="5%" style="color: Orange"><b>xxxxxxx</b></td> <td width="18%" style="color: Orange"><b>xxxxxxxxx</b></td> <td width="30%" style="color: Orange"><b>xxxxxxxxxx</b></td> </tr> <tr ><td>Actual event starts from here</td><td> Any solution would be appreciated. -Madhu