All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

Team, Can anyone please help me to understand the below regular expression used in field extraction? (?i)CPU_COUNT\s+(?P[^ \n]*)? Thanks, Abilan
I am using HTTP events collector on a search head directly. On this SH I am using API token to connect to get OKTA logs . While doing this I am getting logs from other Opco's as well. Is there a w... See more...
I am using HTTP events collector on a search head directly. On this SH I am using API token to connect to get OKTA logs . While doing this I am getting logs from other Opco's as well. Is there a way I can filter the events on SH before they get indexed or even after they get indexed. I do not want events who has alternateid as 123@yahoo.com. Sample log event - {"outcome": {"result": "SUCCESS", "reason": null}, "transaction": {"type": "WEB", "detail": {}, "id": "Xo1bawKolLzMzd8K9kfu7QAAAfg"}, "uuid": "75a3359f-7956-11ea-bbe3-014a745a938e", "request": {"ipChain": [{"ip": "138.75.252.133", "source": null, "geographicalContext": {"postalCode": "18", "country": "Singapore", "city": "Singapore", "state": null, "geolocation": {"lon": 103.8547, "lat": 1.2929}}, "version": "V4"}, {"ip": "165.225.112.151", "source": null, "geographicalContext": {"postalCode": null, "country": null, "city": null, "state": null, "geolocation": {"lon": 105.0, "lat": 35.0}}, "version": "V4"}]}, "severity": "INFO", "version": "0", "eventType": "user.authentication.sso", "target": [{"type": "AppInstance", "detailEntry": {"signOnModeType": "SAML_2_0"}, "displayName": "Okta Org2Org", "id": "0oal0mtjt5nMLSHRs0h7", "alternateId": "CIAM MarshDev"}, {"type": "AppUser", "detailEntry": null, "displayName": "Mansi Mittal", "id": "0uam4poth8cW3A68j0h7", "alternateId": "123@gmail.com"}],
Hi All I'm fairly new to Splunk, and still very much learning (its a small hobby), and I recently found Elastic Beats works great for monitoring my home servers and network, then to add a cherry, ... See more...
Hi All I'm fairly new to Splunk, and still very much learning (its a small hobby), and I recently found Elastic Beats works great for monitoring my home servers and network, then to add a cherry, the output is easily imported into Splunk. I've got it running some ICMP PINGs against my network interfaces, and in its simplest form, generates data such as: NAME STATUS PING site1 up 10 site2 up 10 site2 down 0 site3 up 10 site1 down 10 I'm using the Status Indicator visualisation to show a Trellis view of Total Devices, Total Up, Total Down. I've hacked together the following query, which works, but there has got to be a more optimised way of doing this: index="beats" "monitor.type"=icmp "tags{}"=external | stats latest(monitor.name) as name latest(monitor.status) as status BY monitor.name | stats count(name) as " TOTAL" sum(eval(if(status=="up",1,0))) as " UP" sum(eval(if(status=="down",1,0))) as " DOWN" | eval fn = "value" | transpose column_name="category" header_field=fn | eval color = if(category==" TOTAL", "#006d9c", if(category==" UP", "#00AA00", "#dc4e41")) | eval icon = if(category==" TOTAL", "server", if(category==" UP", "check", "times-circle")) | sort category | stats last(value) as value last(icon) as icon last(color) as color by category Which effective does the following: Pull back the latest record for each unique "monitor.name" Then counts the Total, Total Up, Total Down (Note spaces in the as-names, a hack so I can sort them into a desired order (Total -> UP -> Down) The above totals are columns, so I transpose to a list with "category" (aka name) and "value" Use EVAL to set the colour and icons for the visualisation Sort into the order I want (Total -> UP -> Down) Then re-apply stats - I honestly don't know why this is needed, but without it, the Status Indicator visualisation doesn't work, though looking at the statistics tab, the results are exactly the same without it I'd really appreciate any advise on how I could re-work this, improve it, also any insight into why step 6 appears to be needed. Many Thanks K
Hi Team, I'm a very novice Spluker and have only really upgraded it once and installed it a couple times on our servers to update it. Right now I just installed a new Splunk instance on Server 2019... See more...
Hi Team, I'm a very novice Spluker and have only really upgraded it once and installed it a couple times on our servers to update it. Right now I just installed a new Splunk instance on Server 2019 and am about to migrate our existing Splunk 2012 server over to it. I have already migrated just the warm buckets over to the new server in the cold location. I can search that data, and that's good. The problem is that I'm sending test data over to the new Splunk 8.0.2 server and it's either not getting it or not indexing it. I followed Splunk 8.0.2's Can't Find My Data Doc https://docs.splunk.com/Documentation/Splunk/8.0.2/Troubleshooting/Cantfinddata and the Splunk instance is only one server, no forwarders, no separate servers, just everything in one server. Troubleshooting I have done: Everything I could understand and that is applicable in Splunk 8.0.2's Can't Find My Data Doc https://docs.splunk.com/Documentation/Splunk/8.0.2/Troubleshooting/Cantfinddata I confirmed the Splunk service is running on the server. I can ping the server from the network device, and I can ping the network device from the server. There are no Firewalls in place between the device and server and the Windows Server 2019 FW is turned off. I checked the Windows File structure in the actual VM and it hasn't created a hot bucket yet, so if it's getting the data, it's not I also installed a Kiwi Syslog server on my desktop and put my IP in the network device and sure enough it's sending data. I'm not really sure what else to try, so any help or things to check would be appreciated. Thanks Splunk Answers! -Chris
I started recently with AppDynamics. My primary purpose of using AppDynamics is to find out the bottlenecks in my existing code base when my application is under a high load. I am running the PyAgent... See more...
I started recently with AppDynamics. My primary purpose of using AppDynamics is to find out the bottlenecks in my existing code base when my application is under a high load. I am running the PyAgent on one of the nodes. I am using Gunicorn as my app server which sits behind NGINX. I spin up my service with the following command: ExecStart=venv/bin/pyagent run -c /etc/appdynamics.cfg -- venv/bin/gunicorn --bind 127.0.0.1:18000 -w 2 --worker-class gevent --worker-connections 500 foree:app --log-level debug  As I run my load test using locust, I see a number of transactions in the category of very slow. When I look further into the transaction snapshot I see a node present there called {request}- (as shown in the image). Surprisingly this transaction took 27s. I am pretty sure this is something related to gevent, but not exactly sure as to what is taking so much time? Could this be the time that the transaction spent waiting (blocked) on some kind of IO? Any pointers to further investigation would be highly appreciated.
Can anyone offer any suggestions on how to configure AWS ELB with a Splunk Cloud Cluster?
See the dataset below. Ultimately (this is part of an inner join with another search) I'd like to return the the latest result for any user who does not have an active connection. So for the data... See more...
See the dataset below. Ultimately (this is part of an inner join with another search) I'd like to return the the latest result for any user who does not have an active connection. So for the data below, user2 and user3 do not have "Connected" sessions, and so I'd like to return their most recent result. User1 on the other hand, does have a "Connected" session, so I would not like to return his result. I'm not sure if I'm overthinking this, but it seems I need to group each users' results and if any of their State=Connected then throw them out? This seems to be getting messed up when a user has an active session, then opens a new one to a different server, and then closes their first session. Originally I was using a |dedup to get their latest connection attempt, but the case I described breaks this. Any help is appreciated! Session Data: _Time.......Server.........User-----------State----------------Data 5pm.........server1.......user3------Disconnected---blahblahblah 4pm.........server1.......user1------Disconnected---blahblahblah 3pm.........server2.......user1------Connected-------blahblahblah 3pm.........server1.......user2------Disconnected---blahblahblah 2pm.........server3.......user1------Disconnected---blahblahblah 12pm.......server1.......user2------Disconnected---blahblahblah What I'd like returned: 5pm.........server1.......user3------Disconnected---blahblahblah 3pm.........server1.......user2------Disconnected---blahblahblah
I have a lookup table with domain names and corresponding IP address. In my events, the results show the IP, so I added the lookup to my query so that it looks at the IP and if there is a match to re... See more...
I have a lookup table with domain names and corresponding IP address. In my events, the results show the IP, so I added the lookup to my query so that it looks at the IP and if there is a match to replace it with the corresponding domain name. It is working, however for the IPs where there is no corresponding domain name match in the lookup table , it is showing those fields as blanks in my result. How can I make it show the default IP value that would have been there before the lookup was added? | lookup ExtIPtoDNS Internal_IP as dest OUTPUT Domain as dest Thank you!
Basically, when I try to search for mf4 values on their own, index="sean-testing" mf4=w, the data found is zero or blank but if I use the full search with rex as seen below then click the mf4 value ... See more...
Basically, when I try to search for mf4 values on their own, index="sean-testing" mf4=w, the data found is zero or blank but if I use the full search with rex as seen below then click the mf4 value from the table view, the full event data will come up. I use regex101.com to drop the rex into the expression line and the data sample, one at a time, into the test sample box to test things out. *Q: I'm thinking that I need to place this field extraction in a promps as a report or extract on the indexers? * Any advice, examples or links to a better understanding would be great! Thank you. -Sean full Search with rex index="sean-testing" sourcetype="mfsource1" | rex "\s{2}(?P<mf1>\d+)\s(?P<mf2>.{8})\s(?P<mf3>\S{10}){1}(?P<mf4>\S+)\s(?P<mf5>.+)[0-2][0-9]:[0-9][0-9]:[0-9][0-9]$" | search mf4=W OR mf4=I | table _time mf1 mf2 mf3 mf4 mf5 Event Data Sample 1 200401 07595444 17476 CARDS5 EXSFJM1083I EJM1: Using LWASP provider module "LWASP32.DLL", from API version 2009 07:59:54 Event Data Sample 2 200331 18250270 1764 CARDS1 CASHO00200I AB2P XA interface loaded. Name(AB2 for WINDOWS), Registration Mode(Dynamic) 18:25:02 Event Data Sample 3 200331 18250131 6508 CARDS3 CASZS50110W Failed to open port 21661 for TCPIPSERVICE ZTGIPP1 18:25:01 sourcetype Basic stuff - break at everyline, no regex added
All, I enabled in powershell input in Splunk_TA_nix for windows update logs on Win2016 and all I get it this. 1600/12/31 16:00:00.0000000 1128 7576 Unknown( 28): GUID=a09e99... See more...
All, I enabled in powershell input in Splunk_TA_nix for windows update logs on Win2016 and all I get it this. 1600/12/31 16:00:00.0000000 1128 7576 Unknown( 28): GUID=a09e99c9-a6c4-3261-6004-3aafb80214f7 (No Format Information found). Any idea what's going on here?
Not something I've ever been asked to do, but management wants a dashboard that contains a row for all of possible values for an app, whether or not that application has produced any events in the se... See more...
Not something I've ever been asked to do, but management wants a dashboard that contains a row for all of possible values for an app, whether or not that application has produced any events in the search span or not. I've generated a lookup table, contains them all. I just need to fold it into a stats table without always having anything in that stats table to match it up to. Basically, when the search runs, if there are no other stats for that application, an otherwise blank row with the application name is expected. Here's what I've got. The mule_serverinfo_lookup works fine, it matches up host with it's know environments and clusternodes. Its the mule4_appnames.csv that contains column "application" that needs to fill in the "empty" rows. index=someindex host=somehost sourcetype="mule-app" mule4_appname=enterworks-web-content-digital-assets OR mule4_appname=ecc-po-data-hubspan | lookup mule_serverinfo_lookup hostname AS host OUTPUTNEW ServerType version ClusterNode | stats count(mule4_appname) as Total by mule4_appname ServerType | appendpipe [| inputlookup mule4_appnames.csv | table application ServerType ] | search application=ecc-po-data-hubspan OR application=enterworks-web-content-digital-assets OR mule4_appname=enterworks-web-content-digital-assets OR mule4_appname=ecc-po-data-hubspan | table mule4_appname application ServerType Total In this example one of the apps, enterworks, exists in the index and the lookup. The other does not. The result of the search looks like this.
I have an app on a deployment server that takes in XML data, this app includes a props.conf with KV_MODE=xml. When I see the data in Splunk, no XML fields are being extracted, but when I add | xml... See more...
I have an app on a deployment server that takes in XML data, this app includes a props.conf with KV_MODE=xml. When I see the data in Splunk, no XML fields are being extracted, but when I add | xmlkv to the end of my query, it extracts all XML fields. Since KV_MODE is for search time extractions does that mean that I have to also put this props.conf on the SHC? Or is there another reason why it's not working? Thanks in advance.
Hi There! I have created a list of 2000 names in a CSV file. I am trying to get the phone numbers of these 2000 people using the below query, index=*** event=contact [ | inputlookup names.csv |... See more...
Hi There! I have created a list of 2000 names in a CSV file. I am trying to get the phone numbers of these 2000 people using the below query, index=*** event=contact [ | inputlookup names.csv | fields names ] | stats dc(phoneNumber) by names | fillnull value=0 names When I do the distinct count I only get the names who are registered, but I need the remaining names - dc(phone_numbers) as 0, when I run the query.
All, I am breaking my index=windows up into index=oswin and index=oswinsec. Any tricks or tools to search for searches, reports, dashboard, macros, tags, eventtypes, data model etc that might... See more...
All, I am breaking my index=windows up into index=oswin and index=oswinsec. Any tricks or tools to search for searches, reports, dashboard, macros, tags, eventtypes, data model etc that might be tied to that index?
Hello Spunkers, I have Splunk app for Windows Infrastructure installed and have done the setup but when I get to the "customize features" section it can't find the AD data it is looking for. The Wi... See more...
Hello Spunkers, I have Splunk app for Windows Infrastructure installed and have done the setup but when I get to the "customize features" section it can't find the AD data it is looking for. The Windows Overview dashboard is populating and it is finding some AD data, so I think the AD data is being ingested just not being parsed correctly, but I don't know how to tell. Thanks in advance for any help. Here is the output of the "detect features" button. Detecting Event Monitoring ... Windows: Event Monitoring found. Detecting Performance Monitoring ... Windows: Performance Monitoring found. Detecting Applications and Updates ... Windows: Applications and Updates found. Detecting Network Monitoring ... Windows: Network Monitoring not found. (This one is expected) Detecting Print Monitoring ... Windows: Print Monitoring not found. (This one is expected) Detecting Host Monitoring ... Windows: Host Monitoring found. Detecting Domains ... Active Directory: Domains not found. Detecting Domain Controllers ... Active Directory: Domain Controllers not found. Detecting DNS ... Active Directory: DNS found. Detecting Users ... Active Directory: Users not found. Detecting Computers ... Active Directory: Computers not found. Detecting Groups ... Active Directory: Groups not found. Detecting Group Policy ... Active Directory: Group Policy found. Detecting Organizational Units ... Active Directory: Organizational Units found. Splunk version: 7.3.0 Splunk app for Windows Infrastructure version: 2.0.1 Splunk Supporting Add-on for Active Directory version: 3.0.1 (Connection status on configuration tab is successful)
I have been using kafka for almost 2 years now. I never had an issue. Recently, I believe the volume of data increased and I started having the erroor beloow com.splunk.hecclient.HecExceptio... See more...
I have been using kafka for almost 2 years now. I never had an issue. Recently, I believe the volume of data increased and I started having the erroor beloow com.splunk.hecclient.HecException: All channels have back pressure at com.splunk.hecclient.LoadBalancer.send(LoadBalancer.java:62) at com.splunk.hecclient.Hec.send(Hec.java:233) at com.splunk.kafka.connect.SplunkSinkTask.send(SplunkSinkTask.java:257) at com.splunk.kafka.connect.SplunkSinkTask.handleFailedBatches(SplunkSinkTask.java:127) at com.splunk.kafka.connect.SplunkSinkTask.put(SplunkSinkTask.java:62) at org.apache.kafka.connect.runtime.WorkerSinkTask.deliverMessages(WorkerSinkTask.java:524) at org.apache.kafka.connect.runtime.WorkerSinkTask.poll(WorkerSinkTask.java:302) at org.apache.kafka.connect.runtime.WorkerSinkTask.iteration(WorkerSinkTask.java:205) at org.apache.kafka.connect.runtime.WorkerSinkTask.execute(WorkerSinkTask.java:173) at org.apache.kafka.connect.runtime.WorkerTask.doRun(WorkerTask.java:170) at org.apache.kafka.connect.runtime.WorkerTask.run(WorkerTask.java:214) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) My config: curl -s localhost:8083/connectors -X POST -H "Content-Type: application/json" -d '{ "name": "forwarder", "config": { "connector.class": "com.splunk.kafka.connect.SplunkSinkConnector", "tasks.max": "5", "splunk.indexes": "splunk--index", "splunk.sources": "http:kafka_sip", "topics":"topic", "splunk.hec.uri": "splunkforwarder:8083", "splunk.hec.token": "token", "splunk.hec.raw": "false", "splunk.hec.ack.enabled":"false", "splunk.hec.ssl.validate.certs": "false", "splunk.hec.max.batch.size": "100", "splunk.hec.json.event.formatted": "true" } }' Would you please advise why this started happening now?
Hello, I currently have a data model with two data sets. One data set is based on an index while the other is based on a KV store, each with their own root search. What I'd like to do is extract da... See more...
Hello, I currently have a data model with two data sets. One data set is based on an index while the other is based on a KV store, each with their own root search. What I'd like to do is extract data from both of the data sets in a single search without using append or join . Is this possible? Thanks! Andrew
I have a dataset of Nginx (a web server) request logs. Each entry contains a client_ip . I want to impose some rate limiting, but I want to see what my current traffic patterns are, so my rate limit... See more...
I have a dataset of Nginx (a web server) request logs. Each entry contains a client_ip . I want to impose some rate limiting, but I want to see what my current traffic patterns are, so my rate limits don't impede the current regular traffic. There are two rate limit settings available, one expressed as a limit per second, and a limit per minute. I would like to calculate the requests/second rate of each client_ip for each second. I would like to then aggregate (playing around with different aggregation functions, like avg, median, p90, p99, max, etc.) those values per-client_ip values into a timechart . Put another way, I would like to make this timechart have one data point per minute, each of which shows the p99 request/seconds among all the client_ips for that minute. For example, that would give me a per-second rate limit that would make 99% pass, and block the top 1%. I thought this would do it: application="my-app" index="my-index" request client_ip="*" user_agent="*" request="*" kube_pod="web-*" | timechart span=1s count as count_per_sec by client_ip | timechart span=1s avg(count_per_sec) But all of the count_per_sec values come out blank under the "statistics" tab.
Hi splunkers! Need your advice again. We have a db table with users registrations. Millions of entries. There's an option for a user to merge with another account if for some reason he created ano... See more...
Hi splunkers! Need your advice again. We have a db table with users registrations. Millions of entries. There's an option for a user to merge with another account if for some reason he created another one. Merge happens pretty often. But there's no earliest date of registration for merged users in original table. So we address to another table where this info is stored. Make lookup of it and then make kv_store lookup of original table taking in consideration merged accounts lookup. This kvstore lookup is used to correctly segment users' purchases, logins by their registration date. Rewriting of this kv_store lookup takes hours and sometimes it skips.. Now we want to create outside splunk separate db table with correct registration information and to use it queries. And here's a question: which way is better to use in this case? Dbxlookup without need to update something in splunk kv-store lookup with its complete rewriting several times a day kv-store lookup updating it values through REST API ?
Below are clamav logs, I would like to create two new fields. one called: log_level one callled: message log_level would be a capture group where the word "WARNING:" is. Sometimes this word w... See more...
Below are clamav logs, I would like to create two new fields. one called: log_level one callled: message log_level would be a capture group where the word "WARNING:" is. Sometimes this word will be ERROR or INFO, it's contingent message would be a capture group where: "Can't open file /etc/rsyslog.conf.broken: Permission denied" Moreso than the answer i'd like understanding of the reg ex so In your answer if you could please break down the reg ex so i can learn i'd truly appreciate it. ------------------------------------------------------------------------------- WARNING: Can't open file /etc/rsyslog.conf.broken: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_buu1Z0: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_P1SWCK: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_pD4Mt4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200021_ow7PXV: Permission denied WARNING: Can't open file /tmp/krb5cc_888600429_vx2xUp: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QYox3k: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_0fEYYI: Permission denied WARNING: Can't open file /tmp/krb5cc_888600101_tfBE1x: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200026_aPhSxB: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1532.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1599.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1695.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1517.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1602.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1593.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1592.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1727.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1526.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1770.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1513.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1686.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1588.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1607.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1605.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1636.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1698.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1603.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1785.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1617.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1606.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1742.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1585.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1519.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1623.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1708.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1590.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1531.log: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Myl0Qe: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Y8YTvr: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Svzf6O: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QvgHg4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200003_aWcbM9: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_eBGT5M: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200007_cPewso: Permission denied WARNING: Can't open file /tmp/krb5cc_888600099_vJnQRX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200019_1cSMBo: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_RvJuPw: Permission denied WARNING: Can't open file /tmp/krb5cc_888600106_bhzQNt: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_BHjkuK: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200001_02GigF: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_8rXTya: Permission denied WARNING: Can't open file /tmp/krb5cc_888600286_wkk2hw: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200037_PR0YIo: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200030_n0sXYf: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_egUWcm: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_SER8kV: Permission denied WARNING: Can't open file /tmp/tmp.XIvDgFrUAn: Permission denied WARNING: Can't open file /tmp/EPEL6-GPG-KEY: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200013_qujiN0: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_g40tLJ: Permission denied WARNING: Can't open file /tmp/krb5cc_888600427_BuOUej: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_OpGADN: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_jbilyY: Permission denied WARNING: Can't open file /tmp/krb5cc_888700729_110ApX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200028_4tocVD: Permission denied WARNING: Can't open file /tmp/krb5cc_888600042_em0uAD: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_qjdnTq: Permission denied WARNING: Can't open file /tmp/krb5cc_888600043_Pyb8Hf: Permission denied WARNING: Can't open file /tmp/krb5cc_888600111_CtZB8x: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_HpqDys: Permission denied WARNING: Can't open file /opt/splunk-6.4.0-f2c836328108-linux-2.6-x86_64.rpm: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 5995098 Engine version: 0.99.2 Scanned directories: 6366 Scanned files: 41938 Infected files: 0 Total errors: 83 Data scanned: 3329.70 MB Data read: 4610.58 MB (ratio 0.72:1) Time: 4296.029 sec (71 m 36 s) ------------------------------------------------------------------------------- WARNING: Can't open file /etc/rsyslog.conf.broken: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_buu1Z0: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200001_n3Udh3: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_P1SWCK: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_pD4Mt4: Permission denied WARNING: Can't open file /tmp/krb5cc_888600429_vx2xUp: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QYox3k: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200046_tG4INP: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_0fEYYI: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200071_HSWmZ6: Permission denied WARNING: Can't open file /tmp/krb5cc_888600101_tfBE1x: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1532.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1599.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1695.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1517.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1594.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1595.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1602.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1580.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1593.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1592.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1526.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1513.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1686.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1588.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1607.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1605.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1589.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1636.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1698.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1603.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1617.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1606.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1604.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1584.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1585.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1519.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1623.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1708.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1590.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1531.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1608.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1610.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1598.log: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Myl0Qe: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Y8YTvr: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Svzf6O: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QvgHg4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200028_dJudKj: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_eBGT5M: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200012_QHbp0P: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200003_3gLmvy: Permission denied WARNING: Can't open file /tmp/tmp.z1NhS7Cf1p: Permission denied WARNING: Can't open file /tmp/krb5cc_888600099_vJnQRX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200016_ZuL9m4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200048_CG4mxR: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200019_1cSMBo: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200037_FH62Pc: Permission denied WARNING: Can't open file /tmp/tmp.a9xsZutIWq: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_RvJuPw: Permission denied WARNING: Can't open file /tmp/krb5cc_888600106_bhzQNt: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_BHjkuK: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_8rXTya: Permission denied WARNING: Can't open file /tmp/krb5cc_888600286_wkk2hw: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200030_n0sXYf: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_egUWcm: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_SER8kV: Permission denied WARNING: Can't open file /tmp/tmp.XIvDgFrUAn: Permission denied WARNING: Can't open file /tmp/EPEL6-GPG-KEY: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200013_qujiN0: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_g40tLJ: Permission denied WARNING: Can't open file /tmp/krb5cc_888600427_BuOUej: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_OpGADN: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_jbilyY: Permission denied WARNING: Can't open file /tmp/krb5cc_888700729_110ApX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200051_5IDsNl: Permission denied WARNING: Can't open file /tmp/krb5cc_888600042_em0uAD: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200049_70bzRj: Permission denied WARNING: Can't open file /tmp/tmp.E4AJCzpOIr: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200007_R3pBFi: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_qjdnTq: Permission denied WARNING: Can't open file /tmp/tmp.nEx5K1P19V: Permission denied WARNING: Can't open file /tmp/krb5cc_888600043_Pyb8Hf: Permission denied WARNING: Can't open file /tmp/tmp.3xu23Z8tDj: Permission denied WARNING: Can't open file /tmp/krb5cc_888600111_CtZB8x: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_HpqDys: Permission denied WARNING: Can't open file /opt/splunk-6.4.0-f2c836328108-linux-2.6-x86_64.rpm: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 6319346 Engine version: 0.99.2 Scanned directories: 7233 Scanned files: 45947 Infected files: 0 Total errors: 100 Data scanned: 3594.28 MB Data read: 4821.47 MB (ratio 0.75:1) Time: 485.906 sec (8 m 5 s) ------------------------------------------------------------------------------- WARNING: Can't open file /etc/rsyslog.conf.broken: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200048_SKap8h: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_buu1Z0: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_P1SWCK: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_pD4Mt4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200071_e3US5K: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200021_IfCsp4: Permission denied WARNING: Can't open file /tmp/krb5cc_888600429_vx2xUp: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QYox3k: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200046_tG4INP: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_0fEYYI: Permission denied WARNING: Can't open file /tmp/krb5cc_888600101_tfBE1x: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1587.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1599.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1594.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1595.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1602.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1580.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1593.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1592.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1566.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1578.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1611.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1588.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1607.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1605.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1589.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1603.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1583.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1596.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1606.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1604.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1584.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1582.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1620.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1585.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1623.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1590.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1577.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1608.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1610.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1598.log: Permission denied WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1591.log: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Myl0Qe: Permission denied WARNING: Can't open file /tmp/tmp.0qPyyvkhIw: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Y8YTvr: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_Svzf6O: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_QvgHg4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200028_dJudKj: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_eBGT5M: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200012_QHbp0P: Permission denied WARNING: Can't open file /tmp/tmp.z1NhS7Cf1p: Permission denied WARNING: Can't open file /tmp/krb5cc_888600099_vJnQRX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200019_1cSMBo: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200065_NZfYE4: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200037_FH62Pc: Permission denied WARNING: Can't open file /tmp/tmp.a9xsZutIWq: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200003_Ysuwzs: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_RvJuPw: Permission denied WARNING: Can't open file /tmp/krb5cc_888600106_bhzQNt: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_BHjkuK: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_8rXTya: Permission denied WARNING: Can't open file /tmp/krb5cc_888600286_wkk2hw: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200030_n0sXYf: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200001_VezxBM: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_egUWcm: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_SER8kV: Permission denied WARNING: Can't open file /tmp/tmp.XIvDgFrUAn: Permission denied WARNING: Can't open file /tmp/EPEL6-GPG-KEY: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200013_qujiN0: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_g40tLJ: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200049_zrBoRF: Permission denied WARNING: Can't open file /tmp/krb5cc_888600427_BuOUej: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200051_5uiGLr: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_OpGADN: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_jbilyY: Permission denied WARNING: Can't open file /tmp/krb5cc_888700729_110ApX: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200047_iM0nZM: Permission denied WARNING: Can't open file /tmp/krb5cc_888600042_em0uAD: Permission denied WARNING: Can't open file /tmp/tmp.E4AJCzpOIr: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200007_R3pBFi: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_qjdnTq: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200016_7hh0tc: Permission denied WARNING: Can't open file /tmp/tmp.nEx5K1P19V: Permission denied WARNING: Can't open file /tmp/krb5cc_888600043_Pyb8Hf: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200062_Y3tkcC: Permission denied WARNING: Can't open file /tmp/tmp.3xu23Z8tDj: Permission denied WARNING: Can't open file /tmp/tmp.KgPSpEWZwR: Permission denied WARNING: Can't open file /tmp/krb5cc_888600111_CtZB8x: Permission denied WARNING: Can't open file /tmp/krb5cc_888600038_HpqDys: Permission denied WARNING: Can't open file /tmp/krb5cc_1846200067_xWpi42: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 6319470 Engine version: 0.99.4 Scanned directories: 8003 Scanned files: 47590 Infected files: 0 Total errors: 105 Data scanned: 4118.82 MB Data read: 5005.36 MB (ratio 0.82:1) Time: 556.020 sec (9 m 16 s)