All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

Hi Team, Is there any way to add TimeToken with timewrap on the dashboard. I have a dashboard ready to display this week data to compare with last week data having timewrap with 7d. But, I w... See more...
Hi Team, Is there any way to add TimeToken with timewrap on the dashboard. I have a dashboard ready to display this week data to compare with last week data having timewrap with 7d. But, I would like to add token to replace the 7d value as per choice. Search query:    index=ABC sourcetype="xyz" data earliest= -14d@d latest= @s | timechart span=15m partial=false count by data | timewrap 7d series=short |table _time, s0, s1 | rename s0 as this_week, s1 as last_week,  
Not sure if I am putting this in the correct area; my apologies ahead of time. I wanted to know if it would be possible to have Splunk dynamically populate a table based on incoming log messages. The... See more...
Not sure if I am putting this in the correct area; my apologies ahead of time. I wanted to know if it would be possible to have Splunk dynamically populate a table based on incoming log messages. The log messages for new alerts and cleared alerts are essentially the same, save for one "field" that shows either "NEW" or "CLEARED". ##Example of New Alert Log Message##  2022-10-06 05:58:31 AlarmNotification = NEW AlarmID = STRING: "123456789" AlarmType = INTEGER: 1 ObjectInstance = STRING: "Router1" EventTime = STRING: "2022-10-6,5:58:31.7,-7:0" SpecificProblem = STRING: "LinkDown" Severity = INTEGER: 2   ##Example of Clear Alert Log Message##   2022-10-06 05:58:35 AlarmNotification = CLEARED AlarmID = STRING: "123456789" AlarmType = INTEGER: 1 ObjectInstance = STRING: "Router1" EventTime = STRING: "2022-10-6,5:58:35.5,-7:0" SpecificProblem = STRING: "LinkDown" Severity = INTEGER: 2   ----------------------------------- My idea was anytime a new alert comes in, a table with the various fields is generated; I can already do that today. However, what I am not sure about is if a subsequent "clear" log message comes in where everything matches (with the exception of the AlarmNotification and EventTime), it would dynamically REMOVE that table row entry.   So the general idea is show the alerts when they come in, but if a cleared alert message that comes in with a later date and time would "delete" that row from the table.   Any and all suggestions are welcomed. Thank you in advance.
Hello All, I have just installed RHEL 9.0 as a POC and would like to install Enterprise 9.0.1 The compatatbilty charts is kernel based rather then OS version based. Anyway,  the kernel version ... See more...
Hello All, I have just installed RHEL 9.0 as a POC and would like to install Enterprise 9.0.1 The compatatbilty charts is kernel based rather then OS version based. Anyway,  the kernel version compatability shows 5.4.x or greater The kernel version for RHEL 9.0 is 5.14.x Is this a typo on your side?
Hello Multiple PCs can access the same ID when connecting the web to the splunk. Even if I connect to multiple PCs with the same ID, I only keep the last session I accessed, and the PCs I logged in... See more...
Hello Multiple PCs can access the same ID when connecting the web to the splunk. Even if I connect to multiple PCs with the same ID, I only keep the last session I accessed, and the PCs I logged in to before are looking for a way to disconnect the session I accessed. In a single instance, the session could be cut off as follows. ./splunk _internal call "/services/authentication/httpauth-tokens/[SESSION_ID]" -method DELETE  The above SESSION_ID used the other field value of the splunk ui access log. However, this method does not work in a search header cluster. Can I have a search header cluster maintain only the last session I accessed when connecting from multiple PCs with the same ID? I look forward to hearing from you.  
I'm really bad when it comes to join searches, though I've been doing this for years.  I'm able to find the list of orphaned searches using:   | rest /servicesNS/-/-/admin/directory count=0 spl... See more...
I'm really bad when it comes to join searches, though I've been doing this for years.  I'm able to find the list of orphaned searches using:   | rest /servicesNS/-/-/admin/directory count=0 splunk_server=<splunkserver> | rename eai:* as *, acl.* as * | eval updated=strptime(updated,"%Y-%m-%dT%H:%M:%S%Z"), updated=if(isnull(updated),"Never",strftime(updated,"%d %b %Y")) | sort type | eval sAMAccountName=owner | stats count by title orphaned sAMAccountName sharing type owner updated app disabled | search orphaned=1   and we have a summary index containing our LDAP users & managers for those users. Using the following search returns users and their managers:   index=metrics_summary source="LDAP*" source IN("LDAP GROUP USER DIVISION Summary Index Search" "LDAP_GROUP_USER_DIVISION_Summary_Index_Search" lookup_ldap_group_user_division) sAMAccountName=e* OR sAMAccountName=v* |table sAMAccountName displayName mail department division manager   But I haven't been able to join the two searches together to give me the manager name of the user w/ the orphan search. I've tried variations of the following:   | rest /servicesNS/-/-/admin/directory count=0 splunk_server=<splunkserver> | rename eai:* as *, acl.* as * | eval updated=strptime(updated,"%Y-%m-%dT%H:%M:%S%Z"), updated=if(isnull(updated),"Never",strftime(updated,"%d %b %Y")) | sort type | eval sAMAccountName=owner | stats count by title orphaned sAMAccountName sharing type owner updated app disabled | search orphaned=1 | join sAMAccountName type=outer max=0 [|search index=metrics_summary source="LDAP*" source IN("LDAP GROUP USER DIVISION Summary Index Search" "LDAP_GROUP_USER_DIVISION_Summary_Index_Search" lookup_ldap_group_user_division) | stats latest(_time) AS latest values(displayName) values(mail) values(distinguishedName) values(department) values(division) latest(userAccountControl) values(manager) by sAMAccountName | rename values(*) AS *, latest(*) AS *]   but this only comes back w/ results from the rest call.  I know I get results using the summary index search. How do I merge these?   Thanks
Hello , I have splunk logger line like below: Address: XXX HttpMethod: POST  Headers: {Ama-Internal-REST-Service=hotel/booking, , Ama-Internal-Protocol=HTTP, Message-Type=RPWREQ} Payload: {"chann... See more...
Hello , I have splunk logger line like below: Address: XXX HttpMethod: POST  Headers: {Ama-Internal-REST-Service=hotel/booking, , Ama-Internal-Protocol=HTTP, Message-Type=RPWREQ} Payload: {"channel":"noChannel","conversationId":"12345","version":"1.0","agent":"noAgent","date":"2023-01-01","events":[{"action":"Update","objectAfter":{"chainCode":"BLR","brandCode":"ES","propertyCode":"HYATT"},"type":"Property"}]} I need to extract payload after  Payload: And then stats as table where columns are all field in payload.  for eg: TABLE OUTPUT: channel  conversationId  version date  chaincode  propertycode  type  
Hi Experts, Need your quick suggestion/support. Trying to make an integration between Splunk with Salesforce using Splunk_TA_salesforce. Getting below SSL error. 2022-10-06 09:24:35,525 ERROR pid... See more...
Hi Experts, Need your quick suggestion/support. Trying to make an integration between Splunk with Salesforce using Splunk_TA_salesforce. Getting below SSL error. 2022-10-06 09:24:35,525 ERROR pid=22321 tid=MainThread file=task.py:_send_request:475 | [stanza_name=monitoring__c] Error occurred in request url=https://company-business--preprod01.sandbox.salesforce.com/services/data/v54.0/query?q=SELECT%20Crea... method=GET reason=HTTP Error HTTPSConnectionPool(host='company-business--preprod01.sandbox.my.salesforce.com', port=443): Max retries exceeded with url: /services/data/v54.0/query?q (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1106)'))) Have placed a certificate pem file in $SPLUNK_HOME/etc/auth/certs/ and defined this path in splunk_ta_salesforce_settings.conf as ca_certs_path = /opt/splunk/etc/auth/certs/cert_chain.pem But still we get an SSL error, how to disable SSL certificate verifification in the Add-On 'Splunk_TA_salesforce'? Please suggest. Thanks
Hi all. It might sound weird but I need assistance converting Azure Sentinel queries to SPL. The main goal is to use Microsoft's new exchange vulnerability detection methods. So if you got one re... See more...
Hi all. It might sound weird but I need assistance converting Azure Sentinel queries to SPL. The main goal is to use Microsoft's new exchange vulnerability detection methods. So if you got one ready to use, please share These are the codes I wish to have in SPL: https://github.com/Azure/Azure-Sentinel/blob/08a8d2b9c5c9083e341be447773a34b56b205dee/Detections/W3CIISLog/ProxyShellPwn2Own.yaml https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/W3CIISLog/WebShellActivity.yaml https://github.com/Azure/Azure-Sentinel/blob/master/Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Microsoft%20365%20Defender/Execution/exchange-iis-worker-dropping-webshell.yaml https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/W3CIISLog/PotentialWebshell.yaml source: https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/     Thank you!!
Tell me, what should I do in my case, I need from the field: 1.SAPS-SIS.TO.LSP.SEND, or: "12.SAPS-SIS.TO.LSP.RECEIVE Get field: "routepointIDnum": "1" or "routepointIDnum": "12" I tried like this ... See more...
Tell me, what should I do in my case, I need from the field: 1.SAPS-SIS.TO.LSP.SEND, or: "12.SAPS-SIS.TO.LSP.RECEIVE Get field: "routepointIDnum": "1" or "routepointIDnum": "12" I tried like this and it almost works: index="main" sourcetype="testsystem-script333" | eval routepointID_num=substr(routepointID,1,2) | table routepointID_num Almost because I get: "routepointIDnum": "1." or "routepointIDnum": "12" And I need: "routepointIDnum": "1" or "routepointIDnum": "12"
Hi Team, Could you please help me with the below request? There are two database servers currently being monitored in Appdyanmics.   These two servers are of windows 2012 version.    These two serv... See more...
Hi Team, Could you please help me with the below request? There are two database servers currently being monitored in Appdyanmics.   These two servers are of windows 2012 version.    These two servers will be upgraded from windows 2012 to windows 2019.   Now we need to install appdynamics components on the servers with new version(2019) like DB agent and configuration changes. Please guide me on how to install the appdynamics components and configuration changes. Thanks&Regards Srinivas
Hi there, Search to trigger an alert when the particular job (scheduled jobs) is running more than the threshold time (lets say 5 mins). I have fields to create an alert are Job name (unique),  s... See more...
Hi there, Search to trigger an alert when the particular job (scheduled jobs) is running more than the threshold time (lets say 5 mins). I have fields to create an alert are Job name (unique),  source, source type, index and time. Thanks in Advance, Regards, Theja
Hi, I am trying to concatenate 3 fields into 1 field but I am unable to do so. I tried: and this: Can someone help? There should be a single column of emails with 1 email per... See more...
Hi, I am trying to concatenate 3 fields into 1 field but I am unable to do so. I tried: and this: Can someone help? There should be a single column of emails with 1 email per row. Thanks!
Is it possible to monitor a website URL on a dashboard? and how can i configure this easilly?
is variance inflation factor {VIF} available in splunk mltk app.
I have total 17 orders.  Box Estimates is wrong 6 out of 17 orders. What is the average wrong box estimate in total? This is my attempt who is wrong:   | spath path=data{}.actual_totes{}.f... See more...
I have total 17 orders.  Box Estimates is wrong 6 out of 17 orders. What is the average wrong box estimate in total? This is my attempt who is wrong:   | spath path=data{}.actual_totes{}.finalBoxAmount output=actualBoxes | spath path=data{}.estimated_totes{}.box output=estimatedBoxes | eventstats count AS total | eval box_missing=if(actualBoxes != estimatedBoxes, "YES", "NO") | eval average= (actualBoxes - estimatedBoxes) / total * 100 | table actualBoxes estimatedBoxes total box_missing average    
Looking to use the file-monitoring-extension found on Github. https://github.com/Appdynamics/file-monitoring-extension FileWatcher-3.1.1 Got the extension working on Windows using the Standalone... See more...
Looking to use the file-monitoring-extension found on Github. https://github.com/Appdynamics/file-monitoring-extension FileWatcher-3.1.1 Got the extension working on Windows using the Standalone Machine Agent. Metrics are registered with the Controller and after each MA restart there is only 1 data point for each metric and the all the metrics are 0's after that. Any subsequent restarts only generate 1 data point again, and while accurate there are never any other data points for the metrics. See the screenshots below showing that. There are some Warnings in the MA Log file, but do not seem to be related to the issue we are experiencing. Log and Config file added below also. Hope someone is using this successfully and can offer some input. AppD support do not assist with extensions anymore. Shows data points and how they only have data after a restart All relevant metrics are there, but have no continuous metric s reporting in Logs LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:56,642 INFO SystemAgent - Starting Machine Agent.... LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:56,642 INFO ControllerTimeSkewHandler - Skew Handler is : [enabled]. LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,191 INFO SystemAgent - Full certificate chain validation performed using default certificate file LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,677 INFO ManagedMonitorDelegate - Started Agent Metric Generation Service LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,692 INFO ManagedMonitorDelegate - Event Service is : [enabled]. LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,692 INFO ManagedMonitorDelegate - Initialized with maxPublishQueueLength [2], aggregationFrequencyInMillis [60000] LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,692 INFO ManagedMonitorDelegate - Metric Service is : [enabled]. LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,692 INFO ManagedMonitorDelegate - Started Agent Env Properties Service LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,692 INFO ManagedMonitorDelegate - Scheduled Continuous Task Monitor with frequency [30000]ms LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,692 INFO MonitorConfigReader - Reading monitor config file:C:\AppDynamics\machineagent-bundle-64bit-windows-22.9.0.3458\monitors\analytics-agent\monitor.xml LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,708 INFO MonitorConfigReader - os name [windows 10] version [10.0] LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,708 INFO NodeMonitorManager - Initializing managed monitor [analytics-agent] LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,708 INFO ManagedMonitorDelegate - Not initializing managed monitor [AppDynamics Analytics Agent] - Disabled in configuration file. LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,708 INFO MonitorConfigReader - Reading monitor config file:C:\AppDynamics\machineagent-bundle-64bit-windows-22.9.0.3458\monitors\FileWatcher\monitor.xml LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,708 INFO MonitorConfigReader - os name [windows 10] version [10.0] LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,708 INFO NodeMonitorManager - Initializing managed monitor [FileWatcher] LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,708 INFO ManagedMonitorDelegate - Initializing managed monitor [FileWatcher] LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,708 INFO ManagedMonitorDelegate - Executing managed monitor [FileWatcher], task name [File Watcher Extension Run Task] LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,708 INFO ManagedMonitorDelegate - Task [File Watcher Extension Run Task] for monitor [FileWatcher] is continuous LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,746 INFO ABaseMonitor - Using File Watcher Version [v3.1.1 Build Date 2020-05-06 17:49:45] LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,746 INFO ContinuousTaskMonitor - Continuous Task [FileWatcher] Started LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,746 INFO NodeMonitorManager - Not running legacy system-agent monitor because SIM is enabled. LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,746 INFO NodeMonitorManager - Not running legacy system-agent monitor because SIM is enabled. LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,746 INFO NodeMonitorManager - Directory [C:\AppDynamics\machineagent-bundle-64bit-windows-22.9.0.3458\monitors\unmanaged] not found, continuing. LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,746 INFO AgentMonitorManager - Initialized System Monitor Manager with directory [C:\AppDynamics\machineagent-bundle-64bit-windows-22.9.0.3458\monitors] LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,746 INFO SystemAgent - Set up agent monitor manager LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,746 INFO SystemAgent - Orchestration is disabled - disabling one-way agent transport. The agent will not be able to execute workflow tasks. LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,746 INFO SystemAgentConfigManager - Scheduling configuration refresh at an interval of 60 seconds LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,746 INFO SystemAgentConfigManager - Configuration refresh task interval is 60 seconds LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,746 INFO SystemAgent - Configuration manager successfully configured LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,761 INFO RunbookHandler - Runbook Operation Execution is : [enabled]. LAPTOP-41O4030E==> [system-thread-0] 06 Oct 2022 10:35:57,761 INFO SystemAgent - Started AppDynamics Machine Agent Successfully. LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:57,761 INFO ABaseMonitor - Started executing File Watcher at 2022-10-06 10:35:57 CAT LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:57,761 INFO ABaseMonitor - Using File Watcher Version [v3.1.1 Build Date 2020-05-06 17:49:45] LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:57,761 INFO PathResolver-File Watcher - Install dir resolved to C:\AppDynamics\machineagent-bundle-64bit-windows-22.9.0.3458 LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:57,846 INFO MonitorContextConfiguration-File Watcher - Loading the contextConfiguration from C:\AppDynamics\machineagent-bundle-64bit-windows-22.9.0.3458\monitors\FileWatcher\config.yml LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,178 INFO ConfigProcessor-File Watcher - Extension config properties file for replacing placeholders not provided LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,193 INFO MonitorContextConfiguration-File Watcher - The metric prefix is initialized as Custom Metrics|File Watcher LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,193 INFO MonitorContext-File Watcher - Charset is windows-1252, file encoding is Cp1252 LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,209 INFO ControllerInfoFactory-File Watcher - The install directory is resolved to C:\AppDynamics\machineagent-bundle-64bit-windows-22.9.0.3458 LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,225 WARN ControllerInfoFactory-File Watcher - Cannot unmarshall the config file from C:\AppDynamics\machineagent-bundle-64bit-windows-22.9.0.3458\conf\controller-info.xml javax.xml.bind.JAXBException: Error while searching for service [javax.xml.bind.JAXBContextFactory] at javax.xml.bind.ContextFinder$1.createException(ContextFinder.java:72) ~[jakarta.xml.bind-api-2.3.3.jar:2.3.3] at javax.xml.bind.ContextFinder$1.createException(ContextFinder.java:69) ~[jakarta.xml.bind-api-2.3.3.jar:2.3.3] at javax.xml.bind.ServiceLoaderUtil.firstByServiceLoader(ServiceLoaderUtil.java:46) ~[jakarta.xml.bind-api-2.3.3.jar:2.3.3] at javax.xml.bind.ContextFinder.find(ContextFinder.java:354) ~[jakarta.xml.bind-api-2.3.3.jar:2.3.3] at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:691) ~[jakarta.xml.bind-api-2.3.3.jar:2.3.3] at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:632) ~[jakarta.xml.bind-api-2.3.3.jar:2.3.3] at com.appdynamics.extensions.controller.ControllerInfoFactory.fromXml(ControllerInfoFactory.java:114) [?:?] at com.appdynamics.extensions.controller.ControllerInfoFactory.getControllerInfoFromXml(ControllerInfoFactory.java:102) [?:?] at com.appdynamics.extensions.controller.ControllerInfoFactory.initialize(ControllerInfoFactory.java:59) [?:?] at com.appdynamics.extensions.conf.modules.ControllerModule.initController(ControllerModule.java:54) [?:?] at com.appdynamics.extensions.conf.MonitorContext.initialize(MonitorContext.java:85) [?:?] at com.appdynamics.extensions.conf.MonitorContextConfiguration.setConfigYml(MonitorContextConfiguration.java:80) [?:?] at com.appdynamics.extensions.ABaseMonitor$1.onFileChange(ABaseMonitor.java:132) [?:?] at com.appdynamics.extensions.conf.modules.FileWatchListenerModule.createListener(FileWatchListenerModule.java:52) [?:?] at com.appdynamics.extensions.conf.MonitorContextConfiguration.registerListener(MonitorContextConfiguration.java:146) [?:?] at com.appdynamics.extensions.ABaseMonitor.initialize(ABaseMonitor.java:122) [?:?] at com.appdynamics.extensions.ABaseMonitor.execute(ABaseMonitor.java:186) [?:?] at com.singularity.ee.agent.systemagent.components.monitormanager.managed.MonitorTaskRunner.runTask(MonitorTaskRunner.java:149) [machineagent.jar:Machine Agent v22.9.0-3458 GA compatible with 4.4.1.0 Build Date 2022-09-28 07:21:43] at com.singularity.ee.agent.systemagent.components.monitormanager.managed.ContinuousTaskRunner.run(ContinuousTaskRunner.java:50) [machineagent.jar:Machine Agent v22.9.0-3458 GA compatible with 4.4.1.0 Build Date 2022-09-28 07:21:43] at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:?] at java.util.concurrent.FutureTask.run(Unknown Source) [?:?] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) [?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?] at java.lang.Thread.run(Unknown Source) [?:?] Caused by: java.util.ServiceConfigurationError: javax.xml.bind.JAXBContextFactory: Provider com.sun.xml.bind.v2.JAXBContextFactory not found at java.util.ServiceLoader.fail(Unknown Source) ~[?:?] at java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(Unknown Source) ~[?:?] at java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(Unknown Source) ~[?:?] at java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(Unknown Source) ~[?:?] at java.util.ServiceLoader$2.hasNext(Unknown Source) ~[?:?] at java.util.ServiceLoader$3.hasNext(Unknown Source) ~[?:?] at javax.xml.bind.ServiceLoaderUtil.firstByServiceLoader(ServiceLoaderUtil.java:39) ~[jakarta.xml.bind-api-2.3.3.jar:2.3.3] ... 22 more LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,240 WARN CryptoUtils-File Watcher - The password has not been set properly. Using empty password. LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,240 INFO ControllerModule-File Watcher - Initialized ControllerInfo LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,247 ERROR ControllerInfoFactory-File Watcher - The following properties [username, password, account, controllerHost, controllerPort, controllerSslEnabled, simEnabled, applicationName, tierName, nodeName] failed to resolve. Please add them to the 'controllerInfo' section in config.yml LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,247 WARN ControllerModule-File Watcher - ControllerInfo instance is not validated and resolved.....the ControllerClient and ControllerAPIService are null LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,247 INFO HttpClientModule-File Watcher - The httpClient is not initialized since the [servers] are not present in config.yml LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,247 INFO MonitorExecutorServiceModule-File Watcher - Initializing the ThreadPool with size 20 LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,363 INFO MetricCharSequenceReplaceModule-File Watcher - MetricCharSequenceReplacer initialized successfully LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,363 INFO EventsServiceModule-File Watcher - Events Service parameters not set for monitor: File Watcher. Skipping LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,363 INFO HealthCheckModule-File Watcher - Running extension health checks LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,363 INFO PathResolver-File Watcher - Install dir resolved to C:\AppDynamics\machineagent-bundle-64bit-windows-22.9.0.3458 LAPTOP-41O4030E==> [pool-10-thread-1] 06 Oct 2022 10:35:58,410 INFO MonitorHealthCheck-File Watcher - Running monitor health checks LAPTOP-41O4030E==> [pool-10-thread-1] 06 Oct 2022 10:35:58,410 INFO AppTierNodeCheck-File Watcher - Starting AppTierNodeCheck LAPTOP-41O4030E==> [pool-10-thread-1] 06 Oct 2022 10:35:58,410 ERROR MonitorHealthCheck-File Watcher - Exception when running com.appdynamics.extensions.checks.AppTierNodeCheck@25abf5aa java.lang.NullPointerException: null at com.appdynamics.extensions.checks.AppTierNodeCheck.check(AppTierNodeCheck.java:54) ~[?:?] at com.appdynamics.extensions.checks.MonitorHealthCheck.validate(MonitorHealthCheck.java:62) [?:?] at com.appdynamics.extensions.checks.MonitorHealthCheck.run(MonitorHealthCheck.java:90) [?:?] at com.appdynamics.extensions.executorservice.MonitorThreadPoolExecutor$TaskRunnable.run(MonitorThreadPoolExecutor.java:113) [?:?] at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:?] at java.util.concurrent.FutureTask.run(Unknown Source) [?:?] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) [?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?] at java.lang.Thread.run(Unknown Source) [?:?] LAPTOP-41O4030E==> [pool-10-thread-1] 06 Oct 2022 10:35:58,410 INFO ExtensionPathConfigCheck-File Watcher - Starting ExtensionPathConfigCheck LAPTOP-41O4030E==> [pool-10-thread-3] 06 Oct 2022 10:35:58,410 INFO MachineAgentAvailabilityCheck-File Watcher - Starting MachineAgentAvailabilityCheck LAPTOP-41O4030E==> [pool-10-thread-2] 06 Oct 2022 10:35:58,410 INFO MetricLimitCheck-File Watcher - Starting MetricLimitCheck LAPTOP-41O4030E==> [pool-10-thread-2] 06 Oct 2022 10:35:58,410 INFO PathResolver-File Watcher - Install dir resolved to C:\AppDynamics\machineagent-bundle-64bit-windows-22.9.0.3458 LAPTOP-41O4030E==> [pool-10-thread-1] 06 Oct 2022 10:35:58,410 ERROR MonitorHealthCheck-File Watcher - Exception when running com.appdynamics.extensions.checks.ExtensionPathConfigCheck@a7efa1b com.appdynamics.extensions.util.AssertUtils$ValidationException: The ControllerAPIService is null at com.appdynamics.extensions.util.AssertUtils.assertNotNull(AssertUtils.java:31) ~[?:?] at com.appdynamics.extensions.checks.ExtensionPathConfigCheck.check(ExtensionPathConfigCheck.java:57) ~[?:?] at com.appdynamics.extensions.checks.MonitorHealthCheck.validate(MonitorHealthCheck.java:62) [?:?] at com.appdynamics.extensions.checks.MonitorHealthCheck.run(MonitorHealthCheck.java:90) [?:?] at com.appdynamics.extensions.executorservice.MonitorThreadPoolExecutor$TaskRunnable.run(MonitorThreadPoolExecutor.java:113) [?:?] at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:?] at java.util.concurrent.FutureTask.run(Unknown Source) [?:?] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) [?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?] at java.lang.Thread.run(Unknown Source) [?:?] LAPTOP-41O4030E==> [pool-10-thread-3] 06 Oct 2022 10:35:58,410 ERROR MonitorHealthCheck-File Watcher - Exception when running com.appdynamics.extensions.checks.MachineAgentAvailabilityCheck@7df807ed com.appdynamics.extensions.util.AssertUtils$ValidationException: The ControllerAPIService is null at com.appdynamics.extensions.util.AssertUtils.assertNotNull(AssertUtils.java:31) ~[?:?] at com.appdynamics.extensions.checks.MachineAgentAvailabilityCheck.check(MachineAgentAvailabilityCheck.java:65) ~[?:?] at com.appdynamics.extensions.checks.MonitorHealthCheck$1.run(MonitorHealthCheck.java:75) [?:?] at com.appdynamics.extensions.executorservice.MonitorThreadPoolExecutor$TaskRunnable.run(MonitorThreadPoolExecutor.java:113) [?:?] at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:?] at java.util.concurrent.FutureTask.runAndReset(Unknown Source) [?:?] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) [?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?] at java.lang.Thread.run(Unknown Source) [?:?] LAPTOP-41O4030E==> [Worker-1] 06 Oct 2022 10:35:58,579 INFO DerivedMetricsModule-File Watcher - The DerivedMetricsCalculator is not initialized. Config: #For shared directories on windows the path should be like # path: "\\\\1.2.3.4\\abc\\def\\ProductI #Use this metric prefix when SIM is enabled. metricPrefix: "Custom Metrics|File Watcher|" # To find the <COMPONENT_ID> in your environment, please follow the screenshot https://docs.appdynamics.com/display/LATEST/Build+a+Monitoring+Extension+Using+Java #metricPrefix: "Server|Component:<Component_ID OR Component_Name>|Custom Metrics|File Watcher|" pathsToProcess: #Matching only the configured directory - displayName: "TestPath2 MA_OLD - Specific Directory" path: "C:\\\\AppDynamics\\\\OLD_machineagent-bundle-64bit-windows-21.2.0.3052\\\\logs" ignoreHiddenFiles: true excludeSubdirectoriesFromFileCount: false recursiveFileCounts: false recursiveFileSizes: true #Matching a specific file - displayName: "TestPath3 Logs- Specific File" path: "C:\\\\AppDynamics\\\\machineagent-bundle-64bit-windows-22.9.0.3458\\\\logs\\\\machine-agent.log" ignoreHiddenFiles: true excludeSubdirectoriesFromFileCount: false recursiveFileCounts: false recursiveFileSizes: true metrics: fileSize: alias: "File Size (Bytes)" multiplier: 1 delta: false aggregationType: "Average" timeRollupType: "Average" clusterRollupType: "Individual" oldestFileAge: alias: "Oldest File Age" multiplier: delta: aggregationType: timeRollupType: clusterRollupType: fileCount: alias: "File Count" multiplier: delta: aggregationType: timeRollupType: clusterRollupType: numberOfLines: alias: "Number of Lines" multiplier: delta: aggregationType: timeRollupType: clusterRollupType: lastModifiedTime: alias: "Last Modified Time" multiplier: delta: aggregationType: timeRollupType: clusterRollupType: available: alias: "Available" multiplier: delta: timeRollupType: clusterRollupType: convert: "true": 1 "false": 0 # A metric to view the count of files in a directory and all its subdirectories. #Set recursiveFileCounts to true for any configured paths to see this metric. Will only work for directories. recursiveFileCount: alias: "Recursive File Count" multiplier: delta: timeRollupType: clusterRollupType: modified: alias: "Modified" multiplier: delta: timeRollupType: clusterRollupType: convert: "true": 1 "false": 0 recursiveFileSize: #Calculates the size of a directory on disk alias: "Size on Disk (Bytes)" multiplier: delta: timeRollupType: clusterRollupType: numberOfThreads: 20 #One thread per base directory + 1 # The sections [customDashboard] and [controllerInfo] need to be enabled for uploading dashboard to the controller UI customDashboard: enabled: false dashboardName: "File Watcher Dashboard" # Update the path to the dashboard file. pathToSIMDashboard: "monitors/FileWatcher/SIMDashboard.json" pathToNormalDashboard: "monitors/FileWatcher/APMDashboard.json" periodicDashboardCheckInSeconds: 300 # If any of the following fields are not set, the values of the specific fields are set from the system properties of the corresponding fields as specified in the comments. # If the system properties are not set for the field, then the data is retrieved from machine agent configFile. Please refer to ControllerInfoFactory for more details. enableHealthChecks: true # If not set, will be retrieved from "-Dappdynamics.agent.monitors.healthchecks.enable=true". Defaults to true.
We have 300 applications. Is there any way we can fetch the reports with following kind of aggregations. Want to run these aggregations at the server side as we are looking at the data for longer dur... See more...
We have 300 applications. Is there any way we can fetch the reports with following kind of aggregations. Want to run these aggregations at the server side as we are looking at the data for longer durations, it may need to process giga bites of data. Is there any way we can configure the config file with these kinds of calculations? max, min and average response times of all the applications for the last six months. Count of different kind of events grouped by even type for the last six months. All the dependent entities at different tiers with entity types. Count of calls to and from the applications, grouped by protocol, type, etc.
Hi, Customer is looking for attack surface management using Splunk. Is there any way around to achieve this if yes how this could be achieved in terms of any app/add-on or 3rd party solution? Your ... See more...
Hi, Customer is looking for attack surface management using Splunk. Is there any way around to achieve this if yes how this could be achieved in terms of any app/add-on or 3rd party solution? Your answer would really be appreciated. Thanks in advance
  How to create an alert that should monitor logs of particular message.
Hi I am looking for query where say for example user=xyz which is present in multiple watchlists [watchlist_A.csv, watchlist_B.csv, watchlist_C.csv, watchlist_D.csv] and not present in watchlist_E... See more...
Hi I am looking for query where say for example user=xyz which is present in multiple watchlists [watchlist_A.csv, watchlist_B.csv, watchlist_C.csv, watchlist_D.csv] and not present in watchlist_E.csv, watchlist_F.csv watchlist have columns [ number, user, date ]      1, xyz, 01022000       2, abc, 02022000   I am looking for query to use multiple watchlist and find value of my search say user=abc when queried should show a table as below  user, watchlistNames If result is present in multiple table it should give me the watclistnames where my search is user=abc and is present in watchlist_A.csv, watchlist_B.csv, watchlist_C.csv, watchlist_D.csv so my query result should be user, Watchlistnames abc,watchlist_A.csv, watchlist_B.csv, watchlist_C.csv, watchlist_D.csv