All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

Hi, I am getting the error below when starting my app, and I can´t know what config causes this error. Thanks for helping. cd /opt/app-dynamics/appdynamics/ver22.8.0.34104/logs/payments-v2-gwproxy ... See more...
Hi, I am getting the error below when starting my app, and I can´t know what config causes this error. Thanks for helping. cd /opt/app-dynamics/appdynamics/ver22.8.0.34104/logs/payments-v2-gwproxy head -n 150 agent.2022_09_10__02_14_48.log [AD Agent init] 10 Sep 2022 02:14:48,954 INFO JavaAgent - Logging set up for log4j2 [AD Agent init] 10 Sep 2022 02:14:48,955 INFO JavaAgent - #################################################################################### [AD Agent init] 10 Sep 2022 02:14:48,955 INFO JavaAgent - Java Agent Directory [/opt/app-dynamics/appdynamics/ver22.8.0.34104] [AD Agent init] 10 Sep 2022 02:14:48,955 INFO JavaAgent - Java Agent AppAgent directory [/opt/app-dynamics/appdynamics/ver22.8.0.34104] [AD Agent init] 10 Sep 2022 02:14:48,955 INFO JavaAgent - Using Java Agent Version [Server Agent #22.8.0.34104 v22.8.0 GA compatible with 4.4.1.0 r76b2bb8f45a498afcc5ecaf5a1a9480ed0d4998b release/22.8.0] [AD Agent init] 10 Sep 2022 02:14:48,955 INFO JavaAgent - All agent classes have been pre-loaded [AD Agent init] 10 Sep 2022 02:14:48,965 INFO AgentKernel - Starting Java Agent at Sat Sep 10 02:14:48 BRT 2022 ... [AD Agent init] 10 Sep 2022 02:14:48,968 INFO AgentKernel - Time zone: Brasilia Standard Time [AD Agent init] 10 Sep 2022 02:14:49,069 INFO XMLConfigManager - Orchestration is disabled - disabling virtualization resolvers by default. [AD Agent init] 10 Sep 2022 02:14:49,072 INFO ContainerIdExtractor - Detected unique host name: 1942113ced913b7b16c58fd891ed8c36f1bf5de6487c340d803dadc7c2a26618 [AD Agent init] 10 Sep 2022 02:14:49,154 INFO XMLConfigManager - Default Controller Info Resolver found env variable [APPDYNAMICS_CONTROLLER_HOST_NAME] for controller host name [appdynamics-prd.getnet.com.br] [AD Agent init] 10 Sep 2022 02:14:49,154 INFO XMLConfigManager - Default Controller Info Resolver found env variable [APPDYNAMICS_CONTROLLER_PORT] for controller port [8090] [AD Agent init] 10 Sep 2022 02:14:49,156 INFO XMLConfigManager - Detected Kubernetes environment, attempting to fetch unique host name [AD Agent init] 10 Sep 2022 02:14:49,156 INFO XMLConfigManager - Kubernetes Agent Resolver found env variable [APPDYNAMICS_AGENT_UNIQUE_HOST_ID] for unique host identifier [1942113ced91] [AD Agent init] 10 Sep 2022 02:14:49,158 INFO XMLConfigManager - Default IP Address Resolver found IP addresses [[fe80:0:0:0:18eb:e8ff:fef3:4861%eth0, 10.131.16.49]] [AD Agent init] 10 Sep 2022 02:14:49,158 INFO XMLConfigManager - Default Agent Account Info Resolver found env variable [APPDYNAMICS_AGENT_ACCOUNT_NAME] for account name [customer1] [AD Agent init] 10 Sep 2022 02:14:49,158 INFO XMLConfigManager - Default Agent Account Info Resolver found env variable [APPDYNAMICS_AGENT_ACCOUNT_ACCESS_KEY] for account access key [****] [AD Agent init] 10 Sep 2022 02:14:49,158 INFO XMLConfigManager - Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_APPLICATION_NAME] for application name [PD-Microsservicos] [AD Agent init] 10 Sep 2022 02:14:49,158 INFO XMLConfigManager - Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_TIER_NAME] for tier name [payments-v2-gwproxy] [AD Agent init] 10 Sep 2022 02:14:49,158 INFO XMLConfigManager - Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_NODE_NAME] for node name [payments-v2-gwproxy] [AD Agent init] 10 Sep 2022 02:14:49,161 INFO XMLConfigManager - Full Agent Registration Info Resolver using selfService [false] [AD Agent init] 10 Sep 2022 02:14:49,163 INFO XMLConfigManager - Full Agent Registration Info Resolver using selfService [false] [AD Agent init] 10 Sep 2022 02:14:49,163 INFO XMLConfigManager - Full Agent Registration Info Resolver using ephemeral node setting [false] [AD Agent init] 10 Sep 2022 02:14:49,163 INFO XMLConfigManager - Full Agent Registration Info Resolver using application name [PD-Microsservicos] [AD Agent init] 10 Sep 2022 02:14:49,163 INFO XMLConfigManager - Read property [reuse node name] from environment variable [APPDYNAMICS_JAVA_AGENT_REUSE_NODE_NAME] [AD Agent init] 10 Sep 2022 02:14:49,163 INFO XMLConfigManager - Full Agent Registration Info Resolver using tier name [payments-v2-gwproxy] [AD Agent init] 10 Sep 2022 02:14:49,163 INFO XMLConfigManager - Full Agent Registration Info Resolver using node name [payments-v2-gwproxy] [AD Agent init] 10 Sep 2022 02:14:49,166 WARN XMLConfigManager - XML Controller Info Resolver found invalid controller host information [] in controller-info.xml; Please specify a valid value if it is not already set in system properties. [AD Agent init] 10 Sep 2022 02:14:49,166 WARN XMLConfigManager - XML Controller Info Resolver found invalid controller port information [] in controller-info.xml; Please specify a valid value if it is not already set in system properties. [AD Agent init] 10 Sep 2022 02:14:49,169 WARN XMLConfigManager - XML Controller Info Resolver found invalid controller host information [] in controller-info.xml; Please specify a valid value if it is not already set in system properties. [AD Agent init] 10 Sep 2022 02:14:49,169 WARN XMLConfigManager - XML Controller Info Resolver found invalid controller port information [] in controller-info.xml; Please specify a valid value if it is not already set in system properties. [AD Agent init] 10 Sep 2022 02:14:49,172 INFO XMLConfigManager - XML Agent Account Info Resolver did not find account name. Using default account name [customer1] [AD Agent init] 10 Sep 2022 02:14:49,172 WARN XMLConfigManager - XML Agent Account Info Resolver did not find account access key. [AD Agent init] 10 Sep 2022 02:14:49,173 INFO XMLConfigManager - Configuration Channel is using ControllerInfo:: host:[appdynamics-prd.getnet.com.br] port:[8090] sslEnabled:[unknown] keystoreFile:[DEFAULT:cacerts.jks] use-encrypted-credentials:[false] secureCredentialStoreFileName:[] secureCredentialStorePassword:[] use-ssl-client-auth:[false] asymmetricKeysStoreFilename:[] asymmetricKeysStorePassword:[] asymmetricKeyPassword:[] asymmetricKeyAlias:[] validation:[UNSPECIFIED] [AD Agent init] 10 Sep 2022 02:14:49,470 INFO XMLConfigManager - Read property [reuse node name] from environment variable [APPDYNAMICS_JAVA_AGENT_REUSE_NODE_NAME] [AD Agent init] 10 Sep 2022 02:14:50,065 INFO XMLConfigManager - Agent AWS instance-id retrieval enabled: true [AD Agent init] 10 Sep 2022 02:14:50,065 INFO XMLConfigManager - Agent Azure instance-id retrieval enable:true [AD Agent init] 10 Sep 2022 02:14:50,065 INFO XMLConfigManager - Agent GCP instance-id retrieval enable:true [AD Agent init] 10 Sep 2022 02:14:50,162 INFO AgentConfigWatchdog - Agent overwrite set to false [AD Agent init] 10 Sep 2022 02:14:50,166 INFO SensitiveDataScrubber - Parsed 8 filters from <sensitive-data-filters> section [AD Agent init] 10 Sep 2022 02:14:50,167 INFO SensitiveDataScrubber - Parsed 0 filters from <sensitive-url-filters> section [AD Agent init] 10 Sep 2022 02:14:50,168 INFO SensitiveDataScrubber - Parsed 0 filters from <sensitive-message-filters> section [AD Agent init] 10 Sep 2022 02:14:50,169 INFO AgentConfigWatchdog - Service properties for TransactionMonitoringService = [{async-instrumentation-strategy=AgentConfigPropertyValue{value='executor', origin=APP_AGENT_CONFIG, mutable=true}, config-file-path=AgentConfigPropertyValue{value='transactions.xml', origin=APP_AGENT_CONFIG, mutable=true}}] [AD Agent init] 10 Sep 2022 02:14:50,169 INFO AgentConfigWatchdog - Service properties for JMXService = [{jmx-gc-majorCollectionBean=AgentConfigPropertyValue{value='', origin=APP_AGENT_CONFIG, mutable=true}, jmx-gc-minorCollectionBean=AgentConfigPropertyValue{value='', origin=APP_AGENT_CONFIG, mutable=true}, jmx-server-metrics-update-interval-in-seconds=AgentConfigPropertyValue{value='60', origin=APP_AGENT_CONFIG, mutable=true}}] [AD Agent init] 10 Sep 2022 02:14:50,169 INFO AgentConfigWatchdog - Service properties for ObjectMonitoringService = [{enable-collection-monitoring=AgentConfigPropertyValue{value='false', origin=APP_AGENT_CONFIG, mutable=true}, minimum-age-for-evaluation-in-minutes=AgentConfigPropertyValue{value='30', origin=APP_AGENT_CONFIG, mutable=true}, enable-object-size-monitoring=AgentConfigPropertyValue{value='false', origin=APP_AGENT_CONFIG, mutable=true}, minimum-size-for-evaluation-in-mb=AgentConfigPropertyValue{value='5', origin=APP_AGENT_CONFIG, mutable=true}, disable-collection-capture=AgentConfigPropertyValue{value='false', origin=APP_AGENT_CONFIG, mutable=true}, enable-instance-monitoring=AgentConfigPropertyValue{value='false', origin=APP_AGENT_CONFIG, mutable=true}, collection-capture-period-in-minutes=AgentConfigPropertyValue{value='30', origin=APP_AGENT_CONFIG, mutable=true}}] [AD Agent init] 10 Sep 2022 02:14:50,169 INFO AgentConfigWatchdog - Service properties for AgentDiagnosticsService = [{enable-thread-dump=AgentConfigPropertyValue{value='false', origin=APP_AGENT_CONFIG, mutable=true}, dump-all-threads=AgentConfigPropertyValue{value='true', origin=APP_AGENT_CONFIG, mutable=true}, thread-dump-logger=AgentConfigPropertyValue{value='log4j', origin=APP_AGENT_CONFIG, mutable=true}, enable-shutdown-hook=AgentConfigPropertyValue{value='false', origin=APP_AGENT_CONFIG, mutable=true}, thread-dump-interval=AgentConfigPropertyValue{value='300', origin=APP_AGENT_CONFIG, mutable=true}}] [AD Agent init] 10 Sep 2022 02:14:50,169 INFO AgentConfigWatchdog - Service properties for InstrumentationSdkPluginManager = [{sdk-plugin-directory=AgentConfigPropertyValue{value='sdk-plugins', origin=APP_AGENT_CONFIG, mutable=true}}] [AD Agent init] 10 Sep 2022 02:14:50,169 INFO AgentConfigWatchdog - Service properties for DynamicServiceManager = [{enable-jar-signing=AgentConfigPropertyValue{value='false', origin=APP_AGENT_CONFIG, mutable=true}, external-service-directory=AgentConfigPropertyValue{value='external-services', origin=APP_AGENT_CONFIG, mutable=true}, signed-jar-certificate-filename=AgentConfigPropertyValue{value='', origin=APP_AGENT_CONFIG, mutable=true}}] [AD Agent init] 10 Sep 2022 02:14:50,169 INFO AgentConfigWatchdog - Service properties for BCIEngine = [{exclude.classes.from.class.loader.2=AgentConfigPropertyValue{value='com.cisco.mtagent.boot.Controller$TenantClassLoader', origin=APP_AGENT_CONFIG, mutable=true}, exclude.classes.from.class.loader.1=AgentConfigPropertyValue{value='com.cisco.mtagent.entry.MTAgent$MultiTenantAgentClassLoader', origin=APP_AGENT_CONFIG, mutable=true}}] [AD Agent init] 10 Sep 2022 02:14:50,174 INFO XMLConfigManager - Node will be marked as historical at shutdown [AD Agent init] 10 Sep 2022 02:14:50,253 INFO AgentKernel - JVM Runtime: java.home=/usr/lib/jvm/java-11-openjdk-11.0.14.1.1-2.el8_5.x86_64 java.vm.vendor=Red Hat, Inc. java.vm.name=OpenJDK 64-Bit Server VM java.version=11.0.14.1 java.specification.version=11 java.runtime.version=11.0.14.1+1-LTS java.io.tmpdir=/tmp user.language=en user.country= user.variant= Default locale=en [AD Agent init] 10 Sep 2022 02:14:50,253 INFO AgentKernel - OS Runtime: os.name=Linux os.arch=amd64 os.version=4.18.0-305.57.1.el8_4.x86_64 user.name=? user.home=? user.dir=/home/jboss [AD Agent init] 10 Sep 2022 02:14:50,255 INFO AgentKernel - JVM Args : -Xms200M | -Xmx1G | -javaagent:/opt/app-dynamics/appdynamics/javaagent.jar | -Dappdynamics.jvm.shutdown.mark.node.as.historical=true | -Dappagent.start.timeout=3 | [AD Agent init] 10 Sep 2022 02:14:50,255 INFO AgentKernel - JVM Runtime Name: 14@payments-v2-gwproxy-8-2jvbw [AD Agent init] 10 Sep 2022 02:14:50,255 INFO AgentKernel - JVM PID: 14 [AD Agent init] 10 Sep 2022 02:14:50,256 INFO AgentKernel - No debugger attached [AD Agent init] 10 Sep 2022 02:14:50,975 INFO AnnotationPropertyListenerManager - Registered NodeProperty [max-metrics-allowed] to method [public void com.singularity.ee.agent.appagent.kernel.controller.metrics.MetricGenerationServiceFactory.setMaxMetricsAllowed(int)] in class class com.singularity.ee.agent.appagent.kernel.controller.metrics.MetricGenerationServiceFactory 1 [AD Agent init] 10 Sep 2022 02:14:50,976 INFO AnnotationPropertyListenerManager - Registered NodeProperty [max-metric-queue-length] to method [public void com.singularity.ee.agent.appagent.kernel.controller.metrics.MetricGenerationServiceFactory.setMetricPublishQueueLength(int)] in class class com.singularity.ee.agent.appagent.kernel.controller.metrics.MetricGenerationServiceFactory 1 [AD Agent init] 10 Sep 2022 02:14:50,976 INFO MetricHandler - Initialized with maximum number of metrics allowed of 5000 [AD Agent init] 10 Sep 2022 02:14:51,056 INFO MetricHandler - Initialized with maxPublishQueueLength [2], aggregationFrequencyInMillis [60000] [AD Agent init] 10 Sep 2022 02:14:51,058 INFO MetricHandler - Metric Service is : [enabled]. [AD Agent init] 10 Sep 2022 02:14:51,062 INFO AnnotationPropertyListenerManager - Registered NodeProperty [enable-kafka-consumer] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.kafka.KafkaConfiguration.setConsumerEnabled(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.kafka.KafkaConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,202 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-jvm-metrics-update-interval-in-seconds] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setJmxServerMetricsUpdateIntervalInSeconds(int)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,203 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-appserver-mbean-finder-delay-in-seconds] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setJmxServerMBeanFinderDelayInSeconds(int)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,203 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-memory-metric-retry-count] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setJmxMemoryMetricRetryCount(int)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,203 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-metric-threshold-percentage] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setThresholdPercentatge(int)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,203 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-metric-threshold-percentatge] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setThresholdPercentatgeForMisspelledKey(int)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,203 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-data-collection] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setJmxDataEnabled(boolean)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,203 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-appserver] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setJmxAppserverEnabled(boolean)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,203 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-jvm-metrics-update-interval-in-seconds] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setJmxJVMMetricsUpdateIntervalInSeconds(int)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 2 [AD Agent init] 10 Sep 2022 02:14:51,203 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-appserver-mbean-finder-retries] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setJmxServerMBeanFinderRetries(int)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,203 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-exclude-objectnames-with-wildcards] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setExcludeObjectNamesWithWildcards(boolean)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,204 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-agent-resource-tracker] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setAgentResourceEnabled(boolean)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,204 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-max-metrics-to-report] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setMaxJMXMetricToReport(int)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,204 INFO AnnotationPropertyListenerManager - Registered NodeProperty [enable-jmx-metric-timer] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.setEnableTimer(boolean)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,204 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-query-fallback-to-attribute-for-operation] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig.isFallbackToAttributeForOperation(boolean)] in class class com.singularity.ee.agent.appagent.services.jmxservice.JMXServiceConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,208 INFO WebSphereMBeanServerChecker - javax.management.builder.initial = [ null] [AD Agent init] 10 Sep 2022 02:14:51,208 INFO WebSphereMBeanServerChecker - WebSphere is using a special MBean server [false] [AD Agent init] 10 Sep 2022 02:14:51,373 INFO AnnotationPropertyListenerManager - Registered NodeProperty [enable-vertx-http] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.vertx.http.VertxHttpConfiguration.changeProperty(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.vertx.http.VertxHttpConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,374 INFO AnnotationPropertyListenerManager - Registered NodeProperty [enable-vertx-message-entry] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.vertx.message.VertxMessageEntryConfiguration.changeProperty(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.vertx.message.VertxMessageEntryConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,375 INFO AnnotationPropertyListenerManager - Registered NodeProperty [max-transformation-per-interceptor] to method [public void com.singularity.ee.agent.appagent.services.bciengine.spi.TransformationLimiterConfig.setMaxTransformationPerInterceptor(int)] in class class com.singularity.ee.agent.appagent.services.bciengine.spi.TransformationLimiterConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,375 INFO AnnotationPropertyListenerManager - Registered NodeProperty [should-inline-interceptors] to method [public void com.singularity.ee.agent.appagent.services.bciengine.inline.template.InlineRetransformationHelper.setShouldInline(boolean)] in class class com.singularity.ee.agent.appagent.services.bciengine.inline.template.InlineRetransformationHelper 1 [AD Agent init] 10 Sep 2022 02:14:51,452 INFO AnnotationPropertyListenerManager - Registered NodeProperty [enable-mule-message-interceptor] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.esb.mule.correlation.MuleMessageGUIDConfiguration.setMuleMessageGUIDInterceptorEnabled(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.esb.mule.correlation.MuleMessageGUIDConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,453 INFO AnnotationPropertyListenerManager - Registered NodeProperty [spring-mvc-naming-scheme] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.spring.mvc.SpringMVCNamingConfiguration.changeProperty(java.lang.String)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.spring.mvc.SpringMVCNamingConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,455 INFO AnnotationPropertyListenerManager - Registered NodeProperty [enable-akka-metrics] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.scala.akka.AkkaConfiguration.setEnableMetrics(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.scala.akka.AkkaConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,456 INFO AnnotationPropertyListenerManager - Registered NodeProperty [turbo-bypass-hotspot-clock] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.exitpoint.TurboExitPropertyListener.setMaxTransformationPerInterceptor(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.exitpoint.TurboExitPropertyListener 1 [AD Agent init] 10 Sep 2022 02:14:51,459 INFO AnnotationPropertyListenerManager - Registered NodeProperty [disable-ibmbpm-usertask-bt-naming] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.ibmbpm.rest.IbmBpmUserTaskBTNamingConfiguration.changeProperty(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.ibmbpm.rest.IbmBpmUserTaskBTNamingConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,460 INFO AnnotationPropertyListenerManager - Registered NodeProperty [ibmbpm-systemtask-bt-naming] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.ibmbpm.pojo.IbmBpmSystemTaskBTNamingConfiguration.changeProperty(java.lang.String)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.ibmbpm.pojo.IbmBpmSystemTaskBTNamingConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,460 INFO IbmBpmSystemTaskBTNamingConfiguration - IBM-BPM SystemTask BT Naming scheme has been set to default. [AD Agent init] 10 Sep 2022 02:14:51,461 INFO AnnotationPropertyListenerManager - Registered NodeProperty [enable-axon-entry] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.axon.AxonConfiguration.setAxonEntryEnabled(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.axon.AxonConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,461 INFO AnnotationPropertyListenerManager - Registered NodeProperty [enable-axon-exit] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.axon.AxonConfiguration.setAxonExitEnabled(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.axon.AxonConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,462 INFO AnnotationPropertyListenerManager - Registered NodeProperty [disable-ibmbpm-data-collectors] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.ibmbpm.IbmBpmDataCollectorConfiguration.changeProperty(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.ibmbpm.IbmBpmDataCollectorConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,464 INFO AnnotationPropertyListenerManager - Registered NodeProperty [disable-ibmbpm-usertask-bt-in-process-correlation] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.ibmbpm.rest.IbmBpmUserTaskBTInProcessCorrelationConfiguration.changeProperty(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.ibmbpm.rest.IbmBpmUserTaskBTInProcessCorrelationConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,465 INFO AnnotationPropertyListenerManager - Registered NodeProperty [skip-jms-listener-for-bt-naming] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.jms.message.JMSMessageConfiguration.changeProperty(java.lang.String)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.jms.message.JMSMessageConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,466 INFO AnnotationPropertyListenerManager - Registered NodeProperty [osb-ignore-exit-types] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.esb.osb.OSBGenericExitConfiguration.changeProperty(java.lang.String)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.esb.osb.OSBGenericExitConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,470 INFO AnnotationPropertyListenerManager - Registered NodeProperty [enable-webclient] to method [public void com.singularity.ee.agent.appagent.services.transactionmonitor.http.correlation.webflux.webclient.WebClientConfiguration.changeProperty(boolean)] in class class com.singularity.ee.agent.appagent.services.transactionmonitor.http.correlation.webflux.webclient.WebClientConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,475 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-cache-refresh-time] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.appserver.common.JMXAttributeDefinitionCacheConfig.setCacheTimeoutInMinutes(int)] in class class com.singularity.ee.agent.appagent.services.jmxservice.appserver.common.JMXAttributeDefinitionCacheConfig 1 [AD Agent init] 10 Sep 2022 02:14:51,566 INFO MemoryUsageGenerator - Identified minor collection bean :Copy [AD Agent init] 10 Sep 2022 02:14:51,566 INFO MemoryUsageGenerator - Identified major collection bean :MarkSweepCompact [AD Agent init] 10 Sep 2022 02:14:51,577 INFO AnnotationPropertyListenerManager - Registered NodeProperty [deserialization-whitelist-update-enabled] to method [public void com.singularity.ee.agent.util.serialize.DeserializationWhitelistListener.setDeserializationWhitelistUpdateEnabled(boolean)] in class class com.singularity.ee.agent.util.serialize.DeserializationWhitelistListener 1 [AD Agent init] 10 Sep 2022 02:14:51,653 INFO AgentKernel - Open Telemetry tracing is disabled. To enable, please configure at system property. [AD Agent init] 10 Sep 2022 02:14:51,653 INFO LifeCycleManager - Starting service [JMXService] [AD Agent init] 10 Sep 2022 02:14:51,660 INFO AnnotationPropertyListenerManager - Registered NodeProperty [jmx-operation-timeout-in-milliseconds] to method [public void com.singularity.ee.agent.appagent.services.jmxservice.transientoperations.JMXTransientOperationsHandler.setJMXOperationTimeoutProperty(int)] in class class com.singularity.ee.agent.appagent.services.jmxservice.transientoperations.JMXTransientOperationsHandler 1 [AD Agent init] 10 Sep 2022 02:14:51,672 INFO JMXService - ###### Using config from controller for JMX operations ######### [AD Agent init] 10 Sep 2022 02:14:51,676 INFO MemoryUsageGenerator - Identified minor collection bean :Copy [AD Agent init] 10 Sep 2022 02:14:51,676 INFO MemoryUsageGenerator - Identified major collection bean :MarkSweepCompact [AD Agent init] 10 Sep 2022 02:14:51,677 INFO MemoryMetricGenerator - Initialized Minor Collection GC metrics [AD Agent init] 10 Sep 2022 02:14:51,677 INFO MemoryMetricGenerator - Initialized Major Collection GC metrics [AD Agent init] 10 Sep 2022 02:14:51,677 INFO MemoryMetricGenerator - Initialized Overall GC metrics [AD Agent init] 10 Sep 2022 02:14:51,679 INFO MemoryMetricGenerator - Initialized Memory Pool MX Beans, CodeHeap 'non-nmethods', Metaspace, Tenured Gen, CodeHeap 'profiled nmethods', Eden Space, Survivor Space, Compressed Class Space, CodeHeap 'non-profiled nmethods' [AD Agent init] 10 Sep 2022 02:14:51,680 INFO JVMMetricReporter - Number of processors 1 [AD Agent init] 10 Sep 2022 02:14:51,753 INFO JMXService - JVM JMX Metric collection initialized with update interval [60] seconds [AD Agent init] 10 Sep 2022 02:14:51,753 INFO LifeCycleManager - Started service [JMXService] [AD Agent init] 10 Sep 2022 02:14:51,753 INFO LifeCycleManager - Starting service [LogParserService] [AD Agent init] 10 Sep 2022 02:14:51,754 INFO LifeCycleManager - Service instantiated reflectively LogParserService :classcom.singularity.ee.agent.appagent.services.LogEventService [AD Agent init] 10 Sep 2022 02:14:51,756 INFO LifeCycleManager - Started service [LogParserService] [AD Agent init] 10 Sep 2022 02:14:51,756 INFO LifeCycleManager - Starting service [Agent17Service] [AD Agent init] 10 Sep 2022 02:14:51,756 INFO LifeCycleManager - Service instantiated reflectively Agent17Service :classcom.singularity.ee.agent.appagent.services.java17.Java17AgentService [AD Agent init] 10 Sep 2022 02:14:51,757 INFO LifeCycleManager - Started service [Agent17Service] [AD Agent init] 10 Sep 2022 02:14:51,757 INFO LifeCycleManager - Starting service [DynamicServiceManager] [AD Agent init] 10 Sep 2022 02:14:51,761 INFO AnnotationPropertyListenerManager - Registered NodeProperty [enable-datapipeline-dynamic-service] to method [public void com.singularity.ee.agent.appagent.kernel.dynamicservice.services.DataPipelineConfiguration.enableDataPipeline(boolean)] in class class com.singularity.ee.agent.appagent.kernel.dynamicservice.services.DataPipelineConfiguration 1 [AD Agent init] 10 Sep 2022 02:14:51,762 INFO LifeCycleManager - Started service [DynamicServiceManager] [AD Agent init] 10 Sep 2022 02:14:51,762 INFO LifeCycleManager - Starting service [BCIEngine] [AD Agent init] 10 Sep 2022 02:14:51,763 INFO ADeferredClassRetransformer - Preference to retransform classes = false [AD Agent init] 10 Sep 2022 02:14:51,765 WARN LifeCycleManager - Could not start service [BCIEngine] java.lang.ClassCastException: class java.lang.Boolean cannot be cast to class java.lang.String (java.lang.Boolean and java.lang.String are in module java.base of loader 'bootstrap') at com.singularity.ee.agent.appagent.services.bciengine.BCIEngineService.getClassLookaheadFilters(BCIEngineService.java:367) ~[appagent-boot.jar:?] at com.singularity.ee.agent.appagent.services.bciengine.BCIEngineService.setServiceContext(BCIEngineService.java:332) ~[appagent-boot.jar:?] at com.singularity.ee.agent.appagent.kernel.LifeCycleManager.startService(LifeCycleManager.java:347) ~[appagent.jar:?] at com.singularity.ee.agent.appagent.kernel.LifeCycleManager.startServices(LifeCycleManager.java:308) ~[appagent.jar:?] at com.singularity.ee.agent.appagent.kernel.AgentKernel.start(AgentKernel.java:165) ~[appagent.jar:?] at com.singularity.ee.agent.appagent.kernel.JavaAgent.initialize(JavaAgent.java:480) ~[appagent-boot.jar:?] at com.singularity.ee.agent.appagent.kernel.JavaAgent.initialize(JavaAgent.java:355) ~[appagent-boot.jar:?] sh-4.4$
Hello, I have inherited the maintenance for an app and it has a couple of errors that need to be fixed. I have fixed all the others except the one mentioned here. category: app_cert_validation ... See more...
Hello, I have inherited the maintenance for an app and it has a couple of errors that need to be fixed. I have fixed all the others except the one mentioned here. category: app_cert_validation description: Check that Splunk SDK for Python is up-to-date. ext_data: ([+] message_id: 7004 messages: (("result": "failure" "message": "Detected an outdated version of the Splunk SDK for Python (1.6.6). Please upgrade to version 1.6.16 or later. File: bin/.../aob_py2/solnlib/packages/splunklib/binding.py", "message_filename" "bin/.../aob_py2/solnlib/packages/splunklib/binding.py","message_line":null),("result":"failure" "message" "Detected an outdated version of the Splunk SDK for Python (1.6.6). Please upgrade to version 1.6.16 or later. File: bin/.../aob_py2/splunklib/binding.py" "message_filename" "bin/.../aob_py2/splunklib/binding.py', "message_line": null} A couple more files have the same error. It looks like all are Add-on Builder files and i am not sure how to fix this. Also, I cannot import the add-on in Splunk Add-on Builder as i dont have an original extracted version.
use case : How to detect threats from MySQL database and as a threat response how to safeguard Storage volume used for Storage? What are all Splunk components and integration required from Splunk... See more...
use case : How to detect threats from MySQL database and as a threat response how to safeguard Storage volume used for Storage? What are all Splunk components and integration required from Splunk to create this use case, can someone help me? I am very new to Splunk.
Hi all, I'm trying to get a list of phone numbers for each event by sessionId. I can't quite figure it out. I think I need to use some sort of rex command. Here's what I have so far.   index=co... See more...
Hi all, I'm trying to get a list of phone numbers for each event by sessionId. I can't quite figure it out. I think I need to use some sort of rex command. Here's what I have so far.   index=convo (input_type=VOICE OR input_type=SPEECH) botId=123456789 customerANI | rex field=phone "\+1(?<phone_number>\d{10})" | stats values(phone) as PhoneNumber by sessionId   Example event:     2022-09-26T06:18:41,105+0000 [INFO ] level=INFO [https-jssa-exec-10]-[tid=be75a0f9-9039-41ea-8104-afe25cfa7177 authId=123456789 sessionId=10987654321 test=false botId=123456789 cfBotId=123456789 offl_TKT=true proto=V2 platform=WEB input_type=SPEECH appId=web.intlgntsys.cui.sbgiva sku= pn= cid=123456789123456789 convo=service_routing_info_call]-[ServiceClient]-[55 ] ExecutingRequest requestState=executing action=contact_channels input={"appName":"voice_bot","language":"en","locale":"en-us","query":"talk with an agent","inputs":{"customerQuestion":"a wrong charge","DNIS":"+18008008000","Level":"|","Year":"2019","universalId":"123456789","Rating":"|","edition":"Blue|Yellow|Green","experience":"phone","sku":"0","intent":"BILLING","platform":"web","customerANI":"+15555555555"}}    
We are in the process of building out a whole new Splunk environment. As a result we are trying to be thoughtful about every piece of the new environment to make it as efficient as possible. One qu... See more...
We are in the process of building out a whole new Splunk environment. As a result we are trying to be thoughtful about every piece of the new environment to make it as efficient as possible. One question I have about the hot/warm and cold storage is should these be on physically different volumes? I guess one advantage I see about having them on the same volume is that when the buckets  roll to cold the data doesn't have to be moved to a different volume thus saving some speed there. However, I also want to consider read/write contention and having separate volumes means that the cold reads wouldn't interfere with the read/writes on the hot/warm volume. My gut tells me to do separate volumes but I've not seen anything in the docs recommending one or the other. Maybe it's there and I'm  just not finding it . Thanks.
Here is my query. In final line chart when I hover, I am not getting different dates.  Rather only 26th Sept (Today's date). (I want to have today, last week same day, 2 weeks back same day & 3 week ... See more...
Here is my query. In final line chart when I hover, I am not getting different dates.  Rather only 26th Sept (Today's date). (I want to have today, last week same day, 2 weeks back same day & 3 week back same day in the same visualization)   index=xyz sourctype=abc earliest = -60m@m latest = @m |eval ReportKey="Today" |append [search index=index=xyz sourctype=abc earliest = -60m@m-1w latest = @m-1w |eval ReportKey="LastWeek" | eval _time=_time+60*60*24*7] |append [search index=index=xyz sourctype=abc earliest = -60m@m-2w latest = @m-2w |eval ReportKey="TwoWeeksBefore" | eval _time=_time+60*60*24*14] |append [search index=index=xyz sourctype=abc earliest = -60m@m-3w latest = @m-3w |eval ReportKey="ThreeWeeksBefore" | eval _time=_time+60*60*24*21] |timechart span = 1m count(index) as Volume by Reportkey    
Hello, I'm trying to sign up for Splunk Phantom Community to download an OVA file for a college project but the review process is taking much longer than expected. Is there any way I can talk to a su... See more...
Hello, I'm trying to sign up for Splunk Phantom Community to download an OVA file for a college project but the review process is taking much longer than expected. Is there any way I can talk to a support to figure out what is taking so long? Any information would be appreciated, thank you.
As part of deployment rollback, how do we undo integrating SHC with multisite indexer cluster done with following command from this instruction - https://docs.splunk.com/Documentation/Splunk/9.0.1/Di... See more...
As part of deployment rollback, how do we undo integrating SHC with multisite indexer cluster done with following command from this instruction - https://docs.splunk.com/Documentation/Splunk/9.0.1/DistSearch/SHCandindexercluster#Configure_members ?     splunk edit cluster-config -mode searchhead -site site0 -manager_uri https://10.152.31.202:8089 -secret newsecret123 -auth login:password splunk restart        
Hello, one user wants to convert dashboard with token to summary indexing dashboard. We are using | sistats or similar, scheduling data collection each minute or other frequency. However user has... See more...
Hello, one user wants to convert dashboard with token to summary indexing dashboard. We are using | sistats or similar, scheduling data collection each minute or other frequency. However user has token input to filter later dynamically search results. Is it possible to have scheduled saved search using summary indexing and dynamic token depending on user query? May I remove the filter and grab all results then filter in the final summary indexing dashboard? Thanks for your help.
Hello, I have data like below.  {"property":"XYZ", "period":{ "start":"2022-09-16", "end":"2022-10-02" }, "nb-day":17, "nb-rate-plans":518, "nb-products":16, "total":{ "avail":48, "price":0 }, "f... See more...
Hello, I have data like below.  {"property":"XYZ", "period":{ "start":"2022-09-16", "end":"2022-10-02" }, "nb-day":17, "nb-rate-plans":518, "nb-products":16, "total":{ "avail":48, "price":0 }, "filtered":{ "avail":0, "price":0 }, "rate-plans":{ "IWU35":{ "avail":16, "price":0 }, "IWU30":{ "avail":16, "price":0 }, "IWU40":{ "avail":16, "price":0 } }, "check-ins":{ "0":{ "avail":3, "price":0 }, "1":{ "avail":3, "price":0 }, "2":{ "avail":3, "price":0 }, "3":{ "avail":3, "price":0 }, "4":{ "avail":3, "price":0 }, "5":{ "avail":3, "price":0 }, "6":{ "avail":3, "price":0 }, "7":{ "avail":3, "price":0 }, "8":{ "avail":3, "price":0 }, "9":{ "avail":3, "price":0 }, "10":{ "avail":3, "price":0 }, "11":{ "avail":3, "price":0 }, "12":{ "avail":3, "price":0 }, "13":{ "avail":3, "price":0 }, "14":{ "avail":3, "price":0 }, "15":{ "avail":3, "price":0 } } } { "property":"ABC", "period":{ "start":"2022-09-16", "end":"2022-10-02" }, "nb-day":17, "nb-rate-plans":518, "nb-products":16, "total":{ "avail":48, "price":0 }, "filtered":{ "avail":0, "price":0 }, "rate-plans":{ "IWU35":{ "avail":16, "price":0 }, "IWU30":{ "avail":16, "price":0 }, "IWU40":{ "avail":16, "price":0 } }, "check-ins":{ "0":{ "avail":3, "price":0 }, "1":{ "avail":3, "price":0 }, "2":{ "avail":3, "price":0 }, "3":{ "avail":3, "price":0 }, "4":{ "avail":3, "price":0 }, "5":{ "avail":3, "price":0 }, "6":{ "avail":3, "price":0 }, "7":{ "avail":3, "price":0 }, "8":{ "avail":3, "price":0 }, "9":{ "avail":3, "price":0 }, "10":{ "avail":3, "price":0 }, "11":{ "avail":3, "price":0 }, "12":{ "avail":3, "price":0 }, "13":{ "avail":3, "price":0 }, "14":{ "avail":3, "price":0 }, "15":{ "avail":3, "price":0 } } } 1. Need to calculate date based on below example-> start : 2022-09-16  "check-ins":{ "0":{ "avail":3, "price":0 }, "1":{ "avail":3, "price":0 }, "2":{ "avail":3, "price":0 }, "3":{ "avail":3, "price":0 }, "4":{ "avail":3, "price":0 }, "5":{ "avail":3, "price":0 }, "6":{ "avail":3, "price":0 }, "7":{ "avail":3, "price":0 }, "8":{ "avail":3, "price":0 }, "9":{ "avail":3, "price":0 }, "10":{ "avail":3, "price":0 }, "11":{ "avail":3, "price":0 }, "12":{ "avail":3, "price":0 }, "13":{ "avail":3, "price":0 }, "14":{ "avail":3, "price":0 }, "15":{ "avail":3, "price":0 } } Index from check-ins need to be added in start-date Date:                                                                          desync 2022-09-16  + 0 = 2022-09-16                   avail+price(3+0) 2022-09-16  + 1 =2022-09-17 2022-09-16  + 2= 2022-09-18 2022-09-16  + 15 = 2022-10-01 I need to convert check-ins index into date and then calculate desync for each day Thanks in advance!!  
Hello, For security reasons such as,how to block the view of JVM variables in appdynamics console. a different way to block, other than through config with agent. through sensitive-data-filter a... See more...
Hello, For security reasons such as,how to block the view of JVM variables in appdynamics console. a different way to block, other than through config with agent. through sensitive-data-filter and app-agent-config.xml. thanks
Hi, I have problems with the drilldown button in the "Risk Event Timeline" view for an Risk Notable. When expanding Risk rules in the "Risk Event Timeline" view, you can click on a drilldown fiel... See more...
Hi, I have problems with the drilldown button in the "Risk Event Timeline" view for an Risk Notable. When expanding Risk rules in the "Risk Event Timeline" view, you can click on a drilldown field named "Contributing events: View contribting events". This button is disabled with the following message: "View contributing events" link is disabled as there is no drilldown search available for this risk rule. The Risk rule is configured as a notable and has a drilldown search.  Does anybody know how to enabled the drilldownsearch in the "Risk Event Timeline" view  
  want to implement below mentioned red highlighted xml code in splunk dashboard source if dropdown field value is "db2_cloud2" for stats table. <format type="color" field="REPLAY_LATENCY"> <col... See more...
  want to implement below mentioned red highlighted xml code in splunk dashboard source if dropdown field value is "db2_cloud2" for stats table. <format type="color" field="REPLAY_LATENCY"> <colorPalette type="expression">if(value&gt;45,"#D93F3C","")</colorPalette> </format> Below mentioned is screenshot of Dashboard.  
Here are the error messages 2022-09-26 12:38:02,976 ERROR [itsi_re(reId=cRdG)] [main] RulesEngineSearch:75 - RulesEngineTask=RealTimeSearch, Status=Stopped, FunctionMessage="java.lang.NoSuchMethodEr... See more...
Here are the error messages 2022-09-26 12:38:02,976 ERROR [itsi_re(reId=cRdG)] [main] RulesEngineSearch:75 - RulesEngineTask=RealTimeSearch, Status=Stopped, FunctionMessage="java.lang.NoSuchMethodError: com.fasterxml.jackson.core.JsonParser.getReadCapabilities()Lcom/fasterxml/jackson/core/util/JacksonFeatureSet;" host = myhost = _internalsource = /opt/splunk/var/log/splunk/itsi_rules_engine.log sourcetype = itsi_internal_log 2022-09-26 12:38:02,976 ERROR [itsi_re(reId=cRdG)] [main] RulesEngineSearch:74 - RulesEngineTask=RulesEngineJob, Status=Stopped host = myhost = _internalsource = /opt/splunk/var/log/splunk/itsi_rules_engine.log sourcetype = itsi_internal_log 2022-09-26 12:38:02,902 DEBUG [itsi_re(reId=cRdG)] [main] PropertyLoader:209 - itsiRulesEngine.localConfigurationFile properties file is not defined. host = myhost = _internalsource = /opt/splunk/var/log/splunk/itsi_rules_engine.log sourcetype = itsi_internal_log All the SH are on the same lan/network, no firewall. The ERROR [itsi_re(reId=yVNs)] [main] RulesEngineSearch:75 - RulesEngineTask=RealTimeSearch, Status=Stopped, FunctionMessage="java.lang.NoSuchMethodError: 'com.fasterxml.jackson.core.util.JacksonFeatureSet com.fasterxml.jackson.core.JsonParser.getReadCapabilities()'" is logged every minute.
Hello, I'm trying to change my date format two times because i want to sort to order my month from January to December. I've been trying this search but the field newPeriode2 isn't showing any resu... See more...
Hello, I'm trying to change my date format two times because i want to sort to order my month from January to December. I've been trying this search but the field newPeriode2 isn't showing any results : | eval newPeriode = strftime(strptime(Période,"%Y-%m-%d"),"%m-%Y") | sort newPeriode | eval newPeriode2 = strftime(strptime(newPeriode,"%m-%Y"), "%B-%Y") this is what it looks like. I want my newPeriode2 looks like : January-2022 etc... Thanks for your help !
Hi, I have this search: | stats count by application | eval application = case( application=="malware-detection", "Malware", !isnull(application), upper(substr(application,1,1)).s... See more...
Hi, I have this search: | stats count by application | eval application = case( application=="malware-detection", "Malware", !isnull(application), upper(substr(application,1,1)).substr(application,2) ) | eventstats sum(count) as total | eval count_2=round(100*count/total,2) | fields- total | eval count_perc="".count_2."%" | rename application as Application, count as Count   and I would like to show the Application, Count and count_perc fields on mu Pie Chart, but splunk still show the Count%. My goal is to round the percentage, how can I do this? Thanks for support!
Used the Spunk JS Stack version 1.4 and when the code is executed, it is raising $.klass is not a function. Is there any way to resolve this issue?
Hello users, it seems that TA-webtools app is not fully compatible with Splunk 9 version according to "Upgrade Readiness App": Will you upgrade it? Thank you!
Hi, I am trying to get the Splunk_TA_esxilogs app to work in our Splunk Enviroment, but cant get it working together with our app that rewrites index and sourcetype. I suspect that one Splunk Enterp... See more...
Hi, I am trying to get the Splunk_TA_esxilogs app to work in our Splunk Enviroment, but cant get it working together with our app that rewrites index and sourcetype. I suspect that one Splunk Enterprice instance cannot rewrite the sourcetype and index more that one time. The ESXi logs are allready collected at an syslog server, and forwarded to the Heavy Forwarder. At the HF we use "rewrite app" with an regex to change the sourcetype from "syslog" to "esxi", based out of the hostname, like this: props.conf: [syslog] TRANSFORMS-force_vmware = force_sourcetype_vmware, force_ix_vmware transforms.conf: [force_sourcetype_vmware] SOURCE_KEY = MetaData:Host REGEX = ^host::(10\.24[1289]\.70\.\d+|10\.243\.12\.\d+|10\.25[01]\.70\.\d+|10\.252\.198\.50|10\.30\.209\.19[5-6]|10\.36\.1[128]\.\d+|10\.37\.12\.\d+|10\.45\.[12]\.\d+|10\.6[23]\.12.\d+|10\.63\.10\.20|10\.65\.(0|64)\.\d+|10\.65\.65\.65) DEST_KEY = MetaData:Sourcetype FORMAT = sourcetype::vmw-syslog [force_ix_vmware] SOURCE_KEY = MetaData:Sourcetype REGEX = ^sourcetype::(?i)vmw-syslog$ DEST_KEY = _MetaData:Index FORMAT = vmware-esxilog So far, so good. This rewrite app does its job. The data now has index "vmware-esxilog" and sourcetype "vmw-syslog". Now the Splunk_TA_esxilog app should in theory start baking the data: props.conf: ####### INDEX TIME EXTRACTION ########## [vmw-syslog] SHOULD_LINEMERGE = false LINE_BREAKER = ([\r\n]+)(?:.*?(?:[\d\-]{10}T[\d\:]{8}(?:\.\d+)?(?:Z|[\+\-][\d\:]{5})?)\s[^ ]+\s+[^ ]+\s+[^\->])|([\r\n]+)(?:.*?\w+\s+\d+\s+\d{2}:\d{2}:\d{2})(?:\s+[^ ]+\s+)+[^\->] TZ = UTC DATETIME_CONFIG = /etc/apps/Splunk_TA_esxilogs/default/syslog_datetime.xml TRANSFORMS-nullqueue = vmware_generic_level_null TRANSFORMS-vmsyslogsourcetype = set_syslog_sourcetype,set_syslog_sourcetype_4x,set_syslog_sourcetype_sections TRANSFORMS-vmsyslogsource = set_syslog_source   But it doesnt. The data gets indexed without beeing touched by the Splunk_TA_esxilogs app. It works IF i disable the HF rewrite app, and change the stanza in Splunk_TA_esxilogs from [vmw-syslog] to [syslog], but that will hit way to wide. The name of the HF rewrite app starts with "05", so its configuration comes before the app named "Splunk_TA_esxilogs". Any suggestions is highly appreciated
Hi - I am trying to run the below query to help create an alert that will show when we haven't had an alert for a particular index after 15 minutes. I need to make it so it only includes specific ind... See more...
Hi - I am trying to run the below query to help create an alert that will show when we haven't had an alert for a particular index after 15 minutes. I need to make it so it only includes specific indexes rather than all the indexes within Splunk but can't seem to get it right. Any help on how to fix it or letting me know if there is a better way to do this would be massively appreciated! | tstats latest(_time) as latest where index=* earliest=-24hr by index | eval recent = if(latest > relative_time(now(),"-15m"),1,0), realLatest = strftime(latest,"%c") | rename realLatest as "Last Log" | where recent=0