Hello everyone!
I'm new at using Splunk. My team installed it recently along with Splunk for CA SiteMinder (https://splunkbase.splunk.com/app/842/ ). It works fine with the default searches, but we're having a hard time writing a custom search to retrieve load information.
We want to extract the information of the fields Current, Max, Limit, and Exceeded limit to create a time line chart, this information is displayed as follow in the logs:
===================================================================================
[11627/3721370512][Sun Aug 09 2015 21:00:02][CServer.cpp:4403][INFO] System Statistics
[11627/3721370512][Sun Aug 09 2015 21:00:02][CServer.cpp:4409][INFO] Available file descriptors: 63488
[11627/3721370512][Sun Aug 09 2015 21:00:02][CServer.cpp:4420][INFO] Thread pool limit: 20
[11627/3721370512][Sun Aug 09 2015 21:00:02][CServer.cpp:4440][INFO] Thread pool: Msgs=116042596 Waits=109838215 Misses=9595616 Max HP Msg= 424 Max NP Msg= 388 Current Depth= 0 Max Depth= 812 Current High Depth= 0 Current Norm Depth= 0 Current Threads= 20 Max Threads= 20
[11627/3721370512][Sun Aug 09 2015 21:00:02][CServer.cpp:4448][INFO] Connections: Current=289 Max=1349 Limit=10000 Exceeded limit= 0
[11627/3721370512][Sun Aug 09 2015 21:00:02][CServer.cpp:4451][INFO] ===================================================================================
Any help is greatly appreciated.
Cheers
... View more