cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
clearslide_cwon
New Member
Member since: ‎11-24-2015
‎06-05-2020
Community Statistics
Posts 10
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-24-2015
Activity Feed
View All

Re: unable to wget splunk anymore

by in Splunk Search
‎03-14-2016 02:51 PM
‎03-14-2016 02:51 PM
that would be awesome. thanks martin! ... View more

Re: unable to wget splunk anymore

by in Splunk Search
‎03-14-2016 02:14 PM
‎03-14-2016 02:14 PM
cool. i was able to put the url together for the 6.3.0 build and able to download it. was there an announcement recently regarding the url change? because the chef splunk cookbook we (and i am sure other people) use points at the broken url earlier which ended up breaking a lot of autoscale instances ... ... View more

unable to wget splunk anymore

by in Splunk Search
‎03-14-2016 11:16 AM
‎03-14-2016 11:16 AM
hi, are there any recent changes from your end that we're no longer able to wget the packages anymore? we noticed this starting march 11th'ish - # wget http://download.splunk.com/releases/6.3.0/universalforwarder/linux/splunkforwarder-6.3.0-aa7d4b1ccb80-linux-2.6-amd64.deb --2016-03-14 10:59:52-- http://download.splunk.com/releases/6.3.0/universalforwarder/linux/splunkforwarder-6.3.0-aa7d4b1ccb80-linux-2.6-amd64.deb Resolving download.splunk.com (download.splunk.com)... 54.192.18.66, 54.192.18.85, 54.192.18.115, ... Connecting to download.splunk.com (download.splunk.com)|54.192.18.66|:80... connected. HTTP request sent, awaiting response... 404 Not Found 2016-03-14 10:59:52 ERROR 404: Not Found. # wget http://download.splunk.com/releases/6.3.0/universalforwarder/linux/splunkforwarder-6.3.0-aa7d4b1ccb80-linux-2.6-x86_64.rpm --2016-03-14 11:05:06-- http://download.splunk.com/releases/6.3.0/universalforwarder/linux/splunkforwarder-6.3.0-aa7d4b1ccb80-linux-2.6-x86_64.rpm Resolving download.splunk.com (download.splunk.com)... 54.192.18.162, 54.192.18.19, 54.192.18.21, ... Connecting to download.splunk.com (download.splunk.com)|54.192.18.162|:80... connected. HTTP request sent, awaiting response... 404 Not Found 2016-03-14 11:05:07 ERROR 404: Not Found. ... View more

How to set up Splunk Cloud to run on AWS Elastic B...

by in All Apps and Add-ons
‎02-02-2016 12:01 PM
‎02-02-2016 12:01 PM
we're trying to get splunk (clound) running on AWS Elastic Beanstalk. I've added the environment variables: APPLICATION_NAME = MyJavaApp-EB SPLUNK_FORWARDER_RPM_DOWNLOAD_URL = https://download.splunk.com/products/splunk/releases/6.2.2/universalforwarder/linux/splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm SPLUNK_SERVER_HOST = our.splunk.cloud.hostname.cloud.splunk.com Looking at the script from http://tech.smartling.com/logs-collection-from-aws-elasticbeanstalk-splunk/, it doesn't let me execute the following command (from Splunk Cloud install instructions): /opt/splunkforwarder/bin/splunk install app /opt/splunkclouduf.spl -auth admin:changeme which the splunkclouduf.spl containing the certs/info/etc. Does that mean we will have to add the .spl into the .ebextensions directory and include that into the zip file and call that command from the 101splunk-fowarder.config file? ... View more

Re: simple wildcard monitoring not working

by in Getting Data In
‎12-28-2015 03:14 PM
‎12-28-2015 03:14 PM
ya. splunk user is able to read the directory/cd in, BUT it doesnt have access to read every file in that dir. could that be the issue? -bash-4.2$ id uid=9100(splunk) gid=9100(splunk) groups=9100(splunk) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 -bash-4.2$ ls /var/log anaconda boot.log btmp-20151201 cloud-init.log cron cron-20151214 cron-20151227 dmesg maillog maillog-20151214 maillog-20151227 messages-20151206 messages-20151220 newrelic ppp samba secure-20151206 secure-20151220 spooler spooler-20151214 spooler-20151227 tomcat wtmp audit btmp chrony cloud-init-output.log cron-20151206 cron-20151220 cs lastlog maillog-20151206 maillog-20151220 messages messages-20151214 messages-20151227 ntpstats sa secure secure-20151214 secure-20151227 spooler-20151206 spooler-20151220 tallylog tuned yum.log -bash-4.2$ ls -ld /var/log drwxr-xr-x. 13 root root 4096 Dec 27 03:41 /var/log i have change the perm in the tomcat dir to be accessable by splunk as well - -bash-4.2$ ls -ld /var/log/tomcat drwxrwxr-x. 2 tomcat root 8192 Dec 28 00:00 /var/log/tomcat ... View more

simple wildcard monitoring not working

by in Getting Data In
‎12-22-2015 04:31 PM
‎12-22-2015 04:31 PM
I have a really simple wildcard matching for monitoring, but I can't get it to work. Here is the setup: /opt/splunkforwarder/etc/system/local/inputs.conf [monitor:///var/log/tomcat/localhost_access_log.*.txt] i restarted splunk, but it doesn't monitor any files in that directory. BUT, if I put the following and copy the log (txt) files to /tmp , it sees them: [monitor:///tmp/localhost_access_log*.txt] Is there any restriction, or because the wildcard I have? It seems pretty basic to me. ... View more

Re: unable to process binary log file

by in Splunk Search
‎12-18-2015 02:15 PM
‎12-18-2015 02:15 PM
thanks martin, sorry for the slow reply. having the following worked: /opt/splunkforwarder/etc/system/local/inputs.conf [monitor:///var/log/tomcat/catalina.out] sourcetype=tomcat-catalina-out /opt/splunkforwarder/etc/system/local/props.conf [tomcat-catalina-out] NO_BINARY_CHECK = true BREAK_ONLY_BEFORE_DATE = true SHOULD_LINEMERGE=true MAX_TIMESTAMP_LOOKAHEAD=30 TIME_PREFIX = ^ pulldown_type = 1 category = Application description = Output produced by Apache Tomcat Catalina (System.out and System.err) ... View more

How do I find out which hosts are pushing the most...

by in Getting Data In
‎12-15-2015 04:29 PM
‎12-15-2015 04:29 PM
Not sure how I can find out which host(s) that are pushing the most data/logs to our Splunk Cloud account. It's reaching our limit. Unfortunately, the Volume Usage tab isn't very detailed. ... View more

Re: unable to process binary log file

by in Splunk Search
‎11-30-2015 10:46 AM
‎11-30-2015 10:46 AM
hey martin, thanks for the quick reply. i added props.conf to the local/ dir - cat /opt/splunkforwarder/etc/system/local/props.conf [catalina] 20151124 cwong - added NO_BINARY_CHECK = 1 NO_BINARY_CHECK = 1 BREAK_ONLY_BEFORE_DATE = true SHOULD_LINEMERGE=true MAX_TIMESTAMP_LOOKAHEAD=30 TIME_PREFIX = ^ pulldown_type = 1 category = Application description = Output produced by Apache Tomcat Catalina (System.out and System.err) i still see the "WARN FileClassifierManager - The file '/var/log/tomcat/catalina.out' is invalid. Reason: binary" in splunkd.log ... View more

unable to process binary log file

by in Splunk Search
‎11-30-2015 09:05 AM
‎11-30-2015 09:05 AM
i have splunkforwarder running but once a while we run into issue with the following error about file being binary - 11-30-2015 03:28:02.240 -0800 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/var/log/tomcat/catalina.out'. 11-30-2015 03:28:07.418 -0800 WARN FileClassifierManager - The file '/var/log/tomcat/catalina.out' is invalid. Reason: binary 11-30-2015 03:28:07.418 -0800 INFO TailReader - Ignoring file '/var/log/tomcat/catalina.out' due to: binary i have tried following the instruction here but didnt seem to work - https://answers.splunk.com/answers/36739/how-can-we-monitor-binary-log-data-in-splunk-is-invalid-reason-binary.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev not sure if this is the file to edit though - /opt/splunkforwarder/etc/system/default/props.conf [catalina] # 20151124 cwong - added NO_BINARY_CHECK = 1 NO_BINARY_CHECK = 1 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Top