Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About clearslide_cwon
clearslide_cwon
New Member
Member since:
11-24-2015
06-05-2020
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 11-24-2015 |
Activity Feed
- Posted Re: unable to wget splunk anymore on Splunk Search. 03-14-2016 02:51 PM
- Posted Re: unable to wget splunk anymore on Splunk Search. 03-14-2016 02:14 PM
- Posted unable to wget splunk anymore on Splunk Search. 03-14-2016 11:16 AM
- Tagged unable to wget splunk anymore on Splunk Search. 03-14-2016 11:16 AM
- Posted How to set up Splunk Cloud to run on AWS Elastic Beanstalk? on All Apps and Add-ons. 02-02-2016 12:01 PM
- Tagged How to set up Splunk Cloud to run on AWS Elastic Beanstalk? on All Apps and Add-ons. 02-02-2016 12:01 PM
- Tagged How to set up Splunk Cloud to run on AWS Elastic Beanstalk? on All Apps and Add-ons. 02-02-2016 12:01 PM
- Tagged How to set up Splunk Cloud to run on AWS Elastic Beanstalk? on All Apps and Add-ons. 02-02-2016 12:01 PM
- Posted Re: simple wildcard monitoring not working on Getting Data In. 12-28-2015 03:14 PM
- Posted simple wildcard monitoring not working on Getting Data In. 12-22-2015 04:31 PM
- Tagged simple wildcard monitoring not working on Getting Data In. 12-22-2015 04:31 PM
- Tagged simple wildcard monitoring not working on Getting Data In. 12-22-2015 04:31 PM
- Tagged simple wildcard monitoring not working on Getting Data In. 12-22-2015 04:31 PM
- Posted Re: unable to process binary log file on Splunk Search. 12-18-2015 02:15 PM
- Posted How do I find out which hosts are pushing the most data to our Splunk Cloud account? Volume usage showing a spike. on Getting Data In. 12-15-2015 04:29 PM
- Tagged How do I find out which hosts are pushing the most data to our Splunk Cloud account? Volume usage showing a spike. on Getting Data In. 12-15-2015 04:29 PM
- Tagged How do I find out which hosts are pushing the most data to our Splunk Cloud account? Volume usage showing a spike. on Getting Data In. 12-15-2015 04:29 PM
- Tagged How do I find out which hosts are pushing the most data to our Splunk Cloud account? Volume usage showing a spike. on Getting Data In. 12-15-2015 04:29 PM
- Posted Re: unable to process binary log file on Splunk Search. 11-30-2015 10:46 AM
- Posted unable to process binary log file on Splunk Search. 11-30-2015 09:05 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
03-14-2016
02:14 PM
cool. i was able to put the url together for the 6.3.0 build and able to download it.
was there an announcement recently regarding the url change? because the chef splunk cookbook we (and i am sure other people) use points at the broken url earlier which ended up breaking a lot of autoscale instances ...
... View more
03-14-2016
11:16 AM
hi,
are there any recent changes from your end that we're no longer able to wget the packages anymore? we noticed this starting march 11th'ish -
# wget http://download.splunk.com/releases/6.3.0/universalforwarder/linux/splunkforwarder-6.3.0-aa7d4b1ccb80-linux-2.6-amd64.deb
--2016-03-14 10:59:52-- http://download.splunk.com/releases/6.3.0/universalforwarder/linux/splunkforwarder-6.3.0-aa7d4b1ccb80-linux-2.6-amd64.deb
Resolving download.splunk.com (download.splunk.com)... 54.192.18.66, 54.192.18.85, 54.192.18.115, ...
Connecting to download.splunk.com (download.splunk.com)|54.192.18.66|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2016-03-14 10:59:52 ERROR 404: Not Found.
# wget http://download.splunk.com/releases/6.3.0/universalforwarder/linux/splunkforwarder-6.3.0-aa7d4b1ccb80-linux-2.6-x86_64.rpm
--2016-03-14 11:05:06-- http://download.splunk.com/releases/6.3.0/universalforwarder/linux/splunkforwarder-6.3.0-aa7d4b1ccb80-linux-2.6-x86_64.rpm
Resolving download.splunk.com (download.splunk.com)... 54.192.18.162, 54.192.18.19, 54.192.18.21, ...
Connecting to download.splunk.com (download.splunk.com)|54.192.18.162|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2016-03-14 11:05:07 ERROR 404: Not Found.
... View more
- Tags:
- splunk-cloud
02-02-2016
12:01 PM
we're trying to get splunk (clound) running on AWS Elastic Beanstalk.
I've added the environment variables:
APPLICATION_NAME = MyJavaApp-EB
SPLUNK_FORWARDER_RPM_DOWNLOAD_URL = https://download.splunk.com/products/splunk/releases/6.2.2/universalforwarder/linux/splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm
SPLUNK_SERVER_HOST = our.splunk.cloud.hostname.cloud.splunk.com
Looking at the script from http://tech.smartling.com/logs-collection-from-aws-elasticbeanstalk-splunk/, it doesn't let me execute the following command (from Splunk Cloud install instructions):
/opt/splunkforwarder/bin/splunk install app /opt/splunkclouduf.spl -auth admin:changeme
which the splunkclouduf.spl containing the certs/info/etc.
Does that mean we will have to add the .spl into the .ebextensions directory and include that into the zip file and call that command from the 101splunk-fowarder.config file?
... View more
12-28-2015
03:14 PM
ya. splunk user is able to read the directory/cd in, BUT it doesnt have access to read every file in that dir. could that be the issue?
-bash-4.2$ id
uid=9100(splunk) gid=9100(splunk) groups=9100(splunk) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
-bash-4.2$ ls /var/log
anaconda boot.log btmp-20151201 cloud-init.log cron cron-20151214 cron-20151227 dmesg maillog maillog-20151214 maillog-20151227 messages-20151206 messages-20151220 newrelic ppp samba secure-20151206 secure-20151220 spooler spooler-20151214 spooler-20151227 tomcat wtmp
audit btmp chrony cloud-init-output.log cron-20151206 cron-20151220 cs lastlog maillog-20151206 maillog-20151220 messages messages-20151214 messages-20151227 ntpstats sa secure secure-20151214 secure-20151227 spooler-20151206 spooler-20151220 tallylog tuned yum.log
-bash-4.2$ ls -ld /var/log
drwxr-xr-x. 13 root root 4096 Dec 27 03:41 /var/log
i have change the perm in the tomcat dir to be accessable by splunk as well -
-bash-4.2$ ls -ld /var/log/tomcat
drwxrwxr-x. 2 tomcat root 8192 Dec 28 00:00 /var/log/tomcat
... View more
12-22-2015
04:31 PM
I have a really simple wildcard matching for monitoring, but I can't get it to work. Here is the setup:
/opt/splunkforwarder/etc/system/local/inputs.conf
[monitor:///var/log/tomcat/localhost_access_log.*.txt]
i restarted splunk, but it doesn't monitor any files in that directory.
BUT, if I put the following and copy the log (txt) files to /tmp , it sees them:
[monitor:///tmp/localhost_access_log*.txt]
Is there any restriction, or because the wildcard I have? It seems pretty basic to me.
... View more
12-18-2015
02:15 PM
thanks martin, sorry for the slow reply. having the following worked:
/opt/splunkforwarder/etc/system/local/inputs.conf
[monitor:///var/log/tomcat/catalina.out]
sourcetype=tomcat-catalina-out
/opt/splunkforwarder/etc/system/local/props.conf
[tomcat-catalina-out]
NO_BINARY_CHECK = true
BREAK_ONLY_BEFORE_DATE = true
SHOULD_LINEMERGE=true
MAX_TIMESTAMP_LOOKAHEAD=30
TIME_PREFIX = ^
pulldown_type = 1
category = Application
description = Output produced by Apache Tomcat Catalina (System.out and System.err)
... View more
12-15-2015
04:29 PM
Not sure how I can find out which host(s) that are pushing the most data/logs to our Splunk Cloud account. It's reaching our limit.
Unfortunately, the Volume Usage tab isn't very detailed.
... View more
11-30-2015
10:46 AM
hey martin,
thanks for the quick reply.
i added props.conf to the local/ dir -
cat /opt/splunkforwarder/etc/system/local/props.conf
[catalina]
20151124 cwong - added NO_BINARY_CHECK = 1
NO_BINARY_CHECK = 1
BREAK_ONLY_BEFORE_DATE = true
SHOULD_LINEMERGE=true
MAX_TIMESTAMP_LOOKAHEAD=30
TIME_PREFIX = ^
pulldown_type = 1
category = Application
description = Output produced by Apache Tomcat Catalina (System.out and System.err)
i still see the "WARN FileClassifierManager - The file '/var/log/tomcat/catalina.out' is invalid. Reason: binary" in splunkd.log
... View more
11-30-2015
09:05 AM
i have splunkforwarder running but once a while we run into issue with the following error about file being binary -
11-30-2015 03:28:02.240 -0800 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/var/log/tomcat/catalina.out'.
11-30-2015 03:28:07.418 -0800 WARN FileClassifierManager - The file '/var/log/tomcat/catalina.out' is invalid. Reason: binary
11-30-2015 03:28:07.418 -0800 INFO TailReader - Ignoring file '/var/log/tomcat/catalina.out' due to: binary
i have tried following the instruction here but didnt seem to work -
https://answers.splunk.com/answers/36739/how-can-we-monitor-binary-log-data-in-splunk-is-invalid-reason-binary.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev
not sure if this is the file to edit though -
/opt/splunkforwarder/etc/system/default/props.conf
[catalina]
# 20151124 cwong - added NO_BINARY_CHECK = 1
NO_BINARY_CHECK = 1
... View more
- Tags:
- splunk-cloud
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
