Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About cadm777
cadm777
Explorer
Member since:
10-29-2018
08-08-2024
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 0 |
| Member Since | 10-29-2018 |
Activity Feed
- Karma Re: Splunk SPL Examples for WebSphere SystemOut Logs for richgalloway. 08-08-2024 12:06 PM
- Posted Re: Splunk SPL Examples for WebSphere SystemOut Logs on Splunk Search. 08-08-2024 10:53 AM
- Karma Re: Splunk SPL Examples for WebSphere SystemOut Logs for richgalloway. 08-08-2024 10:33 AM
- Posted Splunk SPL Examples for WebSphere SystemOut Logs on Splunk Search. 08-08-2024 09:48 AM
- Tagged Splunk SPL Examples for WebSphere SystemOut Logs on Splunk Search. 08-08-2024 09:48 AM
- Tagged Splunk SPL Examples for WebSphere SystemOut Logs on Splunk Search. 08-08-2024 09:48 AM
- Karma Re: Can you help me migrate from Splunk 6.6.0 to Splunk 7.2.1? for richgalloway. 06-05-2020 12:50 AM
- Posted Re: Can you help me migrate from Splunk 6.6.0 to Splunk 7.2.1? on Installation. 01-10-2019 02:53 PM
- Posted Re: Can you help me migrate from Splunk 6.6.0 to Splunk 7.2.1? on Installation. 12-27-2018 09:24 AM
- Posted Re: Can you help me migrate from Splunk 6.6.0 to Splunk 7.2.1? on Installation. 12-26-2018 11:49 AM
- Posted Can you help me migrate from Splunk 6.6.0 to Splunk 7.2.1? on Installation. 12-26-2018 09:52 AM
- Tagged Can you help me migrate from Splunk 6.6.0 to Splunk 7.2.1? on Installation. 12-26-2018 09:52 AM
- Tagged Can you help me migrate from Splunk 6.6.0 to Splunk 7.2.1? on Installation. 12-26-2018 09:52 AM
- Tagged Can you help me migrate from Splunk 6.6.0 to Splunk 7.2.1? on Installation. 12-26-2018 09:52 AM
- Tagged Can you help me migrate from Splunk 6.6.0 to Splunk 7.2.1? on Installation. 12-26-2018 09:52 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
08-08-2024
10:53 AM
The problem I am having is the raw data looks like this: "[8/8/24 13:37:46:622 EDT] 00007e14 HOSTEDWIRES** I ************" What I am trying to do is do a search on the raw data find the "W" and "E" The problem I am having is the raw data looks like this: "[8/8/24 13:37:46:622 EDT] 00007e14 HOSTEDWIRES** W ************" or The problem I am having is the raw data looks like this: "[8/8/24 13:37:46:622 EDT] 00007e14 HOSTEDWIRES** E ************" A basic search I am using: (Sorry, I had to obfuscate some of the SPL. index="index" host IN ("Server 1","Server 2","Backup Server 1","Backup Server 2") source=* sourcetype=###_was_systemout_log | ("W" or "E") In WebSphere SystemOut logs, the warning or error indicator comes after the timestamp and application type. So, when I search for just ("W" or "E") it will pull everything that has "W" "E" in the text. How do I isolate it to search for that after the application type, and before the transaction raw data? I don't get to play with Splunk that much, so this is beyond my skill level. I am still learning. Thanks again for the help.
... View more
08-08-2024
09:48 AM
We use Splunk, and I do know that our SystemOut logs are forwarded to the Splunk indexer. Does anyone have some example SPLs for searching indexes for WebSphere SystemOut Warnings "W" and SystemOut Errors "E"? Thanks. For your reference, here is a link to IBM's WebSphere log interpretation: ibm.com/docs/en/was/8.5.5?topic=SSEQTP_8.5.5/…
... View more
Labels
- Labels:
-
other
-
transaction
01-10-2019
02:53 PM
01/10/2019 UPDATE:
I was told this week by management that we will not migrate any of the indexed data. We are only going to migrate the AD Groups, Roles, users, capabilities, and user's data. We will also move the associated indexes, if they do not exist in the new system. So for now, I just need to match up the AD Group with the role and capabilities for the users, and the indexes associated with them. Also need information on how to migrate the data to the new system.
Apparently we only keep a few weeks of indexed data. So we are working on moving the users with the index and servers and logs at the same time, and then point the users to the new environment. No need for bucket moves.
... View more
12-27-2018
09:24 AM
Rich,
Thanks for the response. This really helps, and gets me pointed in the right direction. I figured I would have to write some rest searches for most of it. This is going to be a complex task for sure. Lots of data to pull together. I did find information on the "Data Governance" app.
https://splunkbase.splunk.com/app/1866/
I'm not sure if that will help, but I'll get it installed, and give it a try.
Thanks again.
... View more
12-26-2018
11:49 AM
The new Splunk 7.2.1 is installed and up and running. It is an all Linux environment. Think of it as a completely separate environment. It is processing other forwarders now. We want to completely decommission the 6.0 environment all together.
Current New Environment:(Not really new, just a new enterprise environment and all Redhat Linux)
2-lightweight forwarders (For syslogs only)
1-Heavy forwarder
1-Dev box for testing heavy forwarders
1-Splunk ES server
2-Deployment servers: One used to push updates to the non ES search heads. The other one is where all the apps live. The second one pushes updates to the cluster master, deployer, light forwarders, heavy forwarders, and universal forwarders. It is also has the common applications directory.
3-Search head servers as a cluster
1-Cluster master that manages the index servers
15-index servers as a cluster
... View more
12-26-2018
09:52 AM
I am a new Splunk user. I have finished all the Splunk Admin training. (Splunk Fundamentals 1 & 2, Splunk Administration, and Splunk Data Administration) I am still processing all the information.
However, I've been tasked with developing a migration plan to move our current environment from Splunk 6.6.0 to Splunk 7.2.1. A fairly large task for a new Splunk user. I'm excited about it, and not afraid to take on the task. So just need some help in getting pointed in the right direction. For security reasons, I can't give out to any details, but I'll include what I can.
Splunk 6.6.0 environment:
1-Windows 2008 Deployment Server: --serverclass.conf file location and deployment clients
1-Windows 2008 Index Controller Server: --Serves as the main index controller and license manager, where all non neteng users log in to search ingested data.
1-Linux OS Traffic Indexer --Neteng syslog traffic indexer
2 Linux OS Lightweight Forwarders --Running syslog-ng, the original syslogs from network devices get pushed to the indexers from here I think.
1-Windows Server 2008 Search Head --Searches the neteng data --All neteng users login here to search neteng data
What I need to gather from what I know:
A complete list of the servers from the "white-list" and "blacklist" (I think I can get this from the\Program Files\Splunk\etc\system\local\serverclass.conf file. Just not sure if it is the complete list.)
File types and their paths that are being monitored on these servers (From the deployment server "Settings" > "Data Inputs" > "Forwarded Inputs"??? Is there an export function for this?)
User data including alerts, reports, and dashboards. Need to know the owners of each.(Need to know how to export this, and then import to the new environment)
Is the user data private or global? (Not sure where to get this from)
Improve the efficiency of the saved searches and reports (This is something we can work on here. Is there a search analyzer in Splunk?)
Who has access to the apps? (Group description + matching AD group) (Is there a way to compare the AD list against the Splunk users? I need to create a spreadsheet of the users, their Splunk roles, and the AD group they belong to. Is there an export function of user roles?)
Index data migration (Index information - "Settings" > "Indexes". Is there a migration plan for moving indexes from one environment to the other?)
Once all data is gathered, our goal is to ensure that users aren't having to straddle both environments to access their content. So, this means migrating a group with their index, and migrating the searches, reports, and alerts for that index.
If anyone has a basic migration project plan, it would be helpful for the newbie.
Thanks for your help.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-08-2024
03:32 PM
|
