Activity Feed
- Posted Re: 50 - 50 output in web intelligence app | [Traffic pattern/status, Report Top page view/Top Client Ips are working , remaining not working ] on All Apps and Add-ons. 05-23-2013 01:37 PM
- Posted Re: How to prevent this from being sent to indexer from heavy forwarder on Getting Data In. 12-06-2011 06:51 AM
- Posted Re: How to prevent this from being sent to indexer from heavy forwarder on Getting Data In. 12-05-2011 08:51 AM
- Posted How to prevent this from being sent to indexer from heavy forwarder on Getting Data In. 12-02-2011 10:25 AM
- Tagged How to prevent this from being sent to indexer from heavy forwarder on Getting Data In. 12-02-2011 10:25 AM
- Tagged How to prevent this from being sent to indexer from heavy forwarder on Getting Data In. 12-02-2011 10:25 AM
- Posted Re: could not send data to the output queue? on Getting Data In. 06-14-2011 08:32 AM
- Posted How to create serverclass.conf that looks for an installed application on managed node? on Deployment Architecture. 12-20-2010 04:52 PM
- Tagged How to create serverclass.conf that looks for an installed application on managed node? on Deployment Architecture. 12-20-2010 04:52 PM
- Posted Splunk Deployment Servers on Deployment Architecture. 12-07-2010 09:19 PM
- Tagged Splunk Deployment Servers on Deployment Architecture. 12-07-2010 09:19 PM
- Posted Re: How to make a Splunk indexer a Deployment Server on Deployment Architecture. 12-07-2010 09:00 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
05-23-2013
01:37 PM
I have a simliar problem, but it appears that it is because eventtype=pageview does not exist in my system anywhere. Am I supposed to create that eventtype manually?
... View more
12-06-2011
06:51 AM
ok, so your example was very helpful, yet it was missing something that was preventing it from working. Many of the examples up on ANSWERS do not show putting a [source:/"path to log file] in the props.conf. I used this website to develop the regex : http://myregexp.com/ and then I used these entries and everything worked golden. Thanks very much for the help!!
Props.conf :
[source::/export/bmadmin/bmsPRD10/log/website.out]
TRANSFORMS-t1 = setnull
transforms.conf:
[setnull]
REGEX=\bDEBUG:\s.*
DEST_KEY = queue
FORMAT = nullQueue
... View more
12-05-2011
08:51 AM
Thank you and I completely get it. I did some reading on REGEX and I came up with this for the transforms.conf:[setnull]
REGEX = bDEBUG.$ (NOTE there is a leading slash this page won't display it)
DEST_KEY = queue
FORMAT = nullQueue
and this for the props.conf:
[website.out]
TRANSFORMS-website.out = setnull
But it's not working.... any ideas? I think my REGEX is right. Should it not be named something like setnull ( I couldnt think of anything else) or does it need to correspond to something in the file? The name of the file that I am monitoring is website.out...
... View more
12-02-2011
10:25 AM
I know there have been quite a few messages on this, but I am still confused. I am trying to configure my heavy forwarder to NOT send the following from a file that is is monitoring:
[Fri Dec 02 13:10:22 EST 2011] [java.lang.String] DEBUG: <?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv
That's just the beggining of the line, but I want to key in on the word "DEBUG" and throw out all events that start with that.
I know I have to put something in the props.conf and the transforms.conf, but I do not know exactly what to put in there. Also, can you please explain what the symbols mean in the fields you are recommending? I see lots of posts with "/+s" and stuff like this, but I don't know what the heck they mean.
-Noob
... View more
06-14-2011
08:32 AM
I am having the same problem. Only parsingqueue is showing up blocked=true.
I determined that the network port was not open between this server and the indexer and that was the problem.
-Ron C.
... View more
12-20-2010
04:52 PM
I want to create a serverclass.conf that decides to deploy an inputs.conf based upon whether certain applications are installed.
I already have splunk configured to deploy inputs.conf, but I have only been able to get as granular as "linux" but not "linux with this application installed"
If serverclass.conf does not have the ability to get granular like that, I was thinking that I could create one application that deploys a script that looks for application logs and then creates the inputs.conf file based upon that.....
Any ideas?
... View more
- Tags:
- deployment
12-07-2010
09:19 PM
Folks, while the documentation for things splunklike are usually very good, it is very poor when it comes to using the deployment server feature.
What I am looking for is some help with setting up some serverclasses based upon what types of applications are installed on those servers, and I don't want to deploy applications I want to deploy configurations.
So lets say I designate one server, deploymentserver as my, you guessed it, Deployment Server. I place in splunk_home$/etc/system/local a serverclass.conf. I put a congiguration that says for all deployment clients that have alfresco, please monitor /apps/alfresco/log/alfresco.log.
Can someone provide a very simple, one dimensional example of the above for serverclass.conf? I understand there are many other nuances to it.
Then, on my server that I want to deploy this configuration to, I indicate that I am an alfresco server.
Can someone provide a very simple, one dimensional example of the above as well for my SPLUNK_HOME/etc/system/local/deploymentclient.conf file? How do I indicate in this file "I am an alfresco server"?
I will have servers that have multiple applications on them be part of multiple serverclass indicators, and indicate each application in the deplomentclient.conf
Hope someone can help here. Thanks!!
... View more
- Tags:
- deployment-server
12-07-2010
09:00 PM
Folks,
I have looked and looked. YES you explain how to create a serverclass.conf.
YES you explain how to set up a deployment client.
The main things that seem to be focused on are applications, but I do not see an example where we are pushing a configuration.
Lets say we want to create serverclass.conf using a profile that keys in on what configuration it should get, something like this:
serverclass.conf says that alfresco server's should have alfresco logs monitored in /apps/alfresco/log
deployment server says "I am an alfresco server", and gets the configuration for an alfresco server.
... View more
