Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About patriziadepaola
patriziadepaola
Explorer
Member since:
12-07-2016
02-07-2024
Community Statistics
| Posts | 11 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 12-07-2016 |
Activity Feed
- Got Karma for Re: LINE BREAKER REGEX. 06-05-2020 12:48 AM
- Posted Which is Splunk Enterprise latest stable version? on Splunk Enterprise. 09-06-2019 05:26 AM
- Tagged Which is Splunk Enterprise latest stable version? on Splunk Enterprise. 09-06-2019 05:26 AM
- Tagged Which is Splunk Enterprise latest stable version? on Splunk Enterprise. 09-06-2019 05:26 AM
- Posted Splunk 7.0.5 - Mobile access still available? on All Apps and Add-ons. 05-31-2019 12:58 AM
- Tagged Splunk 7.0.5 - Mobile access still available? on All Apps and Add-ons. 05-31-2019 12:58 AM
- Posted Re: LINE BREAKER REGEX on Splunk Search. 07-13-2017 03:23 AM
- Posted LINE BREAKER REGEX on Splunk Search. 07-13-2017 01:08 AM
- Tagged LINE BREAKER REGEX on Splunk Search. 07-13-2017 01:08 AM
- Posted Why is there event duplication via TCP port? on Getting Data In. 05-22-2017 02:36 AM
- Tagged Why is there event duplication via TCP port? on Getting Data In. 05-22-2017 02:36 AM
- Tagged Why is there event duplication via TCP port? on Getting Data In. 05-22-2017 02:36 AM
- Tagged Why is there event duplication via TCP port? on Getting Data In. 05-22-2017 02:36 AM
- Posted Re: In Windows Security logs, why does Splunk incorrectly solves some data? on Getting Data In. 01-27-2017 12:35 AM
- Posted Re: In Windows Security logs, why does Splunk incorrectly solves some data? on Getting Data In. 01-23-2017 04:02 AM
- Posted Re: In Windows Security logs, why does Splunk incorrectly solves some data? on Getting Data In. 01-23-2017 01:35 AM
- Posted In Windows Security logs, why does Splunk incorrectly solves some data? on Getting Data In. 01-23-2017 12:36 AM
- Tagged In Windows Security logs, why does Splunk incorrectly solves some data? on Getting Data In. 01-23-2017 12:36 AM
- Tagged In Windows Security logs, why does Splunk incorrectly solves some data? on Getting Data In. 01-23-2017 12:36 AM
- Tagged In Windows Security logs, why does Splunk incorrectly solves some data? on Getting Data In. 01-23-2017 12:36 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
09-06-2019
05:26 AM
Hi everyone!
we are going to updgrade our splunk (our current version 7.0.5).
which is the most recent stable version?
Thanks!
... View more
05-31-2019
12:58 AM
Hello everyone!
is the splunk Mobile access add-on still available in the 7.0.5 splunk enterprise version?
I'm confused ... I can't find it!
... View more
- Tags:
- splunk-enterprise
07-13-2017
03:23 AM
1 Karma
I have found the solution:
BREAK_ONLY_BEFORE = MSG | ERR
it works !
... View more
07-13-2017
01:08 AM
Hello, i need to identify i new line in my log file when line starts with MSG or ERR in order to get the message of error in a single line.
Sample log file data:
MSG;1193342275;1784053093;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,286; - START
MSG;1193342275;1889771202;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,305; - START
ERR;1193342275;573025154;gestoreprocessi;Log.fatal;29/06/2017 05:36:14,312;org.springframework.dao.DataAccessResourceFailureException: SqlMapClient operation; SQL [];
--- The error occurred in com/cervedgroup/cicloattivo/gestoreprocessi/db/dao/ibatis/maps/ReportWorkflowProcessi.xml.
--- The error occurred while applying a result map.
--- Check the GetIdWorkflowFromIdReport-AutoResultMap.
--- Check the result mapping for the 'ID_WORKFLOW' property.
--- Cause: java.sql.SQLRecoverableException: Closed Resultset: next; nested exception is com.ibatis.common.jdbc.exception.NestedSQLException:
--- The error occurred in com/cervedgroup/cicloattivo/gestoreprocessi/db/dao/ibatis/maps/ReportWorkflowProcessi.xml.
--- The error occurred while applying a result map.
--- Check the GetIdWorkflowFromIdReport-AutoResultMap.
--- Check the result mapping for the 'ID_WORKFLOW' property.
--- Cause: java.sql.SQLRecoverableException: Closed Resultset: next
MSG;1193342275;1889771202;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,315; - elabToElab:com.cervedgroup.cicloattivo.gestoreprocessi.db.ReportElab@6da21389
MSG;1193342275;1889771202;gestoreprocessi;GestioneProcessi.elaboraProcesso;29/06/2017 05:36:14,315; - elabToElab stato:SND
Any suggestions?
... View more
- Tags:
- splunk-enterprise
05-22-2017
02:36 AM
Can anyone help me and clarify why Splunk duplicates events received from TCP port? The same type of events received on a UDP port are not duplicated.
I try to post an example:
Event received on UPD port 55553
{"CALLER_INFO":"{CORPORATE#010#NET43205#null#null}","INPUT":"{COMPANY#null#null#null#03978500720#null#null#null-null}","APPLICATION_SERVICE":"MAGNETO.EXTERNALSEARCH","ESITO":"OK","OUTPUT":"0","APPLICATION":"magneto","timestamp8601":"2017-05-18T09:07:02.400389+00:00","PID":"707633604","STEP":"TOTAL","program":"journal","CLASS":"LogUtil.traceStep","message":["2017-05-18T09:07:02.400389+00:00 prod-dcos6-12102016 journal: MSG;1501718321;707633604;MAGNETO.EXTERNALSEARCH;LogUtil.traceStep;18/05/2017 11:07:02,399;SPLUNK - magneto/externalsearch/magneto_externalsearch|TOTAL|OK|1301|{CORPORATE#010#NET43205#null#null}|{COMPANY#null#null#null#03978500720#null#null#null-null}|0\n","MSG;1501718321;707633604;MAGNETO.EXTERNALSEARCH;LogUtil.traceStep;18/05/2017 11:07:02,399;SPLUNK - magneto/externalsearch/magneto_externalsearch|TOTAL|OK|1301|{CORPORATE#010#NET43205#null#null}|{COMPANY#null#null#null#03978500720#null#null#null-null}|0\n"],"type":"rsyslog_produzione_dcos","logsource":"prod-dcos6-12102016","tags":["journal"],"SID":"1501718321","DATE":"18/05/2017 11:07:02,399","@timestamp":"2017-05-18T09:07:03.772Z","EXECUTION_TIME":1301,"@version":"1","LABEL":"SPLUNK","SERVICE":"externalsearch/magneto_externalsearch","LOGLEVEL":"MSG"}
Event received on TCP port 55555
{"CALLER_INFO":"{CORPORATE#010#NET43205#null#null}","INPUT":"1300013","APPLICATION_SERVICE":"MAGNETO.EXTERNALSEARCH","ESITO":"OK","OUTPUT":"AUTHORIZED","APPLICATION":"magneto","timestamp8601":"2017-05-19T12:28:45.940854+00:00","PID":"1528829935","STEP":"IS_AUTHORIZED_CONSUMPTION","program":"journal","CLASS":"LogUtil.traceStep","message":["2017-05-19T12:28:45.940854+00:00 prod-dcos6-12102016 journal: MSG;1937509434;1528829935;MAGNETO.EXTERNALSEARCH;LogUtil.traceStep;19/05/2017 14:28:45,940;SPLUNK - magneto/externalsearch/magneto_externalsearch|IS_AUTHORIZED_CONSUMPTION|OK|46|{CORPORATE#010#NET43205#null#null}|1300013|AUTHORIZED\n","MSG;1937509434;1528829935;MAGNETO.EXTERNALSEARCH;LogUtil.traceStep;19/05/2017 14:28:45,940;SPLUNK - magneto/externalsearch/magneto_externalsearch|IS_AUTHORIZED_CONSUMPTION|OK|46|{CORPORATE#010#NET43205#null#null}|1300013|AUTHORIZED\n"],"type":"rsyslog_produzione_dcos","logsource":"prod-dcos6-12102016","tags":["journal"],"SID":"1937509434","DATE":"19/05/2017 14:28:45,940","@timestamp":"2017-05-19T12:28:47.080Z","EXECUTION_TIME":46,"@version":"1","LABEL":"SPLUNK","SERVICE":"externalsearch/magneto_externalsearch","LOGLEVEL":"MSG"}{"CALLER_INFO":"{CORPORATE#010#NET43205#null#null}","INPUT":"{COMPANY#null#null#01893500890#null#null#null#null-null}","APPLICATION_SERVICE":"MAGNETO.EXTERNALSEARCH","ESITO":"OK","OUTPUT":"0","APPLICATION":"magneto","timestamp8601":"2017-05-19T12:28:46.449567+00:00","PID":"1528829935","STEP":"LIMINIRIS_REQUEST","program":"journal","CLASS":"LogUtil.traceStep","message":["2017-05-19T12:28:46.449567+00:00 prod-dcos6-12102016 journal: MSG;1937509434;1528829935;MAGNETO.EXTERNALSEARCH;LogUtil.traceStep;19/05/2017 14:28:46,448;SPLUNK - magneto/externalsearch/magneto_externalsearch|LIMINIRIS_REQUEST|OK|508|{CORPORATE#010#NET43205#null#null}|{COMPANY#null#null#01893500890#null#null#null#null-null}|0\n","MSG;1937509434;1528829935;MAGNETO.EXTERNALSEARCH;LogUtil.traceStep;19/05/2017 14:28:46,448;SPLUNK - magneto/externalsearch/magneto_externalsearch|LIMINIRIS_REQUEST|OK|508|{CORPORATE#010#NET43205#null#null}|{COMPANY#null#null#01893500890#null#null#null#null-null}|0\n"],"type":"rsyslog_produzione_dcos","logsource":"prod-dcos6-12102016","tags":["journal"],"SID":"1937509434","DATE":"19/05/2017 14:28:46,448","@timestamp":"2017-05-19T12:28:47.080Z","EXECUTION_TIME":508,"@version":"1","LABEL":"SPLUNK","SERVICE":"externalsearch/magneto_externalsearch","LOGLEVEL":"MSG"}{"CALLER_INFO":"{CORPORATE#010#NET43205#null#null}","INPUT":"{COMPANY#null#null#01893500890#null#null#null#null-null}","APPLICATION_SERVICE":"MAGNETO.EXTERNALSEARCH","ESITO":"OK","OUTPUT":"2137352876","APPLICATION":"magneto","timestamp8601":"2017-05-19T12:28:46.540997+00:00","PID":"1528829935","STEP":"BUILD_ACCOUNT","program":"journal","CLASS":"LogUtil.traceStep","message":["2017-05-19T12:28:46.540997+00:00 prod-dcos6-12102016 journal: MSG;1937509434;1528829935;MAGNETO.EXTERNALSEARCH;LogUtil.traceStep;19/05/2017 14:28:46,540;SPLUNK - magneto/externalsearch/magneto_externalsearch|BUILD_ACCOUNT|OK|91|{CORPORATE#010#NET43205#null#null}|{COMPANY#null#null#01893500890#null#null#null#null-null}|2137352876\n","MSG;1937509434;1528829935;MAGNETO.EXTERNALSEARCH;LogUtil.traceStep;19/05/2017 14:28:46,540;SPLUNK - magneto/externalsearch/magneto_externalsearch|BUILD_ACCOUNT|OK|91|{CORPORATE#010#NET43205#null#null}|{COMPANY#null#null#01893500890#null#null#null#null-null}|2137352876\n"],"type":"rsyslog_produzione_dcos","logsource":"prod-dcos6-12102016","tags":["journal"],"SID":"1937509434","DATE":"19/05/2017 14:28:46,540","@timestamp":"2017-05-19T12:28:47.100Z","EXECUTION_TIME":91,"@version":"1","LABEL":"SPLUNK","SERVICE":"externalsearch/magneto_externalsearch","LOGLEVEL":"MSG"}{"CALLER_INFO":"{CORPORATE#010#NET43205#null#null}","INPUT":"{COMPANY#null#null#01893500890#null#null#null#null-null}","APPLICATION_SERVICE":"MAGNETO.EXTERNALSEARCH","ESITO":"OK","OUTPUT":"0","APPLICATION":"magneto","timestamp8601":"2017-05-19T12:28:46.541236+00:00","PID":"1528829935","STEP":"TOTAL","program":"journal","CLASS":"LogUtil.traceStep","message":["2017-05-19T12:28:46.541236+00:00 prod-dcos6-12102016 journal: MSG;1937509434;1528829935;MAGNETO.EXTERNALSEARCH;LogUtil.traceStep;19/05/2017 14:28:46,540;SPLUNK - magneto/externalsearch/magneto_externalsearch|TOTAL|OK|647|{CORPORATE#010#NET43205#null#null}|{COMPANY#null#null#01893500890#null#null#null#null-null}|0\n","MSG;1937509434;1528829935;MAGNETO.EXTERNALSEARCH;LogUtil.traceStep;19/05/2017 14:28:46,540;SPLUNK - magneto/externalsearch/magneto_externalsearch|TOTAL|OK|647|{CORPORATE#010#NET43205#null#null}|{COMPANY#null#null#01893500890#null#null#null#null-null}|0\n"],"type":"rsyslog_produzione_dcos","logsource":"prod-dcos6-12102016","tags":["journal"],"SID":"1937509434","DATE":"19/05/2017 14:28:46,540","@timestamp":"2017-05-19T12:28:47.112Z","EXECUTION_TIME":647,"@version":"1","LABEL":"SPLUNK","SERVICE":"externalsearch/magneto_externalsearch","LOGLEVEL":"MSG"}
Has anyone seen anything like it before?
... View more
- Tags:
- duplication
- events
- tcp
01-27-2017
12:35 AM
Hi Giuseppe, using TA_Windows Security Stanza with soucetype WinEventLog:Security all woks fine!
Thank you.
... View more
01-23-2017
04:02 AM
Hi Giuseppe, no I don't use soucetype=WinEventLog:Security
this is my inputs.conf:
[WinEventLog://ForwardedEvents]
disabled = 1
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
index = security
_TCP_ROUTING= collaudo
... View more
01-23-2017
01:35 AM
No, unfortunately, in the windows log contain the correct messages! In the example that I had submitted, windows security log for string Accesses presents the value "ReadData (or ListDirectory)", but my search in splunk returns %9
... View more
01-23-2017
12:36 AM
Good morning,
I noticed that Splunk (v. 6.5.1) does not properly report some fields of security event logs collected.
In the example, the value in the field "Accesses" of my Windows security log is : “ReadData (or ListDirectory)” but in the result of search in splunk I have : "%9"
And, unfortunately, also other fields are affected by the same problem!
Can someone help me?!
Thank you!
... View more
12-13-2016
07:07 AM
I have a problem after an unexpected restart of my splunk.
The Splunk DB Connect app v. 2.3.0 doesn’t work properly. This is the error in dbx2.log:
2016-12-13T02:25:18+0100 [INFO] [rpcstart.py], line 363: action=run_rpc_start rpc_start_pid=5999 args=['/opt/splunk/etc/apps/splunk_app_db_connect/bin/rpcstart.py', '--scheme']
2016-12-13T02:25:20+0100 [INFO] [mi_session.py], line 38 : session updated
2016-12-13T02:25:21+0100 [INFO] [rpcstart.py], line 363: action=run_rpc_start rpc_start_pid=6404 args=['/opt/splunk/etc/apps/splunk_app_db_connect/bin/rpcstart.py']
2016-12-13T02:25:21+0100 [INFO] [rpcstart.py], line 125: action=start_to_run_rpc_server rpc_start_pid=6404
2016-12-13T02:25:21+0100 [CRITICAL] [rpcstart.py], line 150: action=java_path_does_not_exist java_home=""
2016-12-13T02:25:21+0100 [CRITICAL] [rpcstart.py], line 378: action=rpc_server_has_been_abnormally_terminated error=Invalid java path.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/rpcstart.py", line 376, in
_start_rpc_server(sys.stdin.read())
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/rpcstart.py", line 360, in _start_rpc_server
run(configs)
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/rpcstart.py", line 151, in run
raise Exception("Invalid java path.")
Exception: Invalid java path.
I set my java_home path in
and save and restarted my RPC server.
Why, after the unexpected restart, the inputs.conf is empty with only these lines:
[rpcstart://default]
javahome = /opt/java
useSSL = 0
Can you help me in order to prevent similar situations in future?
... View more
12-07-2016
02:59 AM
I have a problem with the right extraction of timestamp in a log file. The string example of my log :
161206 152835 LNX64 3 PWX-36145 ORAD Info Mbr 2: + Low SCN 6120947915182. Low SCN Time 12/06/2016 14:58:17.
161206 152835 LNX64 3 PWX-36146 ORAD Info Mbr 2: + Next SCN 6120950880737. Next SCN Time 12/06/2016 15:27:58.
161206 152900 LNX64 3 PWX-36117 ORAD Info Mbr 3: Reader is waiting for log sequence 36736 with start SCN 6120950700533 to be archived.
161206 152908 LNX64 3 PWX-36440 ORAD Info: Monitor messages begin (2016/12/06 15:29:08).
161206 152908 LNX64 3 PWX-36441 ORAD Info: Interval return counts: no data 114, commits 32717, inserts 35394, updates 5898, deletes 118.
161206 152908 LNX64 3 PWX-36442 ORAD Info: Interval TMGR counts: no data 124, transaction control 529871, operations 109033, other 0.
this my props.conf :
[etl-pwxccl_log2]
CHARSET = UTF-8
TIME_PREFIX=^
MAX_TIMESTAMP_LOOKAHEAD = 14
TIME_FORMAT = %Y%m%d %H%M%S
SHOULD_LINEMERGE = false
disabled = false
REPORT-pwxccl = etl-pwxxccl-fields
this my transforms.conf:
[etl-pwxxccl-fields]
REGEX= ^(?P\d+)\s+(?P\d+)\s+(?P.+)
FORMAT = DATA::"$1" ORA::"$2" MESSAGE::"$3"
WRITE_META=1
With this configuration the extraction of date is correct but is the time incorrect (recovered in other places of the log line?)
Can someone help me?
... View more
