How to assi gn the sourcetype wms_oracle_sessions to the data on ingestion phase. ... View more

We have created sourcetype wms_oracle_sessions but no luck. No data is getting displayed on the dashboard ... View more

This worked. dbquery wmsewprd  "select REC_TYPE, CODE_TYPE, CODE_DESC, SHORT_DESC, USER_ID from SYS_CODE_TYPE"   We created database connection under setting->External Databases and after that restarted splunk on the host. When we tried the below query, it worked.   dbquery wmsewprd  "select REC_TYPE, CODE_TYPE, CODE_DESC, SHORT_DESC, USER_ID from SYS_CODE_TYPE"   This issue is resolved. ... View more

This issue is resolved. ... View more

The issue was "Java Bridge server was not running". We engaged splunk support and they fixed the issue. We configured to connect DB of webmethods and restarted splunk. That resolved the issue. ... View more

                                                                                  eventtype err0r (error)   nix-all-logs   nix_errors (error)     oracle_sid wmb2bprd     tag error     unix_category all_hosts     unix_group default     wmApplication database     wmApplicationType b2b     wmEnvironment prd   Time   _time 2019-06-15T03:30:46.948+10:00   Default   index webmethods_prd     linecount 12     punct --_::.=----=----=----=.=.=..:=..:=----=__=_:,__:__     splunk_server aeapsplnd01 ... View more

Type   Field Value Actions Selected   host aeapwmora02     source dbmon-tail://wmb2bprd/webmethods:WMERROR     sourcetype webmethods:wmerror   Event   AUDITTIMESTAMP 1560497446.948     CONTEXTID d34b7125-313a-4d6f-9638-ad324032802f     ERRORMESSAGE document is null     ERRSTACKTRACE Error Type:exception, Error Message:document is null, Service Name:     INSERTTIMESTAMP 1560497446.949     MSGID 8090bffc-5837-93c2-cb9c-833f427fb709     PARENTCONTEXTID 61739280-d3af-44fd-a7c6-0afd3cf4d450     ROOTCONTEXTID 702f9ad0-1c19-4181-b543-56f3ee69e010     SERVERID aeapwmappb2b39.ce.corp:5555     SERVICENAME pub.event.exception:logToFile     eventtype err0r (error)   nix-all-logs   nix_errors (error) ... View more

Following is the search query.   index=webmethods_prd sourcetype=webmethods:wmerror   Time range picker : All time Sample data of 15th June, 2019. 15/06/2019 03:30:46.948 aeaxwmora02 dbmon-tail://wmb2bprd/webmethods:WMERROR webmethods:wmerror     ... View more

Hi,   I typed the command java -version on Indexer sever.  [root@aeaxsplnd01 ~]# java -version -bash: java: command not found [root@aeaxsplnd01 ~]# which java /usr/bin/which: no java in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)   Is JRE needs to be installed on Indexer server or it needs to be installed on Search head server. ... View more

Hi,   I incorporated the following in inputs.conf. [monitor://dbmon-tail://wmb2bprd/webmethods:WMERROR] index = webmethods_prd sourcetype = webmethods:wmerror disabled = false [root@aeaxwmora02 local]# pwd /opt/splunkforwarder/etc/system/local [root@aeaxwmora02 local]# cat inputs.conf [default] host = aeaxwmora02 [monitor://dbmon-tail://wmb2bprd/webmethods:WMERROR] index = webmethods_prd sourcetype = webmethods:wmerror disabled = false Restarted Splunk, but still showing data till 6/15/2019. Data  after 6/15/2019 is not showing.     ... View more

User says that it’s a database, not a file, and hence doesn’t follow the usual Splunk forwarder file indexing process. Source is like this  dbmon-tail://wmb2bprd/webmethods:WMERROR   How should I go. ... View more

Can you please help me on next steps. ... View more

data are generated by the source system? you can check this analyzing files on source system; I need to check from the user what data he is looking for.   the source system reach to send logs to the Indexer? you can check this with a simple search index=_internal host=source_system_hostname​ Yes source system can able to reach indexer to send logs. This I verified by the following query. index=_internal host=aeapwmora02 Events got generated of today's data.   are index and sourcetype correct? you can check this analyzing inputs.conf on the source system.   I verified the inputs.conf on the source sytem but nothing defined in inputs.conf   [root@aeaxwmora02 local]# pwd /opt/splunkforwarder/etc/system/local [root@aeaxwmora02 local]# cat inputs.conf [default] host = aeaxwmora02 [root@aeaxwmora02 local]# We found that index  webmethods_prd is existing by the following query. | eventcount summarize=false index=* index=_* | dedup index | fields index   and sourcetype is existing by the following query. sourcetype="webmethods:wmerror" host=aeaxwmora02 Events are getting generated and we got latest event dated 6/15/2019.  No events generated after the data 6/15/2019.  Under interesting fields, value of  index is showing as webmethods_prd.   What should be the next steps.   Do I need to get the information from the user what source files he is looking for along with the path. and configure in inputs.conf     ... View more