Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About yeisonv
yeisonv
Explorer
Member since:
07-27-2020
07-30-2020
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 7 |
| Karma Received | 0 |
| Member Since | 07-27-2020 |
Activity Feed
- Posted Re: trying to generate an alert but The problem is that the logs are different on Splunk Search. 07-30-2020 09:35 AM
- Posted Re: trying to generate an alert but The problem is that the logs are different on Splunk Search. 07-30-2020 06:28 AM
- Karma Re: trying to generate an alert but The problem is that the logs are different for isoutamo. 07-30-2020 06:10 AM
- Posted Re: trying to generate an alert but The problem is that the logs are different on Splunk Search. 07-29-2020 04:04 PM
- Karma Re: trying to generate an alert but The problem is that the logs are different for isoutamo. 07-29-2020 03:35 PM
- Posted Re: trying to generate an alert but The problem is that the logs are different on Splunk Search. 07-29-2020 01:29 PM
- Karma Re: trying to generate an alert but The problem is that the logs are different for isoutamo. 07-29-2020 01:23 PM
- Karma Re: How do I extract certain data from the log? weblogic for richgalloway. 07-29-2020 12:43 PM
- Posted trying to generate an alert but The problem is that the logs are different on Splunk Search. 07-29-2020 08:18 AM
- Posted Re: How do I extract certain data from the log? weblogic on Splunk Search. 07-29-2020 06:32 AM
- Karma Re: How do I extract certain data from the log? weblogic for richgalloway. 07-27-2020 12:49 PM
- Posted Re: How do I extract certain data from the log? weblogic on Splunk Search. 07-27-2020 11:24 AM
- Karma Re: How do I extract certain data from the log? weblogic for richgalloway. 07-27-2020 11:24 AM
- Posted How do I extract certain data from the log? weblogic on Splunk Search. 07-27-2020 09:24 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
07-30-2020
09:35 AM
thanks I was able to solve with "dedup" index=wls sourcetype=wls_managedserver "debug" OR "DEBUG" | rex "(\<[^>]+> ){3}\<(?<Host>[^>]+)>\s+<(?<Cluster>[^>]+)>\s+<(?<App>[^>]+)>.*BEA-000000>\s<(?<Message>[^>]+)>" | rex field=Message "\[?\d+\/\d+\/\d+\s+\d+:\d+(:\d+\.\d+)?\]?\s+\[?(?<logLevel>[^\s\]]+)\]?" | dedup host | where logLevel = "DEBUG" | stats values(Message) as Messages by logLevel, Host, Cluster Im happy thanks
... View more
07-30-2020
06:28 AM
Thank you very much, He had put together something similar. if i want to send 1 single event found by host? When I run the query I have many events per host but I would like to send 1 even by email
... View more
07-29-2020
04:04 PM
Thank you. What I saw when executing it is that it brings me only values of those 3 logs, specify what variables I wanted to exit. But it doesn't analyze other logs
... View more
07-29-2020
01:29 PM
thank you very much for taking the time to help me The problem is that in production we have more than 60 productive applications and they are always changing. I'm trying to identify when they change the app to "debug" mode and thus generate an alert so When executing this index=wls sourcetype=wls_managedserver "debug" | stats count by host It shows me the hosts where the word "Debug" is, but I see many events because the app writes the same thing several times in the log. Is there a way to be able to list the hosts that send me 1 event per hosts by email?
... View more
07-29-2020
08:18 AM
Good morning, I am trying to generate an alert for productive applications when they are in "debug" mode The problem is that the logs are different. when i search "index=wls sourcetype=wls_managedserver "debug" | stats count by host" logically it lists the hosts that meet the condition in debug mode. I would need to generate an alert to send me which hosts have the app in debug mode, but at the same time to send me only a trace of that search by email ó extract the fields but it is more difficult because they are different Host= W1422 Cluster= qa.3.3_man05 app= app.userdown or [appwork.consumer.serviceTaskExecutorBackedUpQueueConsumer- 149] log examples: ####<Jul 29, 2020 12:07:28 PM ART> <Notice> <Stdout> <W1422> <qa3.3_man05> <mq.task.executor-1> <<WLS Kernel>> <> <> <1596035248169> <BEA-000000> <2020/07/29 12:07:28.169 [DEBUG] [mq.task.executor-1] [appwork.consumer.serviceTaskExecutorBackedUpQueueConsumer- 149] - No hay mensajes en la cola> host = W1422 source = /logs/qa3_domain3/qa3.3_man05_yyyy-MM-dd.log sourcetype = wls_managedserver ####<Jul 29, 2020 12:09:16 PM ART> <Notice> <Stdout> <W1522> <qa3.3_cl6_man01> <app.userdown> <<WLS Kernel>> <> <> <1596035356838> <BEA-000000> <[29/07/2020 12:09] DEBUG MonitoringManager.getSourceProcessor() -> Verificando processor para: javax.jms.ExceptionListener contra el tipo .persistence> host = W1522 source = /logs/qa3_domain3/qa3.3_cl6_man01p_yyyy-MM-dd.log sourcetype = wls_managedserver ####<Jul 29, 2020 12:10:01 PM ART> <Notice> <Stdout> <W0188> <desa5.3_cl6_man01> <org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7> <<WLS Kernel>> <> <> <1596035401281> <BEA-000000> <[29/07/2020 12:10] DEBUG SqlStatementLogger.logStatement() -> if anyone can help me thanks
... View more
07-29-2020
06:32 AM
Thanks, use part of the query you sent. index=wls sourcetype=wls_adminserver | rex "(\<[^>]+> ){3}\<(?<AdminServer>[^>]+)" | rex "(\<[^>]+> ){6}\<(?<User>[^>]+)" | rex "application,(?<App>[^#]+)" | rex ", to (?<Cluster>[\S]+)" | stats count by AdminServer, _time, User, App, Cluster | where count > 2 Thanks
... View more
07-27-2020
11:24 AM
Thanks for answering The problem is that the information I need does not reach me in the alert. The mail arrives like this host count EWL1522 1 I had done something like that Could you somehow email me only that information splunk _raw _time host index linecount source sourcetype splunk_server ####<Jul 24, 2020, 4:27:27,117 PM ART> <Info> <J2EE Deployment SPI> <EWL1522> <AdminServer> <[ACTIVE] ExecuteThread: '48' for queue: 'weblogic.kernel.Default (self-tuning)'> <torrelia> <> <4e1f868c-178a-4316-8cc0-a631e22c8aee-0014f65f> <1595618847117> <[severity-value: 64] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-260121> <Initiating start operation for application, consumer#1.0 [archive: null], to homo3.8_cl1 .> Fri Jul 24 16:27:27 2020 EWL1522 wls 1 /u03/oracle/logs/domains/homo3_domain8/AdminServer_yyyy-MM-dd.log wls_adminserver EWL1522
... View more
07-27-2020
09:24 AM
Hi all. I am new to using splunk. I am trying to be able to extract data from a log for the last 15 minutes. I try to generate the alert, every time an implementation of "Weblogic AdminServer" is made on the different hosts we have with splunk I would need to know who made it, host, application and cluster. I used raw to extract it but it didn't work index=wls sourcetype=wls_adminserver host=EWL1522 user=<torrelia> app= consumer cluster=homo3.8_cl1 ####<Jul 24, 2020, 4:27:27,117 PM ART> <Info> <J2EE Deployment SPI> <EWL1522> <AdminServer> <[ACTIVE] ExecuteThread: '48' for queue: 'weblogic.kernel.Default (self-tuning)'> <torrelia> <> <4e1f868c-178a-4316-8cc0-a631e22c8aee-0014f65f> <1595618847117> <[severity-value: 64] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-260121> <Initiating start operation for application,consumer#1.0 [archive: null], to homo3.8_cl1 .> anyone who can help me thanks.
... View more
Labels
- Labels:
-
table
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-30-2020
12:56 PM
|
