Activity Feed
- Karma Re: How to extract fields from my sample data and include these results in an email alert? for esix_splunk. 06-05-2020 12:47 AM
- Got Karma for How to extract fields from my sample data and include these results in an email alert?. 06-05-2020 12:47 AM
- Got Karma for Monitoring of Java Virtual Machines with JMX: Why am I getting setup error "It has been determined via the REST API that all inputs have been disabled"?. 06-05-2020 12:47 AM
- Got Karma for Re: Monitoring of Java Virtual Machines with JMX: Why am I getting setup error "It has been determined via the REST API that all inputs have been disabled"?. 06-05-2020 12:47 AM
- Posted Re: nmon TA required? on All Apps and Add-ons. 05-27-2015 08:13 AM
- Posted Re: How to extract fields from my sample data and include these results in an email alert? on Splunk Search. 04-10-2015 08:40 AM
- Posted Re: Monitoring of Java Virtual Machines with JMX: Why am I getting setup error "It has been determined via the REST API that all inputs have been disabled"? on All Apps and Add-ons. 04-10-2015 05:26 AM
- Posted Re: Monitoring of Java Virtual Machines with JMX: Why am I getting setup error "It has been determined via the REST API that all inputs have been disabled"? on All Apps and Add-ons. 04-08-2015 09:20 AM
- Posted Monitoring of Java Virtual Machines with JMX: Why am I getting setup error "It has been determined via the REST API that all inputs have been disabled"? on All Apps and Add-ons. 04-08-2015 08:55 AM
- Tagged Monitoring of Java Virtual Machines with JMX: Why am I getting setup error "It has been determined via the REST API that all inputs have been disabled"? on All Apps and Add-ons. 04-08-2015 08:55 AM
- Tagged Monitoring of Java Virtual Machines with JMX: Why am I getting setup error "It has been determined via the REST API that all inputs have been disabled"? on All Apps and Add-ons. 04-08-2015 08:55 AM
- Tagged Monitoring of Java Virtual Machines with JMX: Why am I getting setup error "It has been determined via the REST API that all inputs have been disabled"? on All Apps and Add-ons. 04-08-2015 08:55 AM
- Posted Re: How to extract fields from my sample data and include these results in an email alert? on Splunk Search. 04-08-2015 04:05 AM
- Posted How to extract fields from my sample data and include these results in an email alert? on Splunk Search. 04-07-2015 09:12 AM
- Tagged How to extract fields from my sample data and include these results in an email alert? on Splunk Search. 04-07-2015 09:12 AM
- Tagged How to extract fields from my sample data and include these results in an email alert? on Splunk Search. 04-07-2015 09:12 AM
- Tagged How to extract fields from my sample data and include these results in an email alert? on Splunk Search. 04-07-2015 09:12 AM
- Tagged How to extract fields from my sample data and include these results in an email alert? on Splunk Search. 04-07-2015 09:12 AM
- Posted Re: Setup of universal forwarder - documentation mess on Getting Data In. 04-02-2015 08:39 AM
- Posted Setup of universal forwarder - documentation mess on Getting Data In. 04-02-2015 07:35 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 | |||
| 0 |
05-27-2015
08:13 AM
Hello,
I would like to collect and forward nmon data from different unix machines (having light Universal forwarder installed) to a standalone instance (splunk receiver). It looks like I need to use TA-nmon. i.e. install within %splunk-forwarder%/etc/apps in my unix machine.
Im unable to find the download location of TA-nmon unix installation file.
Could you please help me on this?
Ananth
... View more
04-10-2015
08:40 AM
Hi Esix_splunk,
I was bit unclear on the pipe symbol (assuming it as OR). Now, I'm able to extract exception message based on regex pattern, refer it to a field, create an alert with 2 columns (_time and my field). This looks better now.
Thanks for your answer.
Ananth
... View more
04-10-2015
05:26 AM
I think it should be a problem in the splunk receiver. From python code, I found that a java process is triggered and has restricted VM memory allocated. As the JMX app polls a remote JVM on a scheduled frequency, the receiver hardware resource is not enough for the splunk JMX receiver to scale and so you are having intermittent drops.
Are you running Splunk receiver in Windows or in Linux?
Ananth
... View more
04-08-2015
09:20 AM
1 Karma
Fixed it.
Go to settings --> Data Inputs --> JMX --> Select the JMX object --> Click enable
My JVM parameters started appearing!
thank you,
ananth
... View more
04-08-2015
08:55 AM
1 Karma
Hi,
I downloaded the "Monitoring of Java Virtual Machines with JMX" application and installed it using Splunk Web. It's on a Windows PC with Splunk Enterprise (trial). I got the following error in Splunk Web.
ERROR ExecProcessor - message from "python C:\Splunk\etc\apps\SPLUNK4JMX\bin\jmx.py" It has been determined via the REST API that all inputs have been disabled
Note: I have the correct server name and JMX port given in config.xml file. I tested the connection from my PC using JConsole and it works perfectly fine.
Could you help me on this?
How do I log this error to error file (from jmx.py code?)
Thank you,
Ananth
... View more
04-08-2015
04:05 AM
Hi,
I'm using the following search query to pick the payload contents.
sourcetype=MY_DEV source="/my_esb/logs/splunkerrorproducer.log" ERROR | rex field=_raw "(?s)payload contents =(?<my_field>[^\*]+)\n\*+"
However when I view the alert, it contains all additional information and it is due to the ERROR in the query. If I remove ERROR, the search returns no results.
I think there is some problem with regex in the search. The above search works without ?< my_field > in an online regex tool.
Is there anything missing to use regex and fields?
Ananth
... View more
04-07-2015
09:12 AM
1 Karma
Hello,
I'm evaluating splunk to capture data for raising data alerts, raising technical alerts etc.
Most of data generated is using Log4J2. I'm able to forward data from an Linux machine to a receiver (in windows PC).
I'm able to view real-time search. Now I need to filter the data based on regex or any expression and link it to email Alerts.
I tried using fields, but it seems complex to extract data from my search results.
Below is sample data:
2015-04-07 17:05:09,019 ERROR o.m.e.DefaultMessagingExceptionStrategy [[SplunkErrorProducer-vv3].SplunkErrorProducerFlow.stage1.02]
********************************************************************************
Message : Component that caused exception is: DefaultJavaComponent{SplunkErrorProducerFlow.component.207509504}. Message payload is of type: String
Code : MULE_ERROR--2
--------------------------------------------------------------------------------
Exception stack is:
1. payload contents =
Printing:
CommonProductResult #0 {..... 250 lines more ...}
*********************************************************************************
My questions are:
1) How do I extract data beginning from "payload contents" to the "********" line (around 250 lines - which are not fixed).
2) Even if I define a field, how can the field data be part of the email body for an alert?
Could you help me on this? Is field object necessary or any other way to extract data based on specific pattern and link it to email Alerts?
Thank you,
Ananth
... View more
04-02-2015
08:39 AM
Thank you - how can I recommend Splunk to fix their documentation?
Ananth
... View more
04-02-2015
07:35 AM
Hello,
I'm evaluating Splunk and got enterprise trial installed in my PC.
I would like to forward events/java log file data using an universal forwarded to enterprise trial.
The forwarder will run on an unix machine (simple: setup a forwarder, see how it works in splunk server/receiver)
The documentation links are confusing 😞 and is frustrating:
1) The documentation has splunk on unix, unix add on, splunk app for stream etc.
Which one is exactly the universal forwarder? (which will just do forwarding of data that is configured for).
2) What should I download and where is the step-by-step installation guide for this universal forwarder?
Thank you,
Ananth
... View more
