Activity Feed
- Posted Adding data to the datamodel on Getting Data In. 08-27-2020 05:13 AM
- Tagged Adding data to the datamodel on Getting Data In. 08-27-2020 05:13 AM
- Tagged Adding data to the datamodel on Getting Data In. 08-27-2020 05:13 AM
- Tagged Adding data to the datamodel on Getting Data In. 08-27-2020 05:13 AM
- Tagged Adding data to the datamodel on Getting Data In. 08-27-2020 05:13 AM
- Karma Re: Getting error when trying to install DB Connect. for isoutamo. 08-26-2020 07:54 AM
- Tagged Re: Getting error when trying to install DB Connect. on All Apps and Add-ons. 08-26-2020 06:08 AM
- Tagged Re: Getting error when trying to install DB Connect. on All Apps and Add-ons. 08-26-2020 06:08 AM
- Tagged Re: Getting error when trying to install DB Connect. on All Apps and Add-ons. 08-26-2020 06:08 AM
- Tagged Re: Getting error when trying to install DB Connect. on All Apps and Add-ons. 08-26-2020 06:08 AM
- Posted Re: Getting error when trying to install DB Connect. on All Apps and Add-ons. 08-26-2020 06:07 AM
- Karma Re: Getting error when trying to install DB Connect. for thambisetty. 08-26-2020 02:52 AM
- Karma Re: Getting error when trying to install DB Connect. for isoutamo. 08-26-2020 02:52 AM
- Posted Re: Getting error when trying to install DB Connect. on All Apps and Add-ons. 08-26-2020 02:00 AM
- Posted Getting error when trying to install DB Connect. on All Apps and Add-ons. 08-25-2020 07:43 AM
- Karma Re: Getting windows logs into splunk for natalielam. 06-05-2020 12:51 AM
- Karma Re: Would you recommend regex extraction vs rex SPL and why ? for gcusello. 06-05-2020 12:51 AM
- Karma Re: Would you recommend regex extraction vs rex SPL and why ? for to4kawa. 06-05-2020 12:51 AM
- Karma Re: Would you recommend regex extraction vs rex SPL and why ? for woodcock. 06-05-2020 12:51 AM
- Karma Re: Looking to fork the Speedtest app from Splunkbase... for markhill1. 06-05-2020 12:50 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-27-2020
05:13 AM
Hi, I'm looking to add CIM compliant database data to the databases datamodel. To give you some context what im trying to approach, im looking to do use case discovery for ES correlated searches focused on the databases datamodel, so i would love data to do queries against. What database(s) would be suggested that is childishly easy to setup and can fill as much as possible on the datamodel in splunk? Thanks in advance!
... View more
08-26-2020
06:07 AM
Issue resolved. [mysqld] bind-address = 0.0.0.0 # skip-networking in /etc/mysql/my.cnf resolved the issue Also, give correct permissions to the SQL database user. This page helped me. https://www.digitalocean.com/community/questions/error-2003-hy000-can-t-connect-to-mysql-server-on-xxx-xx-xx-xx-110 Mainly the comment from SteveHoober on the bottom of the page. Take into account that you can just install a mysql client on your splunk instance that will spit out error codes and give A LOT more information. Good luck for who has this issue, it took me two days.. Be brave.
... View more
08-26-2020
02:00 AM
@thambisetty@isoutamo Splunk Splunk DB Connect = 3.3.1 Splunk Enterprise Version:8.0.5/Build:a1a6394cc5ae Java openjdk 11.0.8 2020-07-14 OpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu118.04.1) OpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu118.04.1, mixed mode, sharing) Connector mysql-connector-java-8.0.21.jar OS splunk Chassis: vm Virtualization: kvm Operating System: Ubuntu 18.04.5 LTS Kernel: Linux 4.15.0-112-generic Architecture: x86-64 OS mySQL Server Chassis: vm Machine ID: 47a1c47f985847b088714d5ac07c0c27 Boot ID: 11d6f478de9148f6970cf4d5cef927ae Virtualization: kvm Operating System: Ubuntu 18.04.4 LTS Kernel: Linux 4.15.0-96-generic Architecture: x86-64 MySQL version mysql Ver 14.14 Distrib 5.7.31, for Linux (x86_64) using EditLine wrapper
... View more
08-25-2020
07:43 AM
I tried looking for 8 hours and no result found.
I have an SQL database that serves no purpose other than to add data into Splunk for testing (it has an online form to get the data in).
When I try to install DB Connect, this gives an error:
"There was an error processing your request. It has been logged (ID 7122576f9fb1563d)."
When I telnet from Splunk to the SQL server I get the event below.
splunk@Splunk:~$ telnet 10.0.4.4 3306
Trying 10.0.4.4...
Connected to 10.0.4.4.
Escape character is '^]'.
[
5.7.31-0ubuntu0.18.04.19>c^hD=-PGSj2;C@mysql_native_passwordxterm-256colorbob
!#08S01Got packets out of orderConnection closed by foreign host.
splunk@Splunk:~$
So that seems to be working-ish. When I search on the error ID I get the following (see below).
I'd love a hint, if not a solution, of where to look for a solution. Feel free to ask more details if needed.
2020-08-25 16:37:05.217 +0200 [dw-57 - POST /api/connections/status] ERROR io.dropwizard.jersey.errors.LoggingExceptionMapper - Error handling a request: 7122576f9fb1563d
java.lang.NullPointerException: null
at com.splunk.dbx.connector.logger.AuditLogger.replace(AuditLogger.java:50)
at com.splunk.dbx.connector.logger.AuditLogger.error(AuditLogger.java:44)
at com.splunk.dbx.server.api.service.database.impl.DatabaseMetadataServiceImpl.getStatus(DatabaseMetadataServiceImpl.java:159)
at com.splunk.dbx.server.api.service.database.impl.DatabaseMetadataServiceImpl.getConnectionStatus(DatabaseMetadataServiceImpl.java:116)
at com.splunk.dbx.server.api.resource.ConnectionResource.getConnectionStatusOfEntity(ConnectionResource.java:72)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:392)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:365)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:318)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
at io.dropwizard.jetty.NonblockingServletHolder.handle(NonblockingServletHolder.java:50)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617)
at io.dropwizard.servlets.ThreadNameFilter.doFilter(ThreadNameFilter.java:35)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
at io.dropwizard.jersey.filter.AllowedMethodsFilter.handle(AllowedMethodsFilter.java:47)
at io.dropwizard.jersey.filter.AllowedMethodsFilter.doFilter(AllowedMethodsFilter.java:41)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
at com.splunk.dbx.server.api.filter.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:30)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:249)
at io.dropwizard.jetty.RoutingHandler.handle(RoutingHandler.java:52)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717)
at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:54)
at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:173)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:500)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
at java.lang.Thread.run(Thread.java:748)
... View more
Labels
- Labels:
-
installation
03-15-2020
12:51 PM
Great answer, thanks. All answers are obviously accepted!
... View more
03-14-2020
11:46 PM
I am learning Splunk and i can see there are two common ways regex is being used for generating fields. Either using the rex command or the field extractions technique or via rex SPL command. I am wondering if there is a benefit for using the regex extraction over the rex SPL. In my view this is not efficient as the regex extraction will do the regex on all logs coming in and the rex command only of the SPL range used which uses up less resources ?
Am i wrong thinking this way ? Can you explain me why ?
Thanks in advance!
... View more
03-08-2020
11:23 PM
Thanks for your reply, is this possible using the free edition of Splunk though ?
( i was convinced i got the cooked logs due to license, not due to config of forwarder in windows )
... View more
03-08-2020
12:43 AM
Hi,
I am very new to Splunk. I am looking for a way to get windows logs into Splunk.
I downloaded the Splunk forwarder but the issue is that this gives me gibberish logs.
Example: "--splunk-cooked-mode-v3--\x00\x00\x00\x00\x00\x00\x00\x00\"
I understood this is due to it being TCP but not being recognized as such and it needing to be configured in splunk itself as receiving from a Splunk fowarder ?
But this is not allowed with a free license ?
If anyone has a link explaining this, that would be a massive help, i would love to understand it way better.
I apologize up front if this is a really silly question and the answer is obvious.
... View more
03-08-2020
12:35 AM
So i could index 50GB in a single time and not be limited as i only did it once ?
Suppose i do get limited i can search that data after my searching gets re-enabled ?
How long is searching disabled ?
... View more
03-08-2020
12:19 AM
This could be from your index max size ? Not sure though, very new to splunk but that would make sense.
... View more
03-08-2020
12:19 AM
This could be from your index max size ? Not sure though, very new to splunk but that would make sense.
... View more
03-08-2020
12:16 AM
Wasn't the splunk universal forwarder only available for the paid version ?
... View more
