Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About torustad
torustad
Path Finder
Member since:
05-11-2011
11-12-2025
Community Statistics
| Posts | 14 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 5 |
| Member Since | 05-11-2011 |
Activity Feed
- Karma Re: unable_to_write_batch in db connect add-on for thomasroulet. 06-05-2020 12:49 AM
- Karma Re: What does yellow boxes/triangles in the search-app and panels with the text "Eventtype 'wineventlog-dns' does not exist or is disabled" (ditto for 'wineventlog-ds') mean? for tsweet_splunk. 06-05-2020 12:48 AM
- Got Karma for What does yellow boxes/triangles in the search-app and panels with the text "Eventtype 'wineventlog-dns' does not exist or is disabled" (ditto for 'wineventlog-ds') mean?. 06-05-2020 12:48 AM
- Got Karma for What does yellow boxes/triangles in the search-app and panels with the text "Eventtype 'wineventlog-dns' does not exist or is disabled" (ditto for 'wineventlog-ds') mean?. 06-05-2020 12:48 AM
- Got Karma for Why do I get this error in splunkd.log? "SearchScheduler - Error in 'DispatchManager': The user 'splunk-system-user' does not have sufficient search privleges". 06-05-2020 12:47 AM
- Got Karma for Search with utf-8 codes. 06-05-2020 12:45 AM
- Got Karma for Time of event off by three days. 06-05-2020 12:45 AM
- Posted Data Inputs REST / HTTP Header Properties: How can I specify a value with an "aring" (å) character in it? on Getting Data In. 01-18-2017 01:29 PM
- Tagged Data Inputs REST / HTTP Header Properties: How can I specify a value with an "aring" (å) character in it? on Getting Data In. 01-18-2017 01:29 PM
- Tagged Data Inputs REST / HTTP Header Properties: How can I specify a value with an "aring" (å) character in it? on Getting Data In. 01-18-2017 01:29 PM
- Tagged Data Inputs REST / HTTP Header Properties: How can I specify a value with an "aring" (å) character in it? on Getting Data In. 01-18-2017 01:29 PM
- Tagged Data Inputs REST / HTTP Header Properties: How can I specify a value with an "aring" (å) character in it? on Getting Data In. 01-18-2017 01:29 PM
- Tagged Data Inputs REST / HTTP Header Properties: How can I specify a value with an "aring" (å) character in it? on Getting Data In. 01-18-2017 01:29 PM
- Posted Re: What does yellow boxes/triangles in the search-app and panels with the text "Eventtype 'wineventlog-dns' does not exist or is disabled" (ditto for 'wineventlog-ds') mean? on Splunk Search. 07-28-2016 10:07 AM
- Posted Re: What does yellow boxes/triangles in the search-app and panels with the text "Eventtype 'wineventlog-dns' does not exist or is disabled" (ditto for 'wineventlog-ds') mean? on Splunk Search. 07-28-2016 04:30 AM
- Posted What does yellow boxes/triangles in the search-app and panels with the text "Eventtype 'wineventlog-dns' does not exist or is disabled" (ditto for 'wineventlog-ds') mean? on Splunk Search. 07-26-2016 06:47 AM
- Tagged What does yellow boxes/triangles in the search-app and panels with the text "Eventtype 'wineventlog-dns' does not exist or is disabled" (ditto for 'wineventlog-ds') mean? on Splunk Search. 07-26-2016 06:47 AM
- Posted Re: Monitoring Glassfish/JVM using "Monitoring of Java Virtual Machines with JMX" - fails to fetch database connection pool sttributes on All Apps and Add-ons. 02-17-2016 02:34 PM
- Posted Monitoring Glassfish/JVM using "Monitoring of Java Virtual Machines with JMX" - fails to fetch database connection pool sttributes on All Apps and Add-ons. 02-15-2016 08:36 AM
- Tagged Monitoring Glassfish/JVM using "Monitoring of Java Virtual Machines with JMX" - fails to fetch database connection pool sttributes on All Apps and Add-ons. 02-15-2016 08:36 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 2 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 1 | |||
| 1 |
01-18-2017
01:29 PM
Hi all,
So I am trying to specify a rest data input and I think there is a problem specifying a Header property which has a value with an "aring" (å) in it. I edited it into inputs.conf, but it was converted to an "a" when I saved the configuration back from Splunk Web.
I had same problem with curl as well; I got it to work by adding the property to a file which was read by means of the -K switch.
And it had to be an ANSI encoded file.
I have the following configuration which should be ok I think:
[rest://aName]
auth_password =
auth_type = none
auth_user =
backoff_time = 30
endpoint = https://aServer.a.dom.ain:8443/aProgram/system?_action=test
host = idm
http_method = POST
index = idm
index_error_response_codes = 1
polling_interval = 22
response_type = json
sequential_mode = 0
sourcetype = json_no_timestamp
streaming_request = 0
http_header_propertys = X-Username=aUserName,X-Password=N_XyZåAbC
disabled = 0
Does anybody know a way to input this password (seemingly ANSI-encoded) with the awkward å (aring)?
Unfortunately, changing the password is not an option.
Thanks and regards,
Bård Tørustad
... View more
07-28-2016
10:07 AM
We are here now: "Splunk App for Windows Infrastructure" version 1.3.0, so you are right - I upgraded it because I have a far more serious problem which I did not think had anything to do with this app, but I upgraded it anyway in the offchance that it did 🙂
... View more
07-28-2016
04:30 AM
Thanks for your help; I disabled the "splunk_app_windows_infrastructure" - app and the "yellow warnings" went away.
I have had this app installed for quite a time (albeit without it working :-)) so this "yellow warning" most likely came after the upgrade to 6.4.1.
However this message keeps coming in the splund.log:
07-26-2016 02:15:32.082 +0200 WARN IntrospectionGenerator:resource_usage - RU - Failure executing PDH query, skipping getting iostats data this collection cycle. Status code is -2147481643
Regards
Bård
... View more
07-26-2016
06:47 AM
2 Karma
Hi all,
We have the following setup:
Splunk Enterprise Server 6.4.1
Windows2008R2, 16 GB Physical Memory, 4 CPU Cores
Mode: Standalone
In all my searches from the Search-app i am getting a "yellow box with an exclamation mark in it", whereas in all the panels in a dashboard there is a "yellow triangle with an exclamation mark in it".
In both cases the following text appears whene I click them:
Eventtype 'wineventlog-dns' does not exist or is disabled.
Eventtype 'wineventlog-ds' does not exist or is disabled.
The searches as such seem to be ok.
Any suggestions as to where I should start looking?
Could it have anything to d with these mesaages from teh splunkd.log?
At restart:
07-25-2016 18:01:17.613 +0200 INFO PipelineComponent - Pipeline structuredparsing disabled in default-mode.conf file
07-25-2016 18:01:17.691 +0200 INFO IntrospectionGenerator:resource_usage - RU_main - I-data gathering (Resource Usage) starting; period=10s
07-25-2016 18:01:18.038 +0200 WARN IntrospectionGenerator:resource_usage - RU - Failure executing initial system PDH query, status code is -2147481643
07-25-2016 18:01:18.038 +0200 WARN IntrospectionGenerator:resource_usage - RU - Failure executing initial disk PDH query, status code is -2147481643
07-25-2016 18:01:18.038 +0200 INFO IntrospectionGenerator:resource_usage - RU_main - I-data gathering (IO Statistics) starting; interval=60s
07-25-2016 18:01:18.038 +0200 WARN IntrospectionGenerator:resource_usage - RU - Failure executing PDH query, skipping getting iostats data this collection cycle. Status code is -2147481643
Therafter every minute this:
07-26-2016 02:15:32.082 +0200 WARN IntrospectionGenerator:resource_usage - RU - Failure executing PDH query, skipping getting iostats data this collection cycle. Status code is -2147481643
Thanks for any help,
Kind reagards,
Bård Tørustad
... View more
- Tags:
- splunk-enterprise
02-17-2016
02:34 PM
Hi all,
Thank you for the promtp response Damien.
I have now managed to retrieve some attributes form a connection pool, but when I try to retrieve an attribute tagged with "[N/A]" (not available) in the mbean-browser as described below no events are indexed (ie not found by search).
So the question is whether any of you have experienced anything like that?
The following XML-element yields a result.
<mbean domain="amx" properties="type=jdbc-connection-pool-mon,pp=/mon/server-mon[server],name=resources/JobRepositoryConnectionPool">
<attribute name="Name" outputname="namn5"/>
<attribute name="averageconnwaittime" outputname="gjennomsnitt5"/>
<attribute name="numconnnotsuccessfullymatched" outputname="matchet5"/>
<attribute name="waitqueuelength" outputname="koelengde5"/>
</mbean>
returns this:
{"namn5":"resources/JobRepositoryConnectionPool","gjennomsnitt5":{"count":68,"description":"Average wait-time-duration per successful connection request","lastSampleTime":1455744439833,"name":"AverageConnWaitTime","startTime":1455729117451,"unit":"millisecond"},"matchet5":{"count":0,"description":"Number of connections rejected during matching","lastSampleTime":-1,"name":"NumConnNotSuccessfullyMatched","startTime":1455729117451,"unit":"count"},"koelengde5":{"count":0,"description":"Number of connection requests in the queue waiting to be serviced.","lastSampleTime":-1,"name":"WaitQueueLength","startTime":1455729117451,"unit":"count"},"jvmDescription":"ATM eAdmin Glassfish","mbean_domain":"amx","mbean_property_name":"resources/JobRepositoryConnectionPool","mbean_property_pp":"/mon/server-mon[server]","mbean_property_type":"jdbc-connection-pool-mon"}
However, if I try with the following element with the additional
<attribute name="numconnacquired" outputname="numconnacquired6"/>
nothing is returned by a search.
<mbean domain="amx" properties="type=jdbc-connection-pool-mon,pp=/mon/server-mon[server],name=resources/JobRepositoryConnectionPool">
<attribute name="Name" outputname="namn6"/>
<attribute name="averageconnwaittime" outputname="averageconnwaittime6"/>
<attribute name="numconnnotsuccessfullymatched" outputname="numconnnotsuccessfullymatched6"/>
<attribute name="waitqueuelength" outputname="waitqueuelength6"/>
<attribute name="numconnacquired" outputname="numconnacquired6"/>
</mbean>
When I copy from the mbean-browser i Java Mission Control, the element is tagged with "[N/A]":
Name Value Type Display Name Update Interval Description
numconnacquired [N/A] CompositeData numconnacquired -1 No description available for getNumConnAcquired
I have also tried the following XML to retrieve all data from the "java.lang"-domain:
but only he following is returned:
event1:
{"Valid":true,"Name":"Metaspace Manager","MemoryPoolNames":["Metaspace","Compressed Class Space"],"ObjectName":"java.lang:type=MemoryManager,name=Metaspace Manager","jvmDescription":"ATM eAdmin Glassfish","mbean_domain":"java.lang","mbean_property_name":"Metaspace Manager","mbean_property_type":"MemoryManager"}
event2:
{"CommittedVirtualMemorySize":2661863424,"FreePhysicalMemorySize":4962947072,"FreeSwapSpaceSize":5793099776,"ProcessCpuLoad":0.0,"ProcessCpuTime":917750000000,"SystemCpuLoad":0.015635532699800114,"TotalPhysicalMemorySize":8589463552,"TotalSwapSpaceSize":9931640832,"Name":"Windows Server 2012 R2","Version":"6.3","AvailableProcessors":2,"Arch":"amd64","SystemLoadAverage":-1.0,"ObjectName":"java.lang:type=OperatingSystem","jvmDescription":"ATM eAdmin Glassfish","mbean_domain":"java.lang","mbean_property_type":"OperatingSystem"}
Thanks for any help,
Kind regards
Bård Tørustad
... View more
02-15-2016
08:36 AM
Hi all,
I have started to test the "Monitoring of Java Virtual Machines with JMX"-application to monitor a Glassfish-instance.
It seems to work fine; i get data from the java.lang-mbeans, but from the amx-mebean domain for JDBC connection pools I get nothing.
This is perhaps not the correct place to ask this question; but I am only curious as to whether anyone of you has experienced the same?
I am trying to retrieve attributes from this mbean:
MBean Information Item Value
MBean Name amx:type=jdbc-connection-pool-app-mon,pp=/mon/server-mon[server],name=resources/JobRepositoryConnectionPool/eAdmin-16.3.0.2
Properties in creation order pp=/mon/server-mon[server],type=jdbc-connection-pool-app-mon,name=resources/JobRepositoryConnectionPool/eAdmin-16.3.0.2
MBean domain amx
type jdbc-connection-pool-app-mon
pp /mon/server-mon[server]
name resources/JobRepositoryConnectionPool/eAdmin-16.3.0.2
MBean Java Class jdbc-connection-pool-app-mon
MBean Description JDBC Connection pool Application based Statistics
with this template:
<mbean domain="amx" properties="pp=/mon/server-mon[server],type=jdbc-connection-pool-mon,name=resources/JobRepositoryConnectionPool">
<attribute name="Name" outputname="navn"/>
<attribute name="numconncreated" outputname="AntBrukt"/>
</mbean>
from which I get no events.
From this template, however, I get what I want:
<mbean domain="java.lang" properties="type=Compilation">
<!-- simple attributes -->
<attribute name="TotalCompilationTime" outputname="TotalCompilationTime"/>
</mbean>
<mbean domain="java.lang" properties="type=ClassLoading">
<!-- simple attributes -->
<attribute name="TotalLoadedClassCount" outputname="total"/>
<attribute name="LoadedClassCount" outputname="current"/>
<attribute name="UnloadedClassCount" outputname="unloaded"/>
</mbean>
...
Have any of you seen this before?
We are on GlassFish Server Open Source Edition 4.1 (build 13) and
java version "1.8.0_60"
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)
Maybe this is the reason: https://java.net/jira/browse/GLASSFISH-21272
And, by theway, I can read connection pool attributes by means of the REST-API.
I am very grateful for any help.
Kind regards,
Bård Tørustad
... View more
01-04-2016
05:00 AM
Hi all,
I want to try to monitor the JVMs in our Glassfish-instances (memory, transactions, database connection pools etc) using Splunk.
I have tested the Rest API which works fine, likewise the JMX-app.
Does anybody have any recommendations as to which of the two are the better in terms of load on the JVM as such.
Or are there any alternatives to these two apps?
(JVM Instrumentation Agent?)
Thank you, Damien, for the Apps!
Any help is appreciated.
Thanks and regards,
Bård Tørustad
... View more
03-09-2015
05:30 AM
I found that the following lines had been added to .../Splunk/etc/system/local/authorize.conf:
[role_admin]
importRoles =
srchIndexesDefault = akseptanse;main;msad;perfmon;summary;windows;wineventlog;winevents
srchMaxTime = 8640000
After having removed these lines the messages above do not occur in splunkd.log anymore.
I do not know how those lines came to be added to authorize.conf (I did not do it myself explicitly :-)); maybe when I removed some app, or when I edited the role_admin - role to make the "Splunk app for Microsoft Windows infrastructure" work.
Should this happen at all?
... View more
03-06-2015
01:28 AM
Version information:
Splunk Version
6.2.1
Splunk Build
245427
... View more
03-05-2015
07:05 AM
1 Karma
Seemingly after I installed the apps "Splunk App for Windows Infrastructure " and "Windows Add-on" the following error messages are flooding splunkd.log:
03-05-2015 15:48:51.448 +0100 ERROR DispatchManager - The user 'splunk-system-user' does not have sufficient search privleges.
03-05-2015 15:48:51.448 +0100 ERROR SearchScheduler - Error in 'DispatchManager': The user 'splunk-system-user' does not have sufficient search privleges.
I do not understand what they mean.
At the same time in the audit.log:
03-05-2015 15:48:51.448 +0100 INFO AuditLogger - Audit:[timestamp=03-05-2015 15:48:51.448, user=splunk-system-user, action=search, info=denied , search_id='scheduler__nobody_c3BsdW5rX2RlcGxveW1lbnRfbW9uaXRvcg__RMD589d00151dd198770_at_1425566400_92588', search=' summarize override=partial timespan= max_summary_size=52428800 max_summary_ratio=0.1 max_disabled_buckets=2 max_time=3600 [ search `dm_license_summary_10m_by_pool` ]', autojoin='1', buckets=0, ttl=60, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Fri Dec 05 00:00:00 2014', apiEndTime='Thu Jan 01 01:00:00 1970', savedsearch_name="_ACCELERATE_B4CAB4FC-62FD-4955-8951-F2777F04C839_splunk_deployment_monitor_nobody_49ee7cac9a05cfbf_ACCELERATE_"][n/a]
03-05-2015 15:48:51.448 +0100 INFO AuditLogger - Audit:[timestamp=03-05-2015 15:48:51.448, user=splunk-system-user, action=search, info=denied , search_id='scheduler__nobody_c3BsdW5rX2RlcGxveW1lbnRfbW9uaXRvcg__RMD5758fe1b10509f00e_at_1425566400_92589', search=' summarize override=partial timespan= max_summary_size=52428800 max_summary_ratio=0.1 max_disabled_buckets=2 max_time=3600 [ search `sourcetypes_summary_10m` ]', autojoin='1', buckets=0, ttl=60, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Fri Dec 05 00:00:00 2014', apiEndTime='Thu Jan 01 01:00:00 1970', savedsearch_name="_ACCELERATE_B4CAB4FC-62FD-4955-8951-F2777F04C839_splunk_deployment_monitor_nobody_463c95b47e289f0f_ACCELERATE_"][n/a]
03-05-2015 15:48:51.448 +0100 INFO AuditLogger - Audit:[timestamp=03-05-2015 15:48:51.448, user=splunk-system-user, action=search, info=denied , search_id='scheduler__nobody_c3BsdW5rX2RlcGxveW1lbnRfbW9uaXRvcg__RMD5b13a71946e1b9d14_at_1425566400_92590', search=' summarize override=partial timespan= max_summary_size=52428800 max_summary_ratio=0.1 max_disabled_buckets=2 max_time=3600 [ search `dm_license_summary_10m_by_source` ]', autojoin='1', buckets=0, ttl=60, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Fri Dec 05 00:00:00 2014', apiEndTime='Thu Jan 01 01:00:00 1970', savedsearch_name="_ACCELERATE_B4CAB4FC-62FD-4955-8951-F2777F04C839_splunk_deployment_monitor_nobody_6030b06d30f6e6f4_ACCELERATE_"][n/a]
03-05-2015 15:48:51.448 +0100 INFO AuditLogger - Audit:[timestamp=03-05-2015 15:48:51.448, user=splunk-system-user, action=search, info=denied , search_id='scheduler__nobody_c3BsdW5rX2RlcGxveW1lbnRfbW9uaXRvcg__RMD5825f35f83c8311df_at_1425566400_92591', search=' summarize override=partial timespan= max_summary_size=52428800 max_summary_ratio=0.1 max_disabled_buckets=2 max_time=3600 [ search `dm_license_summary_10m_by_host` ]', autojoin='1', buckets=0, ttl=60, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Fri Dec 05 00:00:00 2014', apiEndTime='Thu Jan 01 01:00:00 1970', savedsearch_name="_ACCELERATE_B4CAB4FC-62FD-4955-8951-F2777F04C839_splunk_deployment_monitor_nobody_26e747c470c62ba8_ACCELERATE_"][n/a]
03-05-2015 15:48:51.448 +0100 INFO AuditLogger - Audit:[timestamp=03-05-2015 15:48:51.448, user=splunk-system-user, action=search, info=denied , search_id='scheduler__nobody_c3BsdW5rX2RlcGxveW1lbnRfbW9uaXRvcg__RMD5b453f9e7776e363e_at_1425566400_92592', search=' summarize override=partial timespan= max_summary_size=52428800 max_summary_ratio=0.1 max_disabled_buckets=2 max_time=3600 [ search `sources_summary_10m` ]', autojoin='1', buckets=0, ttl=60, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Fri Dec 05 00:00:00 2014', apiEndTime='Thu Jan 01 01:00:00 1970', savedsearch_name="_ACCELERATE_B4CAB4FC-62FD-4955-8951-F2777F04C839_splunk_deployment_monitor_nobody_74744182914e20d1_ACCELERATE_"][n/a]
03-05-2015 15:48:51.448 +0100 INFO AuditLogger - Audit:[timestamp=03-05-2015 15:48:51.448, user=splunk-system-user, action=search, info=denied , search_id='scheduler__nobody_c3BsdW5rX2RlcGxveW1lbnRfbW9uaXRvcg__RMD5cb7dc0fcb8381ee5_at_1425566400_92593', search=' summarize override=partial timespan= max_summary_size=52428800 max_summary_ratio=0.1 max_disabled_buckets=2 max_time=3600 [ search `dm_license_summary_10m` ]', autojoin='1', buckets=0, ttl=60, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Fri Dec 05 00:00:00 2014', apiEndTime='Thu Jan 01 01:00:00 1970', savedsearch_name="_ACCELERATE_B4CAB4FC-62FD-4955-8951-F2777F04C839_splunk_deployment_monitor_nobody_28e51b5378d59f27_ACCELERATE_"][n/a]
03-05-2015 15:48:51.448 +0100 INFO AuditLogger - Audit:[timestamp=03-05-2015 15:48:51.448, user=splunk-system-user, action=search, info=denied , search_id='scheduler__nobody_c3BsdW5rX2RlcGxveW1lbnRfbW9uaXRvcg__RMD53af21b05a677c086_at_1425566400_92594', search=' summarize override=partial timespan= max_summary_size=52428800 max_summary_ratio=0.1 max_disabled_buckets=2 max_time=3600 [ search `dm_license_summary_10m_by_forwarder` ]', autojoin='1', buckets=0, ttl=60, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Fri Dec 05 00:00:00 2014', apiEndTime='Thu Mar 05 15:40:00 2015', savedsearch_name="_ACCELERATE_B4CAB4FC-62FD-4955-8951-F2777F04C839_splunk_deployment_monitor_nobody_ef0750b59633eb8b_ACCELERATE_"][n/a]
03-05-2015 15:48:51.448 +0100 INFO AuditLogger - Audit:[timestamp=03-05-2015 15:48:51.448, user=splunk-system-user, action=search, info=denied , search_id='scheduler__nobody_c3BsdW5rX2RlcGxveW1lbnRfbW9uaXRvcg__RMD5c2d3abf2a0486f8a_at_1425566400_92595', search=' summarize override=partial timespan= max_summary_size=52428800 max_summary_ratio=0.1 max_disabled_buckets=2 max_time=3600 [ search `indexers_summary_10m` ]', autojoin='1', buckets=0, ttl=60, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Fri Dec 05 00:00:00 2014', apiEndTime='Thu Jan 01 01:00:00 1970', savedsearch_name="_ACCELERATE_B4CAB4FC-62FD-4955-8951-F2777F04C839_splunk_deployment_monitor_nobody_3c6084d7f35794cf_ACCELERATE_"][n/a]
Thanks for any help,
Bård Tørustad
... View more
05-19-2011
08:24 AM
Yes, I have restarted Splunk.
Have I done the changes in the correct files (their names became illegible above - it is a Windows-server):
.../Splunk/etc/system/local/props.conf
.../Splunk/etc/apps/launcher/local/inputs.conf
Thanks and regards,
Bård
... View more
05-19-2011
07:38 AM
Hi and thank you for the response!
I (think) I have done as you wrote and as described by Splunk:
-- In ...\Splunk\etc\apps\launcher\local\inputs.conf
[monitor://\NFR-GF-EP02.nfr.prod\logs\glassfish\server.log]
disabled = false
followTail = 0
host = NFR-GF-EP02.nfr.prod
sourcetype = glassfish
-- In ...\Splunk\etc\system\local\props.conf
ONLY the following 4 lines in this file:
[glassfish]
TIME_PREFIX=^[#|
TIME_FORMAT=%Y-%m-%dT%H:%M:%S.%3N
MAX_TIMESTAMP_LOOKAHEAD=27
-- Is that the definition of the sourcetype "glassfish"? If so, shouldn't it appear in the list of sourcetypes when a new input is defined?
-- However
5/17/11 12:14:27.000 PM
[#|2011-05-19T16:05:29.491+0200|INFO|glassfish3.0.1|javax.enterprise.system.tools.admin.org.glassfish.server|_ThreadID=4119;_ThreadName=Thread-1;|BootAMXListener: connection made for service:jmx:rmi://....:9686/jndi/rmi://.....:9686/jmxrmi, booting AMX MBeans|#]
host=...... Options|
sourcetype=glassfish Options|
source=....\logs\glassfish\server.log Options|
...
The timestamp Splunk thinks is constantly at "5/17/11 12:14:27.000 PM" whereas the the actual timestamp is correct; in this case "2011-05-19T16:05:29.491".
Am I modifying the correct files?
Thanks and regards,
Bård
... View more
05-18-2011
09:04 AM
1 Karma
In the loggfile:
[#|2011-05-18T11:03:35.375+0200|SEVERE|sun-appserver2.1|com.sun.xml.ws.server.sei.EndpointMethodHandler|_ThreadID=16;_ThreadName=httpSSLWorkerThread-8080-2;_RequestID=93413f1f-5ed3-488e-8843-3872c4d07991;|Kan ikke oppdatere et låst oppdrag
javax.xml.ws.soap.SOAPFaultException: Kan ikke oppdatere et låst oppdrag
("Kan ikke oppdatere låst oppdrag")
In the search result and in the "show source":
[#|2011-05-18T11:03:35.375+0200|SEVERE|sun-appserver2.1|com.sun.xml.ws.server.sei.EndpointMethodHandler|_ThreadID=16;_ThreadName=httpSSLWorkerThread-8080-2;_RequestID=93413f1f-5ed3-488e-8843-3872c4d07991;|Kan ikke oppdatere et l\xE5st oppdrag
javax.xml.ws.soap.SOAPFaultException: Kan ikke oppdatere et l\xE5st oppdrag
("Kan ikke oppdatere et l\xE5st oppdrag")
What can I do to get "låst" instead of "l\xE5st", alternatively how can I search for "l\xE5st"?
Thanks and regards,
Bård Tørustad
Research Council of Norway
... View more
- Tags:
- internationalization
05-18-2011
08:50 AM
1 Karma
In the logfile (server.log from GlassFish):
[#|2011-05-16T17:13:37.622+0200|WARNING|glassfish3.0.1|javax.enterprise.system.core.transaction.com.sun.jts.jta|_ThreadID=61;_ThreadName=Thread-1;|JTS5041: The resource manager is doing work outside a global transaction
javax.transaction.xa.XAException: java.sql.SQLException: Failed to enlist:Connection reset by peer: socket write error
Searchresult:
5/13/11 12:57:01.000 PM
[#|2011-05-16T17:13:37.622+0200|WARNING|glassfish3.0.1|javax.enterprise.system.core.transaction.com.sun.jts.jta|_ThreadID=61;_ThreadName=Thread-1;|JTS5041: The resource manager is doing work outside a global transaction
javax.transaction.xa.XAException: java.sql.SQLException: Failed to enlist:Connection reset by peer: socket write error
IE Actual time i loggfile is 2011-05-16T17:13:37.622+0200
Time in searchresult is 5/13/11 12:57:01.000 PM
I think it is usually correct:
5/13/11 11:54:46.995 AM
[#|2011-05-13T11:54:46.995+0200|WARNING|glassfish3.0.1|javax.enterprise.system.core.transaction.com.sun.jts.jta|_ThreadID=62;_ThreadName=Thread-1;|JTS5041: The resource manager is doing work outside a global transaction
Why does this happen?
Thanks and regards,
Bård Tørustad
Research Council of Norway
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-12-2025
04:12 AM
|
