Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About cinchnetops
cinchnetops
Explorer
Member since:
10-18-2017
06-05-2020
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 3 |
| Member Since | 10-18-2017 |
Activity Feed
- Got Karma for Re: Splunk DB Connect: Error in 'dbxquery' command: Invalid message received. 06-05-2020 12:49 AM
- Got Karma for Re: Splunk DB Connect: Error in 'dbxquery' command: Invalid message received. 06-05-2020 12:49 AM
- Got Karma for Re: Splunk DB Connect: Error in 'dbxquery' command: Invalid message received. 06-05-2020 12:49 AM
- Posted How to create search/dashboard of Ubuntu hosts with installed updates requiring a reboot? on Deployment Architecture. 02-05-2018 11:35 AM
- Tagged How to create search/dashboard of Ubuntu hosts with installed updates requiring a reboot? on Deployment Architecture. 02-05-2018 11:35 AM
- Tagged How to create search/dashboard of Ubuntu hosts with installed updates requiring a reboot? on Deployment Architecture. 02-05-2018 11:35 AM
- Tagged How to create search/dashboard of Ubuntu hosts with installed updates requiring a reboot? on Deployment Architecture. 02-05-2018 11:35 AM
- Tagged How to create search/dashboard of Ubuntu hosts with installed updates requiring a reboot? on Deployment Architecture. 02-05-2018 11:35 AM
- Posted Re: Splunk DB Connect: Error in 'dbxquery' command: Invalid message received on All Apps and Add-ons. 11-09-2017 10:49 AM
- Posted Re: How do you compare sets of field values from two searches? on Splunk Search. 11-08-2017 07:10 AM
- Posted How do you compare sets of field values from two searches? on Splunk Search. 11-07-2017 02:23 PM
- Tagged How do you compare sets of field values from two searches? on Splunk Search. 11-07-2017 02:23 PM
- Tagged How do you compare sets of field values from two searches? on Splunk Search. 11-07-2017 02:23 PM
- Tagged How do you compare sets of field values from two searches? on Splunk Search. 11-07-2017 02:23 PM
- Posted Re: Splunk DB Connect: Error in 'dbxquery' command: Invalid message received on All Apps and Add-ons. 10-18-2017 07:46 AM
- Posted Re: Splunk DB Connect: Error in 'dbxquery' command: Invalid message received on All Apps and Add-ons. 10-18-2017 07:35 AM
Topics I've Started
02-05-2018
11:35 AM
I'm trying to create a specific search/dashboard in Splunk Enterprise 7. We have hosts running Ubuntu 14.04 with the unattended-upgrades package installed and configured to run daily. When updates are installed that require a reboot, 2 files are created on each host: /var/run/reboot-required (with the text "*** System restart required ***") and /var/run/reboot-required.pkgs (containing the packages requesting the reboot). These files are removed upon rebooting the host.
The hosts have the universal forwarder installed and I have the 2 files mentioned above forwarded to our Splunk Enterprise server. Currently, I have this search set up as an alert:
sourcetype=reboot-required.pkgs | rex max_match=0 field=_raw "(?<Packages>[^\n]+)" | mvexpand Packages | eval _raw=Packages | stats values(Packages) as Packages dc(Packages) as "Package Count" by host
Within a given time period, I can see which hosts require a reboot and what packages are prompting the reboot.
Unfortunately, this search/dashboard does not give me the entire overview of ALL my hosts at THIS moment. For example, if I have hosts that last installed updates requiring a reboot a week ago, but have NOT since been rebooted, I would not see these hosts in the search results within the last 3 days (since there are no changes to the /var/run/reboot-required* files). However, I do expect to see no results IF the reboot-required* files do NOT exist on any host.
I want to get the latest status from the reboot-required* files on EACH host regardless of time frame. What is the best way to go about this?
Thanks in advance!
... View more
11-09-2017
10:49 AM
1 Karma
The app site https://splunkbase.splunk.com/app/2686/ said it's compatible. I'm really hoping splunk can provide some guidance here.
... View more
11-08-2017
07:10 AM
thanks! That's exactly the result I need. The takeaway is that I don't need to do two separate searches on this type of data gathering.
... View more
11-07-2017
02:23 PM
I'm basically trying to identify whether some of my hosts are not doing something successfully as it should be in a daily basis, and alert as needed.
The process would output specific line if the task is successful and I only need to match once.
so I'm been trying to do sub-search without much success.
my searches so far:
try 1:
sourcetype="myapp" | dedup host | eval allhost=host | eval joinf=1 | join max=0 joinf [search sourcetype="myapp" "Database updated" | dedup host | eval updatedhost=host | eval joinf=1] | eval match=if(allhost==updatedhost, 1,0)
try 2:
sourcetype="myapp" | dedup host | stats dc(host) as allhost | appendcols [search sourcetype="myapp" "Database updated" | dedup host | stats dc(host) as updatedhost ] | eval nodiff=if(match(allhost,updatedhost),"True","False") | table nodiff
^^^ this only match total host count which I need more details (ie. which host does NOT match)
try 3:
sourcetype="myapp" OR (sourcetype="myapp" "Database updated") | streamstats count by host | stats values(host) as host | mvexpand host | eval Status = if(match(host), "MATCH","NO MATCH") | table host,Status
^^^ not working since I don't know how to identify the second set of 'host' for the match
... View more
10-18-2017
07:46 AM
1 Karma
Same issue.
I do see another java exception from splunk_app_db_connect_server.log
javax.management.RuntimeOperationsException: null
at com.sun.jmx.mbeanserver.Repository.addMBean(Repository.java:413)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerWithRepository(DefaultMBeanServerInterceptor.java:1898)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerDynamicMBean(DefaultMBeanServerInterceptor.java:966)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerObject(DefaultMBeanServerInterceptor.java:900)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:324)
at com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:522)
at com.zaxxer.hikari.pool.PoolBase.registerMBeans(PoolBase.java:258)
at com.zaxxer.hikari.pool.HikariPool. (HikariPool.java:116)
at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:94)
at com.splunk.dbx.connector.ConnectorFactory.getConnectionFromPool(ConnectorFactory.java:181)
at com.splunk.dbx.connector.ConnectorFactory.getConnection(ConnectorFactory.java:169)
at com.splunk.dbx.connector.ConnectorFactory.create(ConnectorFactory.java:154)
at com.splunk.dbx.server.api.service.database.impl.DatabaseMetadataServiceImpl.getStatus(DatabaseMetadataServiceImpl.java:136)
at com.splunk.dbx.server.api.service.database.impl.DatabaseMetadataServiceImpl.getConnectionStatus(DatabaseMetadataServiceImpl.java:100)
at com.splunk.dbx.server.api.resource.ConnectionResource.getConnectionStatus(ConnectionResource.java:63)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:473)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:427)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:388)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:341)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:228)
at io.dropwizard.jetty.NonblockingServletHolder.handle(NonblockingServletHolder.java:49)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1689)
at io.dropwizard.servlets.ThreadNameFilter.doFilter(ThreadNameFilter.java:34)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
at io.dropwizard.jersey.filter.AllowedMethodsFilter.handle(AllowedMethodsFilter.java:50)
at io.dropwizard.jersey.filter.AllowedMethodsFilter.doFilter(AllowedMethodsFilter.java:44)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
at com.splunk.dbx.server.api.filter.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:30)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1174)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1106)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:240)
at io.dropwizard.jetty.RoutingHandler.handle(RoutingHandler.java:51)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:459)
at io.dropwizard.jetty.BiDiGzipHandler.handle(BiDiGzipHandler.java:68)
at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:56)
at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:169)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
at org.eclipse.jetty.server.Server.handle(Server.java:524)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:186)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: Repository: cannot add mbean for pattern name com.zaxxer.hikari:type=PoolConfig (unnamed_pool_-1862066565_jdbc_postgresql//postgres.prd.cinchfinancial.com5432/mx?ssltrue&sslmoderequire&sslfactory_org.postgresql.ssl.NonValidatingFactory)
... View more
10-18-2017
07:35 AM
1 Karma
Same issue here. and just want to follow up that adding DEBUG doesn't seem to add any verbose error output from either splunk_app_db_connect_dbx.log nor splunk_app_db_connect_server.log
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
