All Apps and Add-ons

timestamp in output

fritzsplunk
Engager

At first thanks for this great App!!

We use SPLUNK4JMX in a big environment with a lot of JMX output. Cause of a lot of data sometimes there is a issue to index all the data realtime. So it could be, that some logoutputs will be indexed by splunk a little bit later and become a wrong timestamp. This is reflected in holes in our graphs.

I found this in your readme about timestamps:
'By default, no timestamp is added , instead relying on the SPLUNK index time as the event time.'

Because we can not rely of our SPLUNK index we need a way to become timestamps into our output. Is there an easy way to do this?

Thanks and Best Regards

0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

Hi fritzsplunk,

Thanks for the great feedback..always great to hear how the app is being used !

Splunk4JMX has a framework that allows you to plugin your own custom output formatter implementation,

So in your case,you could have a custom formatter that prepends your own date on the logged event.

I also have some new code that allows you to pass parameters to existing formatters.So you could pass a "dateformat" to the Default Formatter which will implicitly prepend a date to the event.

Simple example :

<jmxpoller>

  <formatter className="com.dtdsoftware.splunk.formatter.DefaultFormatter">
    <param name="dateformat" value="yyyy-MM-dd HH:mm:ss:SSSZ" />
  </formatter>

  <jmxserver host="localhost" jvmDescription="cassandra" jmxport="7199">

    <mbean domain="java.lang" properties="type=OperatingSystem">

      <attribute name="FreePhysicalMemorySize" outputname="freePhysMem"/>

    </mbean>

  </jmxserver>

</jmxpoller>

I will get this code released on Splunkbase , hopefully by tomorrow, and this should sort you out 🙂
Feel free to contact me directly (damien@dtdsoftware.com) and I will give you an email when it's ready.

View solution in original post

Damien_Dallimor
Ultra Champion

Hi fritzsplunk,

Thanks for the great feedback..always great to hear how the app is being used !

Splunk4JMX has a framework that allows you to plugin your own custom output formatter implementation,

So in your case,you could have a custom formatter that prepends your own date on the logged event.

I also have some new code that allows you to pass parameters to existing formatters.So you could pass a "dateformat" to the Default Formatter which will implicitly prepend a date to the event.

Simple example :

<jmxpoller>

  <formatter className="com.dtdsoftware.splunk.formatter.DefaultFormatter">
    <param name="dateformat" value="yyyy-MM-dd HH:mm:ss:SSSZ" />
  </formatter>

  <jmxserver host="localhost" jvmDescription="cassandra" jmxport="7199">

    <mbean domain="java.lang" properties="type=OperatingSystem">

      <attribute name="FreePhysicalMemorySize" outputname="freePhysMem"/>

    </mbean>

  </jmxserver>

</jmxpoller>

I will get this code released on Splunkbase , hopefully by tomorrow, and this should sort you out 🙂
Feel free to contact me directly (damien@dtdsoftware.com) and I will give you an email when it's ready.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...