All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Monitoring of Java Virtual Machines with JMX: How to set sourcetype=jmx?

jchengtivo
New Member
‎02-02-2016 03:52 PM

I'm using Monitoring of Java Virtual Machines with JMX (https://splunkbase.splunk.com/app/668/ ) to send my JMX metrics to Splunk. I am able to get them to come in, and they are formatted as follows:

host=kafka.example.com,jvmDescription="kafka.example.com",mbean_domain=kafka.server,mbean_property_name=BytesInPerSec,mbean_property_type=BrokerTopicMetrics,OneMinuteRate=0.0076934320698407235,EventType=bytes,Count=12681948627,FifteenMinuteRate=124.59768373600586,FiveMinuteRate=8.208111103137483,MeanRate=17771.71328341811

Within Splunk, I currently have the sourcetype=generic_single_line. Is there a predefined type for jmx? I've seen references around the web to a sourcetype=jmx, but I can't find any such thing in my Splunk installation. Is this a standard type? Is it delivered with one of the Splunk apps? Or do I need to define a sourcetype myself to extract all the keys and values?

I am using Splunk Enterprice 6.3.0. I am using version 2.3 of "Monitoring of Java Virtual Machines with JMX".

Thanks.

0 Karma
Reply

renjith_nair
Legend
‎02-02-2016 08:20 PM

If you have installed the JMX app on splunk instance, the configuration files are in

SPLUNK_HOME/etc/apps/SPLUNK4JMX/default/inputs.conf where the sourcetype is mentioned as jmx by default.

Moreover, in the JMX app the events should be already being fed into Splunk in best practice semantic format, key=value pairs , no additional field extractions are required.

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

eddiet
Explorer
‎07-28-2017 07:04 PM

test driving this app now and noticed the default helloworld jmx input is disabled out of the box. maybe why OP is not seeing these details.

i enabled it, restarted splunk and on my way with the default settings

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...