its a distributed search head. Please find the below search.log information:
09-25-2018 06:17:18.345 INFO dispatchRunner - Search process mode: preforked (first search in process) (build c8a78efdd40f).
09-25-2018 06:17:18.346 INFO dispatchRunner - initing LicenseMgr in search process: nonPro=0
09-25-2018 06:17:18.346 INFO LicenseMgr - Initing LicenseMgr
09-25-2018 06:17:18.346 INFO LMConfig - serverName=PROD-SH-1 guid=D23FC9B5-262E-422F-81CF-45B5F5C63769
09-25-2018 06:17:18.349 INFO LMConfig - connection_timeout=30
09-25-2018 06:17:18.349 INFO LMConfig - send_timeout=30
09-25-2018 06:17:18.349 INFO LMConfig - receive_timeout=30
09-25-2018 06:17:18.349 INFO LMConfig - squash_threshold=2000
09-25-2018 06:17:18.349 INFO LMConfig - strict_pool_quota=1
09-25-2018 06:17:18.349 INFO LMConfig - key=pool_suggestion not found in licenser stanza of server.conf, defaulting=''
09-25-2018 06:17:18.349 INFO LMConfig - key=test_aws_metering not found in licenser stanza of server.conf, defaulting=0
09-25-2018 06:17:18.349 INFO LMConfig - key=test_aws_product_code not found in licenser stanza of server.conf, defaulting=0
09-25-2018 06:17:18.349 INFO LicenseMgr - Initing LicenseMgr runContext_splunkd=false
09-25-2018 06:17:18.349 INFO LMStackMgr - closing stack mgr
09-25-2018 06:17:18.349 INFO LMSlaveInfo - all slaves cleared
09-25-2018 06:17:18.349 INFO LMStackMgr - partial init only since node has remote master=https://10.33.9.9:8089
09-25-2018 06:17:18.349 INFO LicenseMgr - StackMgr init complete...
09-25-2018 06:17:18.349 INFO LMTracker - Setting default product type='enterprise'
09-25-2018 06:17:18.349 INFO LMTracker - this is not splunkd, will perform partial init
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=Acceleration state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=AdvancedSearchCommands state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=AdvancedXML state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=Alerting state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=ArchiveToHdfs state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=Auth state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=CustomRoles state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=DeployClient state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=DeployServer state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=DistSearch state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=FwdData state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=GuestPass state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=KVStore state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=LDAPAuth state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=LocalSearch state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=MultifactorAuth state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=MultisiteClustering state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=NontableLookups state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=RcvData state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=RcvSearch state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=RollingWindowAlerts state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=SAMLAuth state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=ScheduledAlerts state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=ScheduledReports state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=ScheduledSearch state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=ScriptedAuth state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=SearchheadPooling state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=SigningProcessor state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=SplunkWeb state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=SubgroupId state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=SyslogOutputProcessor state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=UnisiteClustering state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LicenseMgr - Tracker init complete...
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'licenses'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'pools'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'stacks'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'groups'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'slaves'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'localslave'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'licensermessages'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'scriptedwarning'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'licenseusage'
09-25-2018 06:17:18.357 INFO dispatchRunner - registering build time modules, count=1
09-25-2018 06:17:18.357 INFO dispatchRunner - registering search time components of build time module name=vix
09-25-2018 06:17:18.357 INFO dispatchRunner - Getting search configuration data from: /opt/splunk/etc/modules/parsing/config.xml
09-25-2018 06:17:18.360 INFO BundlesSetup - Setup stats for /opt/splunk/etc: wallclock_elapsed_msec=48, cpu_time_used=0.046992, shared_services_generation=2, shared_services_population=1
09-25-2018 06:17:18.374 INFO UserManagerPro - Load authentication: forcing roles="admin, alert_manager_user, export data role, power, user"
09-25-2018 06:17:18.378 INFO SessionManager - auth tokens will be generated with shpooling shared secret
09-25-2018 06:17:18.378 INFO UserManager - Setting user context: splunk-system-user
09-25-2018 06:17:18.378 INFO UserManager - Done setting user context: NULL -> splunk-system-user
09-25-2018 06:17:18.380 INFO UserManager - Unwound user context: splunk-system-user -> NULL
09-25-2018 06:17:18.380 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.380 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.380 INFO dispatchRunner - search context: user="admin", app="nmon", bs-pathname="/opt/splunk/etc"
09-25-2018 06:17:18.386 WARN IndexConfig - idx=telemetry Path homePath='/opt/splunk/var/lib/splunk/_telemetry/db' (realpath '/opt/splunk/var/lib/splunk/_telemetry/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.386 WARN IndexConfig - idx=_telemetry Path coldPath='/opt/splunk/var/lib/splunk/_telemetry/colddb' (realpath '/opt/splunk/var/lib/splunk/_telemetry/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - idx=alerts Path homePath='/opt/splunk/var/lib/splunk/alerts/db' (realpath '/opt/splunk/var/lib/splunk/alerts/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - idx=alerts Path coldPath='/opt/splunk/var/lib/splunk/alerts/colddb' (realpath '/opt/splunk/var/lib/splunk/alerts/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - idx=ioc Path homePath='/opt/splunk/var/lib/splunk/iocdb/db' (realpath '/opt/splunk/var/lib/splunk/iocdb/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - idx=ioc Path coldPath='/opt/splunk/var/lib/splunk/iocdb/colddb' (realpath '/opt/splunk/var/lib/splunk/iocdb/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - Max bucket size is larger than the index size limit. Please check your index configuration. idx=main; bucket size in MB (from maxDataSize) 10240, maxDataSizeMB=1024
09-25-2018 06:17:18.387 WARN IndexConfig - idx=nmon Path homePath='/opt/splunk/var/lib/splunk/nmon/db' (realpath '/opt/splunk/var/lib/splunk/nmon/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - idx=nmon Path coldPath='/opt/splunk/var/lib/splunk/nmon/colddb' (realpath '/opt/splunk/var/lib/splunk/nmon/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.388 WARN IndexConfig - idx=threat_activity Path homePath='/opt/splunk/var/lib/splunk/threat_activitydb/db' (realpath '/opt/splunk/var/lib/splunk/threat_activitydb/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.388 WARN IndexConfig - idx=threat_activity Path coldPath='/opt/splunk/var/lib/splunk/threat_activitydb/colddb' (realpath '/opt/splunk/var/lib/splunk/threat_activitydb/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.388 WARN IndexConfig - idx=unix_summary Path homePath='/opt/splunk/var/lib/splunk/unix_summary/db' (realpath '/opt/splunk/var/lib/splunk/unix_summary/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.389 WARN IndexConfig - idx=unix_summary Path coldPath='/opt/splunk/var/lib/splunk/unix_summary/colddb' (realpath '/opt/splunk/var/lib/splunk/unix_summary/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will not be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.390 INFO dispatchRunner - Executing the DispatchThread.
09-25-2018 06:17:18.390 INFO SearchParser - PARSING: | pivot NMON_Config Nmon_Config last(AIX_Machine_SerialNumber) AS "AIX_Machine_SerialNumber" dc(hostname) AS "dcount" SPLITROW hostname AS hostname SORT 0 hostname ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 0 | eval serialnum=if(isnull(AIX_Machine_SerialNumber), hostname, AIX_Machine_SerialNumber) | fields hostname,serialnum | stats count
09-25-2018 06:17:18.391 INFO PivotEvaluator - Loading pivot for model 'NMON_Config' and object 'Nmon_Config'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'last(AIX_Machine_SerialNumber)'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'dc(hostname)'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'SPLITROW'
09-25-2018 06:17:18.397 INFO PivotRowCol - adding row
09-25-2018 06:17:18.397 INFO PivotRowCol - next: 'AS'
09-25-2018 06:17:18.397 INFO PivotRowCol - next: 'SORT'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'SORT'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'ROWSUMMARY'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'COLSUMMARY'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'NUMCOLS'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'SHOWOTHER'
09-25-2018 06:17:18.398 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.400 INFO ISplunkDispatch - Not running in splunkd. Bundle replication not triggered.
09-25-2018 06:17:18.482 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.482 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.482 INFO TsidxStats - Using a chunk size of 10000000
09-25-2018 06:17:18.484 INFO TsidxStats - Initial expanded filtering search: '( nodename=Nmon_Config )'
09-25-2018 06:17:18.487 INFO TsidxStats - Finalized TimeBounds: final_et=1537250400.000000 final_lt=1537856238.000000 info.startTime=1537250400.000000 info.endTime=1537856238.000000
09-25-2018 06:17:18.487 INFO TsidxStats - Using summaryid="57E9834B-43B4-41D0-A3BD-042A352C4C79_DM_nmon_NMON_Config"
09-25-2018 06:17:18.487 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.487 INFO ProxyConfig - Failed to initialize http_proxy from server.conf for splunkd. Please make sure that the http_proxy property is set as http_proxy=http://host:port in case HTTP proxying needs to be enabled.
09-25-2018 06:17:18.487 INFO ProxyConfig - Failed to initialize https_proxy from server.conf for splunkd. Please make sure that the https_proxy property is set as https_proxy=http://host:port in case HTTP proxying needs to be enabled.
09-25-2018 06:17:18.487 INFO ProxyConfig - Failed to initialize the no_proxy setting from server.conf for splunkd. Please provide a valid set of no_proxy rules in case HTTP proxying needs to be enabled.
09-25-2018 06:17:18.542 INFO TsidxStats - Finished evaluating arguments for datamodel-based query
09-25-2018 06:17:18.542 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.542 INFO SearchParser - PARSING: prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.542 INFO SearchParser - PARSING: addinfo type=count label=prereport_events
09-25-2018 06:17:18.543 INFO SearchParser - PARSING: presort 0 auto("Nmon_Config.hostname")
09-25-2018 06:17:18.543 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.543 INFO StatsProcessor - No group-by fields specified, incompatible for high cardinality improvements
09-25-2018 06:17:18.543 INFO DispatchThread - BatchMode: allowBatchMode: 1, conf(1): 1, timeline/Status buckets(0):0, realtime(0):0, report pipe empty(0):0, reqTimeOrder(0):0, summarize(0):0, statefulStreaming(0):0
09-25-2018 06:17:18.543 INFO DispatchThread - required fields list to add to remote search = Nmon_Config.AIX_Machine_SerialNumber,Nmon_Config.hostname,prestats_reserved,psrsvd_
09-25-2018 06:17:18.543 INFO SearchParser - PARSING: fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_" "psrsvd_"
09-25-2018 06:17:18.543 INFO DispatchCommandProcessor - summaryHash=513a3eee1f1aac4d summaryId=57E9834B-43B4-41D0-A3BD-042A352C4C79_nmon_admin_513a3eee1f1aac4d remoteSearch=tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_" "psrsvd_" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.543 INFO DispatchCommandProcessor - summaryHash=NS98be7406deb91d6f summaryId=57E9834B-43B4-41D0-A3BD-042A352C4C79_nmon_admin_NS98be7406deb91d6f remoteSearch=tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_" "psrsvd_" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.543 INFO DispatchThread - Getting summary ID for summaryHash=NS98be7406deb91d6f
09-25-2018 06:17:18.550 INFO DispatchThread - Did not find a usable summary_id, setting info.summary_mode=none, not modifying input summary_id=57E9834B-43B4-41D0-A3BD-042A352C4C79_nmon_admin_NS98be7406deb91d6f
09-25-2018 06:17:18.550 INFO DispatchThread - Matches no summary
09-25-2018 06:17:18.550 INFO DispatchThread - SrchOptMetrics check_query_matches_ra=69
09-25-2018 06:17:18.550 INFO SearchParser - PARSING: | tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | stats dedup_splitvals=t last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount by Nmon_Config.hostname | sort limit=0 Nmon_Config.hostname | fields - _span | rename Nmon_Config.hostname AS hostname | fillnull dcount | fields hostname, AIX_Machine_SerialNumber, dcount| eval serialnum=if(isnull(AIX_Machine_SerialNumber), hostname, AIX_Machine_SerialNumber) | fields hostname,serialnum | stats count
09-25-2018 06:17:18.550 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.550 INFO TsidxStats - Using a chunk size of 10000000
09-25-2018 06:17:18.552 INFO TsidxStats - Initial expanded filtering search: '( nodename=Nmon_Config )'
09-25-2018 06:17:18.552 INFO TsidxStats - Finished simple parsing
09-25-2018 06:17:18.552 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.552 INFO StatsProcessor - No group-by fields specified, incompatible for high cardinality improvements
09-25-2018 06:17:18.552 INFO DispatchThread - SrchOptMetrics optimize_toJson=2
09-25-2018 06:17:18.553 INFO ProjElim - Black listed processors=[addinfo]
09-25-2018 06:17:18.553 INFO AstVisitorFactory - Field=hostname will be rewritten to Field=Nmon_Config.hostname
09-25-2018 06:17:18.553 INFO AstVisitorFactory - Field=hostname will be rewritten to Field=Nmon_Config.hostname
09-25-2018 06:17:18.580 INFO DispatchThread - SrchOptMetrics optimization=28
09-25-2018 06:17:18.580 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.580 INFO SearchPipeline - Command='rename' doesnt have raw field
09-25-2018 06:17:18.580 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.580 INFO DispatchThread - Optimized Search = | tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | stats dedup_splitvals=t last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount by Nmon_Config.hostname | sort limit=0 Nmon_Config.hostname | fields - _span | rename "Nmon_Config.hostname" as hostname | fillnull dcount | fields hostname, AIX_Machine_SerialNumber, dcount | eval serialnum=if(isnull(AIX_Machine_SerialNumber),hostname,AIX_Machine_SerialNumber) | fields hostname,serialnum | stats count
09-25-2018 06:17:18.580 INFO DispatchThread - SrchOptMetrics fromJsontoSpl=1
09-25-2018 06:17:18.580 INFO SearchParser - PARSING: | tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | stats dedup_splitvals=t last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount by Nmon_Config.hostname | sort limit=0 Nmon_Config.hostname | fields - _span | rename "Nmon_Config.hostname" as hostname | fillnull dcount | fields hostname, AIX_Machine_SerialNumber, dcount | eval serialnum=if(isnull(AIX_Machine_SerialNumber),hostname,AIX_Machine_SerialNumber) | fields hostname,serialnum | stats count
09-25-2018 06:17:18.580 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.580 INFO DispatchThread - SrchOptMetrics reparse_optimized_query=1
09-25-2018 06:17:18.580 INFO TsidxStats - Using a chunk size of 10000000
09-25-2018 06:17:18.582 INFO TsidxStats - Initial expanded filtering search: '( nodename=Nmon_Config )'
09-25-2018 06:17:18.582 INFO TsidxStats - Finalized TimeBounds: final_et=1537250400.000000 final_lt=1537856238.000000 info.startTime=1537250400.000000 info.endTime=1537856238.000000
09-25-2018 06:17:18.582 INFO TsidxStats - Using summaryid="57E9834B-43B4-41D0-A3BD-042A352C4C79_DM_nmon_NMON_Config"
09-25-2018 06:17:18.582 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.582 INFO TsidxStats - Could not obtain a valid set of indexes to search
09-25-2018 06:17:18.582 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.582 INFO SearchParser - PARSING: prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.582 INFO SearchParser - PARSING: addinfo type=count label=prereport_events
09-25-2018 06:17:18.582 INFO SearchParser - PARSING: presort 0 auto("Nmon_Config.hostname")
09-25-2018 06:17:18.582 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.582 INFO StatsProcessor - No group-by fields specified, incompatible for high cardinality improvements
09-25-2018 06:17:18.582 INFO DispatchThread - BatchMode: allowBatchMode: 1, conf(1): 1, timeline/Status buckets(0):0, realtime(0):0, report pipe empty(0):0, reqTimeOrder(0):0, summarize(0):0, statefulStreaming(0):0
09-25-2018 06:17:18.582 INFO DispatchThread - required fields list to add to remote search = Nmon_Config.AIX_Machine_SerialNumber,Nmon_Config.hostname,prestats_reserved,psrsvd_
09-25-2018 06:17:18.582 INFO SearchParser - PARSING: fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_" "psrsvd_"
09-25-2018 06:17:18.582 INFO DispatchCommandProcessor - summaryHash=513a3eee1f1aac4d summaryId=57E9834B-43B4-41D0-A3BD-042A352C4C79_nmon_admin_513a3eee1f1aac4d remoteSearch=tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_" "psrsvd_" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.583 INFO DispatchCommandProcessor - summaryHash=NS98be7406deb91d6f summaryId=57E9834B-43B4-41D0-A3BD-042A352C4C79_nmon_admin_NS98be7406deb91d6f remoteSearch=tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_" "psrsvd_" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.584 INFO DispatchThread - Setting summary_mode=NONE after optimization
09-25-2018 06:17:18.584 INFO DispatchThread - SrchOptMetrics FinalEval=4
09-25-2018 06:17:18.584 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.584 INFO UserManager - Done setting user context: admin -> admin
09-25-2018 06:17:18.585 INFO UserManager - Unwound user context: admin -> admin
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Stream search: tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_" "psrsvd_" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.585 INFO ExternalResultProvider - No external result providers are configured
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - ERP_FACTORY initialized, but zero external result provider, hence disabling isERPCollectionEnabled
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Default search group:*
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer DR-IX-1 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer DR-IX-2 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer NFT-IX-1 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer NFT-IX-2 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer PROD-IX-1 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer PROD-IX-2 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer PROD-SH-1 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.586 INFO ServerConfig - Using REMOTE_SERVER_NAME=57E9834B-43B4-41D0-A3BD-042A352C4C79
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Checking for localhost key pair
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Public key already exists: /opt/splunk/etc/auth/distServerKeys/trusted.pem
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Reading public key for localhost: /opt/splunk/etc/auth/distServerKeys/trusted.pem
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Finished reading public key for localhost: /opt/splunk/etc/auth/distServerKeys/trusted.pem
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Reading private key for localhost: /opt/splunk/etc/auth/distServerKeys/private.pem
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Finished reading private key for localhost: /opt/splunk/etc/auth/distServerKeys/private.pem
09-25-2018 06:17:18.588 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=DR-IX-1 in 0.003 seconds
09-25-2018 06:17:18.590 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=DR-IX-2 in 0.003 seconds
09-25-2018 06:17:18.592 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=NFT-IX-1 in 0.003 seconds
09-25-2018 06:17:18.594 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=NFT-IX-2 in 0.003 seconds
09-25-2018 06:17:18.597 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=PROD-IX-1 in 0.003 seconds
09-25-2018 06:17:18.599 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=PROD-IX-2 in 0.003 seconds
09-25-2018 06:17:18.602 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.602 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.602 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.602 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.603 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.603 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.605 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.605 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.605 INFO DispatchThread - Disk quota = 10485760000
09-25-2018 06:17:18.606 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.606 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.608 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.608 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.608 INFO SearchParser - PARSING: tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved" "psrsvd_" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.609 INFO TsidxStats - Using a chunk size of 10000000
09-25-2018 06:17:18.609 INFO TsidxStats - Initial expanded filtering search: '( nodename=Nmon_Config )'
09-25-2018 06:17:18.609 INFO TsidxStats - Using summaryid="57E9834B-43B4-41D0-A3BD-042A352C4C79_DM_nmon_NMON_Config"
09-25-2018 06:17:18.609 INFO SearchParser - PARSING: search (index=* OR index=) (eventtype=nmon:config) | eval nodename = "Nmon_Config"| rex field=_raw "(?i),host,(?P.+)" max_match=1 | rex field=_raw "(?i),version,(?P.+)" max_match=1 | rex field=_raw "(?i),command,(?P.+)" max_match=1 | rex field=_raw "(?i),OS,(?P[^,]+)" max_match=1 | rex field=_raw "AAA,cpus,(?P\d+)" max_match=1 | rex field=_raw "AAA,cpus,\d+,(?P\d+)" max_match=1 | rex field=_raw "AAA,AIX,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Online\sVirtual\sCPUs\s+\:\s(?P\d+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,online\sMemory,(?P\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"\s+Total\sPaging\sSpace:\s(?P\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sImplementation\sMode:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sClock\sSpeed:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"CPU\sType:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Kernel\sType:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Platform\sFirmware\slevel:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Machine\sSerial\sNumber:\s(?P.+)\\"" max_match=1 | rex field=_raw "AAA,SerialNumber,(?P\w+)" max_match=1 | eval AIX_Machine_SerialNumber=if(isnotnull(AIX_std_Machine_SerialNumber), AIX_std_Machine_SerialNumber, AIX_alt_Machine_SerialNumber) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Shared\sPool\sID\s+\:\s(?P.+)\\"" max_match=1 | eval AIX_PoolID=if(AIX_extracted_PoolID=="-","N/A" ,AIX_extracted_PoolID) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Maximum\sPhysical\sCPUs\sin\ssystem\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Active\sPhysical\sCPUs\sin\ssystem\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Active\sCPUs\sin\sPool\s+\:\s(?P.+)\\"" max_match=1 | eval AIX_PoolCPUs=if(AIX_extracted_PoolCPUs=="-","N/A" ,AIX_extracted_PoolCPUs) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Entitled\sCapacity\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sType:\s(?P.+\w)\\"" max_match=1 | eval cpu_cores_combo=(AIX_virtualcpus+" / "+cpu_cores_position2), AIX_logicalcores=if(isnotnull(cpu_cores_position2), cpu_cores_position2, cpu_cores_position1) | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+cpuinfo,.+model\sname.+:\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\"(?!LSB_VERSION|DISTRIB|NAME|ID|VERSION)(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\"Description:\s(?.+)\\"" max_match=1 | eval Linux_distribution=if(isnotnull(Linux_lsb_distribution), Linux_lsb_distribution, Linux_release_distribution) | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\"Distributor\s*ID:\s*(?.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\"Release:\s*(?.+)\\"" max_match=1 | eval Linux_vendor=if(isnotnull(Linux_lsb_distibutorid), Linux_lsb_distibutorid, "Undeterminated") | rex field=_raw "BBB.+,[0-9].+,lsb\_release,\\"Release:\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\"MemTotal:\s+(?P\d+)" max_match=1 | eval Linux_memory_MB=round(Linux_memory_kB/1024,0) | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\"SwapTotal:\s+(?P\d+)" max_match=1 | eval Linux_swap_MB=round(Linux_swap_kB/1024,0) | rex field=_raw "AAA,OS,Linux,(?P\d+.\d+).+,#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+),#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,.+,(?P.+),.+,.+" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+),.+,.+,.+" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\"\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\s\-pv,\\"\s+(?P.+)\s*\(.+\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\s\-pv,.+clock\s(?P.+)\)\\"" max_match=1 | eval OStype=case(OS == "Linux", "Linux", OS == "Solaris", "Solaris", isnotnull(AIX_LEVEL), "AIX", isnull(OS), "Unknown"), OS_Level=case(isnotnull(AIX_LEVEL), AIX_LEVEL, isnotnull(Solaris_version), Solaris_version, isnotnull(Linux_distribution), Linux_distribution), cpu_cores=if(isnotnull(AIX_virtualcpus), cpu_cores_combo, cpu_cores_position1), Processor=case(isnotnull(AIX_processor), AIX_processor, isnotnull(Solaris_processor), Solaris_processor, isnotnull(Linux_processor), Linux_processor) | rename uptime AS Nmon_Config.uptime hostname AS Nmon_Config.hostname nmon_version AS Nmon_Config.nmon_version nmon_command AS Nmon_Config.nmon_command OS AS Nmon_Config.OS cpu_cores_position1 AS Nmon_Config.cpu_cores_position1 cpu_cores_position2 AS Nmon_Config.cpu_cores_position2 AIX_LEVEL AS Nmon_Config.AIX_LEVEL AIX_virtualcpus AS Nmon_Config.AIX_virtualcpus AIX_memory_MB AS Nmon_Config.AIX_memory_MB AIX_pagingspace_MB AS Nmon_Config.AIX_pagingspace_MB AIX_processor_mode AS Nmon_Config.AIX_processor_mode AIX_processor_clockspeed AS Nmon_Config.AIX_processor_clockspeed AIX_cpu_type AS Nmon_Config.AIX_cpu_type AIX_kernel_type AS Nmon_Config.AIX_kernel_type AIX_plateform_firmware_level AS Nmon_Config.AIX_plateform_firmware_level AIX_std_Machine_SerialNumber AS Nmon_Config.AIX_std_Machine_SerialNumber AIX_alt_Machine_SerialNumber AS Nmon_Config.AIX_alt_Machine_SerialNumber AIX_Machine_SerialNumber AS Nmon_Config.AIX_Machine_SerialNumber AIX_extracted_PoolID AS Nmon_Config.AIX_extracted_PoolID AIX_PoolID AS Nmon_Config.AIX_PoolID AIX_system_installed_CPUs AS Nmon_Config.AIX_system_installed_CPUs AIX_system_active_CPUs AS Nmon_Config.AIX_system_active_CPUs AIX_extracted_PoolCPUs AS Nmon_Config.AIX_extracted_PoolCPUs AIX_PoolCPUs AS Nmon_Config.AIX_PoolCPUs AIX_entitled AS Nmon_Config.AIX_entitled AIX_processor AS Nmon_Config.AIX_processor cpu_cores_combo AS Nmon_Config.cpu_cores_combo AIX_logicalcores AS Nmon_Config.AIX_logicalcores Linux_LEVEL AS Nmon_Config.Linux_LEVEL Linux_processor AS Nmon_Config.Linux_processor Linux_release_distribution AS Nmon_Config.Linux_release_distribution Linux_lsb_distribution AS Nmon_Config.Linux_lsb_distribution Linux_distribution AS Nmon_Config.Linux_distribution Linux_lsb_distibutorid AS Nmon_Config.Linux_lsb_distibutorid Linux_lsb_releaseid AS Nmon_Config.Linux_lsb_releaseid Linux_vendor AS Nmon_Config.Linux_vendor Linux_version AS Nmon_Config.Linux_version Linux_memory_kB AS Nmon_Config.Linux_memory_kB Linux_memory_MB AS Nmon_Config.Linux_memory_MB Linux_swap_kB AS Nmon_Config.Linux_swap_kB Linux_swap_MB AS Nmon_Config.Linux_swap_MB Linux_kernelversion AS Nmon_Config.Linux_kernelversion Linux_kernel AS Nmon_Config.Linux_kernel Linux_fullkernel AS Nmon_Config.Linux_fullkernel Solaris_LEVEL AS Nmon_Config.Solaris_LEVEL Solaris_kernel AS Nmon_Config.Solaris_kernel Solaris_sunOS_version AS Nmon_Config.Solaris_sunOS_version Solaris_version AS Nmon_Config.Solaris_version Solaris_processor AS Nmon_Config.Solaris_processor Solaris_processor_clockspeed AS Nmon_Config.Solaris_processor_clockspeed OStype AS Nmon_Config.OStype OS_Level AS Nmon_Config.OS_Level cpu_cores AS Nmon_Config.cpu_cores Processor AS Nmon_Config.Processor | search ( nodename=Nmon_Config )
09-25-2018 06:17:18.610 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.637 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.638 INFO DispatchThread - SrchOptMetrics optimize_toJson=29
09-25-2018 06:17:18.639 INFO ProjElim - Black listed processors=[addinfo]
09-25-2018 06:17:18.639 INFO PredicatePushOptimizer - searchcannot be pushed through eval. Reason='nodename' is modified (Ref:'nodename')
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_LEVEL will be rewritten to Field=AIX_LEVEL
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_Machine_SerialNumber will be rewritten to Field=AIX_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_PoolCPUs will be rewritten to Field=AIX_PoolCPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_PoolID will be rewritten to Field=AIX_PoolID
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_alt_Machine_SerialNumber will be rewritten to Field=AIX_alt_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_cpu_type will be rewritten to Field=AIX_cpu_type
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_entitled will be rewritten to Field=AIX_entitled
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_extracted_PoolCPUs will be rewritten to Field=AIX_extracted_PoolCPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_extracted_PoolID will be rewritten to Field=AIX_extracted_PoolID
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_kernel_type will be rewritten to Field=AIX_kernel_type
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_logicalcores will be rewritten to Field=AIX_logicalcores
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_memory_MB will be rewritten to Field=AIX_memory_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_pagingspace_MB will be rewritten to Field=AIX_pagingspace_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_plateform_firmware_level will be rewritten to Field=AIX_plateform_firmware_level
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor will be rewritten to Field=AIX_processor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor_clockspeed will be rewritten to Field=AIX_processor_clockspeed
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor_mode will be rewritten to Field=AIX_processor_mode
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_std_Machine_SerialNumber will be rewritten to Field=AIX_std_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_system_active_CPUs will be rewritten to Field=AIX_system_active_CPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_system_installed_CPUs will be rewritten to Field=AIX_system_installed_CPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_virtualcpus will be rewritten to Field=AIX_virtualcpus
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_LEVEL will be rewritten to Field=Linux_LEVEL
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_distribution will be rewritten to Field=Linux_distribution
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_fullkernel will be rewritten to Field=Linux_fullkernel
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_kernel will be rewritten to Field=Linux_kernel
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_kernelversion will be rewritten to Field=Linux_kernelversion
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_distibutorid will be rewritten to Field=Linux_lsb_distibutorid
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_distribution will be rewritten to Field=Linux_lsb_distribution
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_releaseid will be rewritten to Field=Linux_lsb_releaseid
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_memory_MB will be rewritten to Field=Linux_memory_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_memory_kB will be rewritten to Field=Linux_memory_kB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_processor will be rewritten to Field=Linux_processor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_release_distribution will be rewritten to Field=Linux_release_distribution
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_swap_MB will be rewritten to Field=Linux_swap_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_swap_kB will be rewritten to Field=Linux_swap_kB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_vendor will be rewritten to Field=Linux_vendor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_version will be rewritten to Field=Linux_version
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.OS will be rewritten to Field=OS
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.OS_Level will be rewritten to Field=OS_Level
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.OStype will be rewritten to Field=OStype
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Processor will be rewritten to Field=Processor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_LEVEL will be rewritten to Field=Solaris_LEVEL
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_kernel will be rewritten to Field=Solaris_kernel
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_processor will be rewritten to Field=Solaris_processor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_processor_clockspeed will be rewritten to Field=Solaris_processor_clockspeed
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_sunOS_version will be rewritten to Field=Solaris_sunOS_version
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_version will be rewritten to Field=Solaris_version
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores will be rewritten to Field=cpu_cores
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_combo will be rewritten to Field=cpu_cores_combo
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_position1 will be rewritten to Field=cpu_cores_position1
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_position2 will be rewritten to Field=cpu_cores_position2
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.hostname will be rewritten to Field=hostname
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.nmon_command will be rewritten to Field=nmon_command
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.nmon_version will be rewritten to Field=nmon_version
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.uptime will be rewritten to Field=uptime
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_LEVEL will be rewritten to Field=AIX_LEVEL
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_Machine_SerialNumber will be rewritten to Field=AIX_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_PoolCPUs will be rewritten to Field=AIX_PoolCPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_PoolID will be rewritten to Field=AIX_PoolID
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_alt_Machine_SerialNumber will be rewritten to Field=AIX_alt_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_cpu_type will be rewritten to Field=AIX_cpu_type
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_entitled will be rewritten to Field=AIX_entitled
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_extracted_PoolCPUs will be rewritten to Field=AIX_extracted_PoolCPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_extracted_PoolID will be rewritten to Field=AIX_extracted_PoolID
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_kernel_type will be rewritten to Field=AIX_kernel_type
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_logicalcores will be rewritten to Field=AIX_logicalcores
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_memory_MB will be rewritten to Field=AIX_memory_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_pagingspace_MB will be rewritten to Field=AIX_pagingspace_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_plateform_firmware_level will be rewritten to Field=AIX_plateform_firmware_level
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor will be rewritten to Field=AIX_processor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor_clockspeed will be rewritten to Field=AIX_processor_clockspeed
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor_mode will be rewritten to Field=AIX_processor_mode
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_std_Machine_SerialNumber will be rewritten to Field=AIX_std_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_system_active_CPUs will be rewritten to Field=AIX_system_active_CPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_system_installed_CPUs will be rewritten to Field=AIX_system_installed_CPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_virtualcpus will be rewritten to Field=AIX_virtualcpus
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_LEVEL will be rewritten to Field=Linux_LEVEL
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_distribution will be rewritten to Field=Linux_distribution
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_fullkernel will be rewritten to Field=Linux_fullkernel
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_kernel will be rewritten to Field=Linux_kernel
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_kernelversion will be rewritten to Field=Linux_kernelversion
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_distibutorid will be rewritten to Field=Linux_lsb_distibutorid
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_distribution will be rewritten to Field=Linux_lsb_distribution
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_releaseid will be rewritten to Field=Linux_lsb_releaseid
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_memory_MB will be rewritten to Field=Linux_memory_MB
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_memory_kB will be rewritten to Field=Linux_memory_kB
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_processor will be rewritten to Field=Linux_processor
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_release_distribution will be rewritten to Field=Linux_release_distribution
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_swap_MB will be rewritten to Field=Linux_swap_MB
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_swap_kB will be rewritten to Field=Linux_swap_kB
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_vendor will be rewritten to Field=Linux_vendor
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_version will be rewritten to Field=Linux_version
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.OS will be rewritten to Field=OS
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.OS_Level will be rewritten to Field=OS_Level
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.OStype will be rewritten to Field=OStype
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Processor will be rewritten to Field=Processor
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_LEVEL will be rewritten to Field=Solaris_LEVEL
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_kernel will be rewritten to Field=Solaris_kernel
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_processor will be rewritten to Field=Solaris_processor
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_processor_clockspeed will be rewritten to Field=Solaris_processor_clockspeed
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_sunOS_version will be rewritten to Field=Solaris_sunOS_version
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_version will be rewritten to Field=Solaris_version
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores will be rewritten to Field=cpu_cores
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_combo will be rewritten to Field=cpu_cores_combo
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_position1 will be rewritten to Field=cpu_cores_position1
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_position2 will be rewritten to Field=cpu_cores_position2
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.hostname will be rewritten to Field=hostname
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.nmon_command will be rewritten to Field=nmon_command
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.nmon_version will be rewritten to Field=nmon_version
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.uptime will be rewritten to Field=uptime
09-25-2018 06:17:18.640 INFO DispatchThread - SrchOptMetrics optimization=3
09-25-2018 06:17:18.640 INFO SearchPipeline - Command='search' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='search' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='rename' doesnt have raw field
09-25-2018 06:17:18.642 INFO DispatchThread - Optimized Search = | search (eventtype=nmon:config (index=* OR index=)) | eval nodename="Nmon_Config"| search nodename=Nmon_Config | rex field=_raw "(?i),host,(?P.+)" max_match=1 | rex field=_raw "(?i),version,(?P.+)" max_match=1 | rex field=_raw "(?i),command,(?P.+)" max_match=1 | rex field=_raw "(?i),OS,(?P[^,]+)" max_match=1 | rex field=_raw "AAA,cpus,(?P\d+)" max_match=1 | rex field=_raw "AAA,cpus,\d+,(?P\d+)" max_match=1 | rex field=_raw "AAA,AIX,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Online\sVirtual\sCPUs\s+\:\s(?P\d+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,online\sMemory,(?P\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"\s+Total\sPaging\sSpace:\s(?P\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sImplementation\sMode:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sClock\sSpeed:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"CPU\sType:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Kernel\sType:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Platform\sFirmware\slevel:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Machine\sSerial\sNumber:\s(?P.+)\\"" max_match=1 | rex field=_raw "AAA,SerialNumber,(?P\w+)" max_match=1 | eval AIX_Machine_SerialNumber=if(isnotnull(AIX_std_Machine_SerialNumber),AIX_std_Machine_SerialNumber,AIX_alt_Machine_SerialNumber) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Shared\sPool\sID\s+\:\s(?P.+)\\"" max_match=1 | eval AIX_PoolID=if((AIX_extracted_PoolID == "-"),"N/A",AIX_extracted_PoolID) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Maximum\sPhysical\sCPUs\sin\ssystem\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Active\sPhysical\sCPUs\sin\ssystem\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Active\sCPUs\sin\sPool\s+\:\s(?P.+)\\"" max_match=1 | eval AIX_PoolCPUs=if((AIX_extracted_PoolCPUs == "-"),"N/A",AIX_extracted_PoolCPUs) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Entitled\sCapacity\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sType:\s(?P.+\w)\\"" max_match=1 | eval cpu_cores_combo=((AIX_virtualcpus + " / ") + cpu_cores_position2), AIX_logicalcores=if(isnotnull(cpu_cores_position2),cpu_cores_position2,cpu_cores_position1) | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+cpuinfo,.+model\sname.+:\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\"(?!LSB_VERSION|DISTRIB|NAME|ID|VERSION)(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\"Description:\s(?.+)\\"" max_match=1 | eval Linux_distribution=if(isnotnull(Linux_lsb_distribution),Linux_lsb_distribution,Linux_release_distribution) | rex field=raw "BBB.+,[0-9].+,lsb_release,\\"Distributor\s*ID:\s*(?.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\"Release:\s*(?.+)\\"" max_match=1 | eval Linux_vendor=if(isnotnull(Linux_lsb_distibutorid),Linux_lsb_distibutorid,"Undeterminated") | rex field=_raw "BBB.+,[0-9].+,lsb\_release,\\"Release:\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\"MemTotal:\s+(?P\d+)" max_match=1 | eval Linux_memory_MB=round((Linux_memory_kB / 1024),0) | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\"SwapTotal:\s+(?P\d+)" max_match=1 | eval Linux_swap_MB=round((Linux_swap_kB / 1024),0) | rex field=_raw "AAA,OS,Linux,(?P\d+.\d+).+,#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+),#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,.+,(?P.+),.+,.+" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+),.+,.+,.+" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\"\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\s\-pv,\\"\s+(?P.+)\s*\(.+\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\s\-pv,.+clock\s(?P.+)\)\\"" max_match=1 | eval OStype=case((OS == "Linux"),"Linux",(OS == "Solaris"),"Solaris",isnotnull(AIX_LEVEL),"AIX",isnull(OS),"Unknown"), OS_Level=case(isnotnull(AIX_LEVEL),AIX_LEVEL,isnotnull(Solaris_version),Solaris_version,isnotnull(Linux_distribution),Linux_distribution), cpu_cores=if(isnotnull(AIX_virtualcpus),cpu_cores_combo,cpu_cores_position1), Processor=case(isnotnull(AIX_processor),AIX_processor,isnotnull(Solaris_processor),Solaris_processor,isnotnull(Linux_processor),Linux_processor) | rename AIX_LEVEL as "Nmon_Config.AIX_LEVEL", AIX_Machine_SerialNumber as "Nmon_Config.AIX_Machine_SerialNumber", AIX_PoolCPUs as "Nmon_Config.AIX_PoolCPUs", AIX_PoolID as "Nmon_Config.AIX_PoolID", AIX_alt_Machine_SerialNumber as "Nmon_Config.AIX_alt_Machine_SerialNumber", AIX_cpu_type as "Nmon_Config.AIX_cpu_type", AIX_entitled as "Nmon_Config.AIX_entitled", AIX_extracted_PoolCPUs as "Nmon_Config.AIX_extracted_PoolCPUs", AIX_extracted_PoolID as "Nmon_Config.AIX_extracted_PoolID", AIX_kernel_type as "Nmon_Config.AIX_kernel_type", AIX_logicalcores as "Nmon_Config.AIX_logicalcores", AIX_memory_MB as "Nmon_Config.AIX_memory_MB", AIX_pagingspace_MB as "Nmon_Config.AIX_pagingspace_MB", AIX_plateform_firmware_level as "Nmon_Config.AIX_plateform_firmware_level", AIX_processor as "Nmon_Config.AIX_processor", AIX_processor_clockspeed as "Nmon_Config.AIX_processor_clockspeed", AIX_processor_mode as "Nmon_Config.AIX_processor_mode", AIX_std_Machine_SerialNumber as "Nmon_Config.AIX_std_Machine_SerialNumber", AIX_system_active_CPUs as "Nmon_Config.AIX_system_active_CPUs", AIX_system_installed_CPUs as "Nmon_Config.AIX_system_installed_CPUs", AIX_virtualcpus as "Nmon_Config.AIX_virtualcpus", Linux_LEVEL as "Nmon_Config.Linux_LEVEL", Linux_distribution as "Nmon_Config.Linux_distribution", Linux_fullkernel as "Nmon_Config.Linux_fullkernel", Linux_kernel as "Nmon_Config.Linux_kernel", Linux_kernelversion as "Nmon_Config.Linux_kernelversion", Linux_lsb_distibutorid as "Nmon_Config.Linux_lsb_distibutorid", Linux_lsb_distribution as "Nmon_Config.Linux_lsb_distribution", Linux_lsb_releaseid as "Nmon_Config.Linux_lsb_releaseid", Linux_memory_MB as "Nmon_Config.Linux_memory_MB", Linux_memory_kB as "Nmon_Config.Linux_memory_kB", Linux_processor as "Nmon_Config.Linux_processor", Linux_release_distribution as "Nmon_Config.Linux_release_distribution", Linux_swap_MB as "Nmon_Config.Linux_swap_MB", Linux_swap_kB as "Nmon_Config.Linux_swap_kB", Linux_vendor as "Nmon_Config.Linux_vendor", Linux_version as "Nmon_Config.Linux_version", OS as "Nmon_Config.OS", OS_Level as "Nmon_Config.OS_Level", OStype as "Nmon_Config.OStype", Processor as "Nmon_Config.Processor", Solaris_LEVEL as "Nmon_Config.Solaris_LEVEL", Solaris_kernel as "Nmon_Config.Solaris_kernel", Solaris_processor as "Nmon_Config.Solaris_processor", Solaris_processor_clockspeed as "Nmon_Config.Solaris_processor_clockspeed", Solaris_sunOS_version as "Nmon_Config.Solaris_sunOS_version", Solaris_version as "Nmon_Config.Solaris_version", cpu_cores as "Nmon_Config.cpu_cores", cpu_cores_combo as "Nmon_Config.cpu_cores_combo", cpu_cores_position1 as "Nmon_Config.cpu_cores_position1", cpu_cores_position2 as "Nmon_Config.cpu_cores_position2", hostname as "Nmon_Config.hostname", nmon_command as "Nmon_Config.nmon_command", nmon_version as "Nmon_Config.nmon_version", uptime as "Nmon_Config.uptime"
09-25-2018 06:17:18.642 INFO DispatchThread - SrchOptMetrics fromJsontoSpl=2
09-25-2018 06:17:18.643 INFO SearchParser - PARSING: | search (eventtype=nmon:config (index=* OR index=)) | eval nodename="Nmon_Config"| search nodename=Nmon_Config | rex field=_raw "(?i),host,(?P.+)" max_match=1 | rex field=_raw "(?i),version,(?P.+)" max_match=1 | rex field=_raw "(?i),command,(?P.+)" max_match=1 | rex field=_raw "(?i),OS,(?P[^,]+)" max_match=1 | rex field=_raw "AAA,cpus,(?P\d+)" max_match=1 | rex field=_raw "AAA,cpus,\d+,(?P\d+)" max_match=1 | rex field=_raw "AAA,AIX,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Online\sVirtual\sCPUs\s+\:\s(?P\d+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,online\sMemory,(?P\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"\s+Total\sPaging\sSpace:\s(?P\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sImplementation\sMode:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sClock\sSpeed:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"CPU\sType:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Kernel\sType:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Platform\sFirmware\slevel:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Machine\sSerial\sNumber:\s(?P.+)\\"" max_match=1 | rex field=_raw "AAA,SerialNumber,(?P\w+)" max_match=1 | eval AIX_Machine_SerialNumber=if(isnotnull(AIX_std_Machine_SerialNumber),AIX_std_Machine_SerialNumber,AIX_alt_Machine_SerialNumber) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Shared\sPool\sID\s+\:\s(?P.+)\\"" max_match=1 | eval AIX_PoolID=if((AIX_extracted_PoolID == "-"),"N/A",AIX_extracted_PoolID) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Maximum\sPhysical\sCPUs\sin\ssystem\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Active\sPhysical\sCPUs\sin\ssystem\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Active\sCPUs\sin\sPool\s+\:\s(?P.+)\\"" max_match=1 | eval AIX_PoolCPUs=if((AIX_extracted_PoolCPUs == "-"),"N/A",AIX_extracted_PoolCPUs) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Entitled\sCapacity\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sType:\s(?P.+\w)\\"" max_match=1 | eval cpu_cores_combo=((AIX_virtualcpus + " / ") + cpu_cores_position2), AIX_logicalcores=if(isnotnull(cpu_cores_position2),cpu_cores_position2,cpu_cores_position1) | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+cpuinfo,.+model\sname.+:\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\"(?!LSB_VERSION|DISTRIB|NAME|ID|VERSION)(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\"Description:\s(?.+)\\"" max_match=1 | eval Linux_distribution=if(isnotnull(Linux_lsb_distribution),Linux_lsb_distribution,Linux_release_distribution) | rex field=raw "BBB.+,[0-9].+,lsb_release,\\"Distributor\s*ID:\s*(?.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\"Release:\s*(?.+)\\"" max_match=1 | eval Linux_vendor=if(isnotnull(Linux_lsb_distibutorid),Linux_lsb_distibutorid,"Undeterminated") | rex field=_raw "BBB.+,[0-9].+,lsb\_release,\\"Release:\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\"MemTotal:\s+(?P\d+)" max_match=1 | eval Linux_memory_MB=round((Linux_memory_kB / 1024),0) | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\"SwapTotal:\s+(?P\d+)" max_match=1 | eval Linux_swap_MB=round((Linux_swap_kB / 1024),0) | rex field=_raw "AAA,OS,Linux,(?P\d+.\d+).+,#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+),#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,.+,(?P.+),.+,.+" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+),.+,.+,.+" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\"\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\s\-pv,\\"\s+(?P.+)\s*\(.+\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\s\-pv,.+clock\s(?P.+)\)\\"" max_match=1 | eval OStype=case((OS == "Linux"),"Linux",(OS == "Solaris"),"Solaris",isnotnull(AIX_LEVEL),"AIX",isnull(OS),"Unknown"), OS_Level=case(isnotnull(AIX_LEVEL),AIX_LEVEL,isnotnull(Solaris_version),Solaris_version,isnotnull(Linux_distribution),Linux_distribution), cpu_cores=if(isnotnull(AIX_virtualcpus),cpu_cores_combo,cpu_cores_position1), Processor=case(isnotnull(AIX_processor),AIX_processor,isnotnull(Solaris_processor),Solaris_processor,isnotnull(Linux_processor),Linux_processor) | rename AIX_LEVEL as "Nmon_Config.AIX_LEVEL", AIX_Machine_SerialNumber as "Nmon_Config.AIX_Machine_SerialNumber", AIX_PoolCPUs as "Nmon_Config.AIX_PoolCPUs", AIX_PoolID as "Nmon_Config.AIX_PoolID", AIX_alt_Machine_SerialNumber as "Nmon_Config.AIX_alt_Machine_SerialNumber", AIX_cpu_type as "Nmon_Config.AIX_cpu_type", AIX_entitled as "Nmon_Config.AIX_entitled", AIX_extracted_PoolCPUs as "Nmon_Config.AIX_extracted_PoolCPUs", AIX_extracted_PoolID as "Nmon_Config.AIX_extracted_PoolID", AIX_kernel_type as "Nmon_Config.AIX_kernel_type", AIX_logicalcores as "Nmon_Config.AIX_logicalcores", AIX_memory_MB as "Nmon_Config.AIX_memory_MB", AIX_pagingspace_MB as "Nmon_Config.AIX_pagingspace_MB", AIX_plateform_firmware_level as "Nmon_Config.AIX_plateform_firmware_level", AIX_processor as "Nmon_Config.AIX_processor", AIX_processor_clockspeed as "Nmon_Config.AIX_processor_clockspeed", AIX_processor_mode as "Nmon_Config.AIX_processor_mode", AIX_std_Machine_SerialNumber as "Nmon_Config.AIX_std_Machine_SerialNumber", AIX_system_active_CPUs as "Nmon_Config.AIX_system_active_CPUs", AIX_system_installed_CPUs as "Nmon_Config.AIX_system_installed_CPUs", AIX_virtualcpus as "Nmon_Config.AIX_virtualcpus", Linux_LEVEL as "Nmon_Config.Linux_LEVEL", Linux_distribution as "Nmon_Config.Linux_distribution", Linux_fullkernel as "Nmon_Config.Linux_fullkernel", Linux_kernel as "Nmon_Config.Linux_kernel", Linux_kernelversion as "Nmon_Config.Linux_kernelversion", Linux_lsb_distibutorid as "Nmon_Config.Linux_lsb_distibutorid", Linux_lsb_distribution as "Nmon_Config.Linux_lsb_distribution", Linux_lsb_releaseid as "Nmon_Config.Linux_lsb_releaseid", Linux_memory_MB as "Nmon_Config.Linux_memory_MB", Linux_memory_kB as "Nmon_Config.Linux_memory_kB", Linux_processor as "Nmon_Config.Linux_processor", Linux_release_distribution as "Nmon_Config.Linux_release_distribution", Linux_swap_MB as "Nmon_Config.Linux_swap_MB", Linux_swap_kB as "Nmon_Config.Linux_swap_kB", Linux_vendor as "Nmon_Config.Linux_vendor", Linux_version as "Nmon_Config.Linux_version", OS as "Nmon_Config.OS", OS_Level as "Nmon_Config.OS_Level", OStype as "Nmon_Config.OStype", Processor as "Nmon_Config.Processor", Solaris_LEVEL as "Nmon_Config.Solaris_LEVEL", Solaris_kernel as "Nmon_Config.Solaris_kernel", Solaris_processor as "Nmon_Config.Solaris_processor", Solaris_processor_clockspeed as "Nmon_Config.Solaris_processor_clockspeed", Solaris_sunOS_version as "Nmon_Config.Solaris_sunOS_version", Solaris_version as "Nmon_Config.Solaris_version", cpu_cores as "Nmon_Config.cpu_cores", cpu_cores_combo as "Nmon_Config.cpu_cores_combo", cpu_cores_position1 as "Nmon_Config.cpu_cores_position1", cpu_cores_position2 as "Nmon_Config.cpu_cores_position2", hostname as "Nmon_Config.hostname", nmon_command as "Nmon_Config.nmon_command", nmon_version as "Nmon_Config.nmon_version", uptime as "Nmon_Config.uptime"
09-25-2018 06:17:18.662 INFO SearchProcessor - Building search filter
09-25-2018 06:17:18.693 INFO LookupOperator - Using wildcard matching for field 'host' in lookup table 'dropdownsLookup'
09-25-2018 06:17:18.693 INFO LookupOperator - Loading lookup table='dropdownsLookup', file size=2301, modtime=1537833607
09-25-2018 06:17:18.694 INFO LookupOperator - Loading lookup table='nix_endpoint_change_action_lookup', file size=186, modtime=1500632298
09-25-2018 06:17:18.694 INFO LookupOperator - Loading lookup table='nix_endpoint_change_fs_notification_object_category_lookup', file size=57, modtime=1500632298
09-25-2018 06:17:18.694 INFO LookupOperator - Loading lookup table='nix_action_lookup', file size=413, modtime=1500632298
09-25-2018 06:17:18.695 INFO LookupOperator - Loading lookup table='nmon_inventory', file size=0, modtime=1537855205
09-25-2018 06:17:18.695 INFO LookupOperator - Loading lookup table='ossec_action_lookup', file size=779, modtime=1500632289
09-25-2018 06:17:18.695 INFO LookupOperator - Loading lookup table='ossec_object_category_lookup', file size=217, modtime=1500632289
09-25-2018 06:17:18.695 INFO LookupOperator - Loading lookup table='ossec_severities_lookup', file size=180, modtime=1500632289
09-25-2018 06:17:18.696 INFO LookupOperator - Loading lookup table='rsa_securid_change_status_lookup', file size=54, modtime=1500632290
09-25-2018 06:17:18.696 INFO LookupOperator - Loading lookup table='rsa_securid_severity_lookup_lookup', file size=84, modtime=1500632290
09-25-2018 06:17:18.696 INFO LookupOperator - Loading lookup table='rsa_securid_actions_lookup', file size=137, modtime=1500632290
09-25-2018 06:17:18.698 INFO LookupOperator - Using wildcard matching for field 'category_id' in lookup table 'websense_categories_lookup'
09-25-2018 06:17:18.698 INFO LookupOperator - Loading lookup table='websense_categories_lookup', file size=6061, modtime=1500632291
09-25-2018 06:17:18.698 INFO LookupOperator - Loading lookup table='websense_action_lookup', file size=54, modtime=1500632291
09-25-2018 06:17:18.698 INFO LookupOperator - Using wildcard matching for field 'status' in lookup table 'websense_http_statuses_lookup'
09-25-2018 06:17:18.698 INFO LookupOperator - Loading lookup table='websense_http_statuses_lookup', file size=1355, modtime=1500632291
09-25-2018 06:17:18.699 INFO LookupOperator - Loading lookup table='websense_severity_lookup', file size=119, modtime=1500632291
09-25-2018 06:17:18.906 INFO UnifiedSearch - Expanded index search = (index=nmon sourcetype=nmon_config (index=* OR index=))
09-25-2018 06:17:18.906 INFO UnifiedSearch - base lispy: [ AND index::nmon sourcetype::nmon_config [ OR index:: index::* ] ]
09-25-2018 06:17:18.908 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.908 INFO UserManager - Done setting user context: admin -> admin
09-25-2018 06:17:18.908 INFO FastSearchFilter - Finished initializing IndexScopedFilter - trivial=0, nTerms=0, oTerms=0, host=0, source=0, sourcetype=1, linecount=0 exactCustomCmp=0
09-25-2018 06:17:18.908 INFO UserManager - Unwound user context: admin -> admin
09-25-2018 06:17:18.908 INFO BatchSearch - Using Batch Search
09-25-2018 06:17:18.908 INFO BatchSearch - Clearing any DDM references
09-25-2018 06:17:18.908 INFO BatchSearch - index: nmon dbsize=0
09-25-2018 06:17:18.908 INFO UnifiedSearch - Initialization of search data structures took 3 ms
09-25-2018 06:17:18.909 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.909 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.910 INFO SearchParser - PARSING: litsearch (index=nmon sourcetype=nmon_config (index=* OR index=)) | eval nodename="Nmon_Config" | search nodename=Nmon_Config | rex field=_raw "(?i),host,(?P.+)" max_match=1 | rex field=_raw "(?i),version,(?P.+)" max_match=1 | rex field=_raw "(?i),command,(?P.+)" max_match=1 | rex field=_raw "(?i),OS,(?P[^,]+)" max_match=1 | rex field=_raw "AAA,cpus,(?P\d+)" max_match=1 | rex field=_raw "AAA,cpus,\d+,(?P\d+)" max_match=1 | rex field=_raw "AAA,AIX,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Online\sVirtual\sCPUs\s+\:\s(?P\d+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,online\sMemory,(?P\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"\s+Total\sPaging\sSpace:\s(?P\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sImplementation\sMode:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sClock\sSpeed:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"CPU\sType:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Kernel\sType:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Platform\sFirmware\slevel:\s(?P.+\w)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Machine\sSerial\sNumber:\s(?P.+)\\"" max_match=1 | rex field=_raw "AAA,SerialNumber,(?P\w+)" max_match=1 | eval AIX_Machine_SerialNumber=if(isnotnull(AIX_std_Machine_SerialNumber),AIX_std_Machine_SerialNumber,AIX_alt_Machine_SerialNumber) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Shared\sPool\sID\s+\:\s(?P.+)\\"" max_match=1 | eval AIX_PoolID=if((AIX_extracted_PoolID == "-"),"N/A",AIX_extracted_PoolID) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Maximum\sPhysical\sCPUs\sin\ssystem\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Active\sPhysical\sCPUs\sin\ssystem\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Active\sCPUs\sin\sPool\s+\:\s(?P.+)\\"" max_match=1 | eval AIX_PoolCPUs=if((AIX_extracted_PoolCPUs == "-"),"N/A",AIX_extracted_PoolCPUs) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\"Entitled\sCapacity\s+\:\s(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\"Processor\sType:\s(?P.+\w)\\"" max_match=1 | eval cpu_cores_combo=((AIX_virtualcpus + " / ") + cpu_cores_position2), AIX_logicalcores=if(isnotnull(cpu_cores_position2),cpu_cores_position2,cpu_cores_position1) | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+cpuinfo,.+model\sname.+:\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\"(?!LSB_VERSION|DISTRIB|NAME|ID|VERSION)(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\"Description:\s(?.+)\\"" max_match=1 | eval Linux_distribution=if(isnotnull(Linux_lsb_distribution),Linux_lsb_distribution,Linux_release_distribution) | rex field=raw "BBB.+,[0-9].+,lsb_release,\\"Distributor\s*ID:\s*(?.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\"Release:\s*(?.+)\\"" max_match=1 | eval Linux_vendor=if(isnotnull(Linux_lsb_distibutorid),Linux_lsb_distibutorid,"Undeterminated") | rex field=_raw "BBB.+,[0-9].+,lsb\_release,\\"Release:\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\"MemTotal:\s+(?P\d+)" max_match=1 | eval Linux_memory_MB=round((Linux_memory_kB / 1024),0) | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\"SwapTotal:\s+(?P\d+)" max_match=1 | eval Linux_swap_MB=round((Linux_swap_kB / 1024),0) | rex field=_raw "AAA,OS,Linux,(?P\d+.\d+).+,#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+),#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,.+,(?P.+),.+,.+" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+),.+,.+,.+" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\"\s+(?P.+)\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\s\-pv,\\"\s+(?P.+)\s*\(.+\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\s\-pv,.+clock\s(?P.+)\)\\"" max_match=1 | eval OStype=case((OS == "Linux"),"Linux",(OS == "Solaris"),"Solaris",isnotnull(AIX_LEVEL),"AIX",isnull(OS),"Unknown"), OS_Level=case(isnotnull(AIX_LEVEL),AIX_LEVEL,isnotnull(Solaris_version),Solaris_version,isnotnull(Linux_distribution),Linux_distribution), cpu_cores=if(isnotnull(AIX_virtualcpus),cpu_cores_combo,cpu_cores_position1), Processor=case(isnotnull(AIX_processor),AIX_processor,isnotnull(Solaris_processor),Solaris_processor,isnotnull(Linux_processor),Linux_processor) | rename AIX_LEVEL as "Nmon_Config.AIX_LEVEL", AIX_Machine_SerialNumber as "Nmon_Config.AIX_Machine_SerialNumber", AIX_PoolCPUs as "Nmon_Config.AIX_PoolCPUs", AIX_PoolID as "Nmon_Config.AIX_PoolID", AIX_alt_Machine_SerialNumber as "Nmon_Config.AIX_alt_Machine_SerialNumber", AIX_cpu_type as "Nmon_Config.AIX_cpu_type", AIX_entitled as "Nmon_Config.AIX_entitled", AIX_extracted_PoolCPUs as "Nmon_Config.AIX_extracted_PoolCPUs", AIX_extracted_PoolID as "Nmon_Config.AIX_extracted_PoolID", AIX_kernel_type as "Nmon_Config.AIX_kernel_type", AIX_logicalcores as "Nmon_Config.AIX_logicalcores", AIX_memory_MB as "Nmon_Config.AIX_memory_MB", AIX_pagingspace_MB as "Nmon_Config.AIX_pagingspace_MB", AIX_plateform_firmware_level as "Nmon_Config.AIX_plateform_firmware_level", AIX_processor as "Nmon_Config.AIX_processor", AIX_processor_clockspeed as "Nmon_Config.AIX_processor_clockspeed", AIX_processor_mode as "Nmon_Config.AIX_processor_mode", AIX_std_Machine_SerialNumber as "Nmon_Config.AIX_std_Machine_SerialNumber", AIX_system_active_CPUs as "Nmon_Config.AIX_system_active_CPUs", AIX_system_installed_CPUs as "Nmon_Config.AIX_system_installed_CPUs", AIX_virtualcpus as "Nmon_Config.AIX_virtualcpus", Linux_LEVEL as "Nmon_Config.Linux_LEVEL", Linux_distribution as "Nmon_Config.Linux_distribution", Linux_fullkernel as "Nmon_Config.Linux_fullkernel", Linux_kernel as "Nmon_Config.Linux_kernel", Linux_kernelversion as "Nmon_Config.Linux_kernelversion", Linux_lsb_distibutorid as "Nmon_Config.Linux_lsb_distibutorid", Linux_lsb_distribution as "Nmon_Config.Linux_lsb_distribution", Linux_lsb_releaseid as "Nmon_Config.Linux_lsb_releaseid", Linux_memory_MB as "Nmon_Config.Linux_memory_MB", Linux_memory_kB as "Nmon_Config.Linux_memory_kB", Linux_processor as "Nmon_Config.Linux_processor", Linux_release_distribution as "Nmon_Config.Linux_release_distribution", Linux_swap_MB as "Nmon_Config.Linux_swap_MB", Linux_swap_kB as "Nmon_Config.Linux_swap_kB", Linux_vendor as "Nmon_Config.Linux_vendor", Linux_version as "Nmon_Config.Linux_version", OS as "Nmon_Config.OS", OS_Level as "Nmon_Config.OS_Level", OStype as "Nmon_Config.OStype", Processor as "Nmon_Config.Processor", Solaris_LEVEL as "Nmon_Config.Solaris_LEVEL", Solaris_kernel as "Nmon_Config.Solaris_kernel", Solaris_processor as "Nmon_Config.Solaris_processor", Solaris_processor_clockspeed as "Nmon_Config.Solaris_processor_clockspeed", Solaris_sunOS_version as "Nmon_Config.Solaris_sunOS_version", Solaris_version as "Nmon_Config.Solaris_version", cpu_cores as "Nmon_Config.cpu_cores", cpu_cores_combo as "Nmon_Config.cpu_cores_combo", cpu_cores_position1 as "Nmon_Config.cpu_cores_position1", cpu_cores_position2 as "Nmon_Config.cpu_cores_position2", hostname as "Nmon_Config.hostname", nmon_command as "Nmon_Config.nmon_command", nmon_version as "Nmon_Config.nmon_version", uptime as "Nmon_Config.uptime"
09-25-2018 06:17:18.929 INFO LookupOperator - Using wildcard matching for field 'host' in lookup table 'dropdownsLookup'
09-25-2018 06:17:18.929 INFO LookupOperator - Loading lookup table='dropdownsLookup', file size=2301, modtime=1537833607
09-25-2018 06:17:18.930 INFO LookupOperator - Loading lookup table='nix_endpoint_change_action_lookup', file size=186, modtime=1500632298
09-25-2018 06:17:18.930 INFO LookupOperator - Loading lookup table='nix_endpoint_change_fs_notification_object_category_lookup', file size=57, modtime=1500632298
09-25-2018 06:17:18.930 INFO LookupOperator - Loading lookup table='nix_action_lookup', file size=413, modtime=1500632298
09-25-2018 06:17:18.931 INFO LookupOperator - Loading lookup table='nmon_inventory', file size=0, modtime=1537855205
09-25-2018 06:17:18.931 INFO LookupOperator - Loading lookup table='ossec_action_lookup', file size=779, modtime=1500632289
09-25-2018 06:17:18.931 INFO LookupOperator - Loading lookup table='ossec_object_category_lookup', file size=217, modtime=1500632289
09-25-2018 06:17:18.931 INFO LookupOperator - Loading lookup table='ossec_severities_lookup', file size=180, modtime=1500632289
09-25-2018 06:17:18.932 INFO LookupOperator - Loading lookup table='rsa_securid_change_status_lookup', file size=54, modtime=1500632290
09-25-2018 06:17:18.932 INFO LookupOperator - Loading lookup table='rsa_securid_severity_lookup_lookup', file size=84, modtime=1500632290
09-25-2018 06:17:18.932 INFO LookupOperator - Loading lookup table='rsa_securid_actions_lookup', file size=137, modtime=1500632290
09-25-2018 06:17:18.934 INFO LookupOperator - Using wildcard matching for field 'category_id' in lookup table 'websense_categories_lookup'
09-25-2018 06:17:18.934 INFO LookupOperator - Loading lookup table='websense_categories_lookup', file size=6061, modtime=1500632291
09-25-2018 06:17:18.934 INFO LookupOperator - Loading lookup table='websense_action_lookup', file size=54, modtime=1500632291
09-25-2018 06:17:18.934 INFO LookupOperator - Using wildcard matching for field 'status' in lookup table 'websense_http_statuses_lookup'
09-25-2018 06:17:18.934 INFO LookupOperator - Loading lookup table='websense_http_statuses_lookup', file size=1355, modtime=1500632291
09-25-2018 06:17:18.935 INFO LookupOperator - Loading lookup table='websense_severity_lookup', file size=119, modtime=1500632291
09-25-2018 06:17:18.937 INFO SearchParser - PARSING: typer | tags
09-25-2018 06:17:18.962 INFO FastTyper - found nodes count: comparisons=100, unique_comparisons=61, terms=4, unique_terms=4, phrases=12, unique_phrases=12, total leaves=116
09-25-2018 06:17:18.970 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.970 INFO UserManager - Done setting user context: admin -> admin
09-25-2018 06:17:18.970 INFO FastSearchFilter - Finished initializing IndexScopedFilter - trivial=0, nTerms=0, oTerms=0, host=0, source=0, sourcetype=1, linecount=0 exactCustomCmp=0
09-25-2018 06:17:18.970 INFO UserManager - Unwound user context: admin -> admin
09-25-2018 06:17:18.970 INFO BatchSearch - Using Batch Search
09-25-2018 06:17:18.970 INFO BatchSearch - Clearing any DDM references
09-25-2018 06:17:18.970 INFO BatchSearch - index: nmon dbsize=0
09-25-2018 06:17:18.970 INFO UnifiedSearch - Initialization of search data structures took 34 ms
09-25-2018 06:17:18.970 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.970 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.972 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.972 INFO TsidxStats - Getting buckets for index=nmon
09-25-2018 06:17:18.972 INFO TsidxStats - Using lispy:[ AND nodename::nmon_config ] query_et=1537250400 query_lt=1537856237 info._startTime=1537250400.000000 info._endTime=1537856238.000000
09-25-2018 06:17:18.972 INFO TsidxStats - Sorting 0 buckets in time descending order
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='(?::){0}*_app_logs' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='(?i)source::....zip(.\d+)?' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='127.0.0.1' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='ActiveDirectory' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='New Text Document-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='PerformanceMonitor' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='Unix:UserAccounts' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='WinNetMonMk' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='WinPrintMon' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='WinRegistry' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='WinWinHostMon' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='singleline' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='_json' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='access_combined' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='access_combined_wcookie' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='access_common' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager-7' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_controllers-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_eventhandler-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_incidentcontext-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_notifications-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_suppression_helper-2' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_suppression_helper-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_metadata' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_results' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='anaconda' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='anaconda_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='apache_error' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='asterisk_cdr' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='asterisk_event' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='asterisk_messages' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='asterisk_queue' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='backup_file' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='batch_scripts' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='breakable_text' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='catalina' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='checksplunk' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='cisco:asa' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='cisco_cdr' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='cisco_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='clavister' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='collectd_http' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='csv' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='cups_access' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='cups_error' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='db2_diag' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='default' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='delayedrule::breakable_text' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='delayedrule::syslog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='django_access' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='django_error' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='django_service' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='dmesg' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='exchange' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='exim_main' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='exim_reject' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='export_metrics-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='fileTrackerCrcLog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='first_install-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='nix_endpoint_change_action_lookup' for conf='fs_notification' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='fs_notification' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='nix_endpoint_change_fs_notification_object_category_lookup' for conf='fs_notification' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='ftp' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='generic_single_line' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='http_event_collector_metrics' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='ignored_type' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='iis' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='incident_change' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='jenkins-14' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='json_no_timestamp' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='known_binary' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='kvstore' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='lastlog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='linux_audit' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='linux_bootlog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='linux_messages_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='nix_action_lookup' for conf='linux_secure' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='linux_secure' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='log4j' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='log4net_xml' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='log4php' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='manpage' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='metrics_csv' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='middleware_app_logs' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='midtier_app_logs' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='misc_text' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mobile_access' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mongod' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mysql_slow' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mysqld' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mysqld_bin' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mysqld_error' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_clean:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_collect:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_config' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_config:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='nmon_inventory' for conf='nmon_data' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_data' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_data:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_processing' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_processing:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='novell_groupwise' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='openioc' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='oracletype' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='ossec_action_lookup' for conf='ossec' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='ossec' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='ossec_object_category_lookup' for conf='ossec' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='ossec_severities_lookup' for conf='ossec' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_asl' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_crash_log' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_crashreporter' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_daily' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_install' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_monthly' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='nix_action_lookup' for conf='osx_secure' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_secure' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_weekly' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_window_server' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='paladin-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='pdfgen-2' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='pdfgen-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='postfix_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-Z' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-bzip' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-gzip' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-tar' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-targz' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-winevt' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-zip' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='procmail' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='psv' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-10' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-11' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-12' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-13' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-2' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-3' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-4' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-5' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-6' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-7' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-8' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-9' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-10' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-2' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-3' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-4' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-5' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-6' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-7' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-8' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-9' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rpmpkgs' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_change_status_lookup' for conf='rsa:securid:admin:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_severity_lookup_lookup' for conf='rsa:securid:admin:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rsa:securid:admin:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_actions_lookup' for conf='rsa:securid:runtime:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_change_status_lookup' for conf='rsa:securid:runtime:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_severity_lookup_lookup' for conf='rsa:securid:runtime:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rsa:securid:runtime:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rsa:securid:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_severity_lookup_lookup' for conf='rsa:securid:system:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rsa:securid:system:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='ruby_on_rails' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::access_combined' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::access_combined_wcookie' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::access_common' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::exim_main' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::postfix_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::sendmail_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::snort' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='sar' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='scHeadlinesHandler-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='scheduler' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='searches' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='sendmail_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='simontest' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='snort' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='source::(?:::){0}*invocationEvents.log' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='source::...((.(bak|old))|,v|~|#)' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='source::....(0t|a|ali|asa|au|bmp|cg|cgi|class|d|dat|deb|del|dot|dvi|dylib|elc|eps|exe|ftn|gif|hlp|hqx|hs|icns|ico|inc|iso|jame|jin|jpeg|jpg|kml|la|lhs|lib|lo|lock|mcp|mid|mp3|mpg|msf|nib|o|obj|odt|ogg|ook|opt|os|pal|pbm|pdf|pem|pgm|plo|png|po|pod|pp|ppd|ppm|ppt|prc|ps|psd|psym|pyc|pyd|rast|rb|rde|rdf|rdr|rgb|ro|rpm|rsrc|so|ss|stg|strings|tdt|tif|tiff|tk|uue|vhd|xbm|xlb|xls|xlw)' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='source::....(? NULL
09-25-2018 06:17:18.996 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.996 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:19.011 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:19.013 INFO UserManager - Setting user context: admin
09-25-2018 06:17:19.013 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:19.013 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:19.013 INFO DispatchManager - DispatchManager::dispatchHasFinished(id='adminadminnmon_RMD50bf1c9c79bc13548_at_1537856238_13363_D23FC9B5-262E-422F-81CF-45B5F5C63769', username='admin')
09-25-2018 06:17:19.018 INFO UserManager - Unwound user context: admin -> NULL
... View more