Hi DD,
thanks for quick reply. I manually defined the sourcetype "splunk_java_agent" and "tcp_raw" as indicated but none of them works. Is there any extra step missed to configure "splunk_java_agent"? from your slides, I know this sourcetype should work.
here is the main app jvm splunkagent.properties. the main modifications from your default file is the host, port and whitelist
See the README for definition of the propertys
---------------------
Common Agent options
---------------------
agent.app.name=verifier
agent.app.instance=verifierJVM1
agent.userEventTags=key1=value1,key2=value2
-------------------------
Splunk Transport options
-------------------------
splunk.transport.internalQueueSize=10000
splunk.transport.impl=com.splunk.javaagent.transport.SplunkTCPTransport
splunk.transport.impl=com.splunk.javaagent.transport.SplunkStdOutTransport
splunk.transport.tcp.host=172.16.3.1
splunk.transport.tcp.port=5250
splunk.transport.tcp.maxQueueSize=5MB
splunk.transport.tcp.dropEventsOnQueueFull=false
-----------------------------------
Class/Method/Error Tracing options
-----------------------------------
trace.whitelist=com.tealium.tiqverifier.selenium.UtagVerifyDataProcessor:verify,com.tealium.rest.endpoints.tiqverifier.VerifierConfigurationRestResource:runTestConfig
trace.blacklist=com/sun,sun/,java/,javax/,com/splunk/javaagent/
trace.methodEntered=true
trace.methodExited=true
trace.classLoaded=true
trace.errors=true
------------------------------
HPROF Dump Collection options
------------------------------
periodically dump hprof file(using JMX operation call), read in file & parse, send events to Splunk, delete file
trace.hprof=true
trace.hprof.tempfile=mydump.hprof
trace.hprof.tempfile=/etc/tmp/dump.hprof
in seconds
trace.hprof.frequency=30
trace.hprof.recordtypes=2,3,4
by default , all hprof records will be traced, but you can provide a comma delimited list of
specific record types to trace, the numbers are decimal values from the hprof spec.
HPROF RECORD TYPE CODE
==================================
HPROF_UTF8 1
HPROF_LOAD_CLASS 2
HPROF_UNLOAD_CLASS 3
HPROF_FRAME 4
HPROF_TRACE 5
HPROF_ALLOC_SITES 6
HPROF_HEAP_SUMMARY 7
HPROF_START_THREAD 10
HPROF_END_THREAD 11
HPROF_HEAP_DUMP 12
HPROF_HEAP_DUMP_SEGMENT 28
HPROF_HEAP_DUMP_END 44
HPROF_CPU_SAMPLES 13
HPROF_CONTROL_SETTINGS 14
Heap dumps(codes 12 & 28) can have subrecords , so you can use ":" notation to reference these values
trace.hprof.recordtypes=12:1,12:32,12:33,12:34
HEAPDUMP SUB RECORD TYPE CODE
=========================================
SUBRECORD_GC_ROOT_UNKNOWN -1
SUBRECORD_GC_ROOT_JNI_GLOBAL 1
SUBRECORD_GC_ROOT_JNI_LOCAL 2
SUBRECORD_GC_ROOT_JAVA_FRAME 3
SUBRECORD_GC_ROOT_NATIVE_STACK 4
SUBRECORD_GC_ROOT_STICKY_CLASS 5
SUBRECORD_GC_ROOT_THREAD_BLOCK 6
SUBRECORD_GC_ROOT_MONITOR_USED 7
SUBRECORD_GC_ROOT_THREAD_OBJ 8
SUBRECORD_GC_CLASS_DUMP 32
SUBRECORD_GC_INSTANCE_DUMP 33
SUBRECORD_GC_OBJ_ARRAY_DUMP 34
SUBRECORD_GC_PRIM_ARRAY_DUMP 35
--------------------------------------------------------
JMX attribute/operation/notification collection options
--------------------------------------------------------
Embedded JMX polling , all other JMX config is in the JMX XML configuration file.
trace.jmx=true
name of XML files(minus the ".xml" suffix) that should reside in the root of splunkagent.jar
trace.jmx.configfiles=jmx
trace.jmx.configfiles=goo,foo
in seconds
trace.jmx.default.frequency=30
trace.jmx.goo.frequency=30
... View more