Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About pimco_rgoyal
pimco_rgoyal
Observer
Member since:
06-14-2017
04-21-2023
Community Statistics
| Posts | 18 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 06-14-2017 |
Activity Feed
- Posted How to create indexes in Splunk cloud using rest API? on Getting Data In. 03-22-2018 03:37 AM
- Tagged How to create indexes in Splunk cloud using rest API? on Getting Data In. 03-22-2018 03:37 AM
- Tagged How to create indexes in Splunk cloud using rest API? on Getting Data In. 03-22-2018 03:37 AM
- Tagged How to create indexes in Splunk cloud using rest API? on Getting Data In. 03-22-2018 03:37 AM
- Tagged How to create indexes in Splunk cloud using rest API? on Getting Data In. 03-22-2018 03:37 AM
- Posted What is the best way to send data to Splunk HTTP Event collector? UDP vs forwarder? on Getting Data In. 10-26-2017 08:14 PM
- Tagged What is the best way to send data to Splunk HTTP Event collector? UDP vs forwarder? on Getting Data In. 10-26-2017 08:14 PM
- Tagged What is the best way to send data to Splunk HTTP Event collector? UDP vs forwarder? on Getting Data In. 10-26-2017 08:14 PM
- Tagged What is the best way to send data to Splunk HTTP Event collector? UDP vs forwarder? on Getting Data In. 10-26-2017 08:14 PM
- Posted Re: Unable to use regex to index logs on Splunk Search. 10-01-2017 10:28 PM
- Posted Re: Unable to use regex to index logs on Splunk Search. 10-01-2017 09:55 PM
- Posted Unable to use regex to index logs on Splunk Search. 10-01-2017 09:07 PM
- Tagged Unable to use regex to index logs on Splunk Search. 10-01-2017 09:07 PM
- Tagged Unable to use regex to index logs on Splunk Search. 10-01-2017 09:07 PM
- Tagged Unable to use regex to index logs on Splunk Search. 10-01-2017 09:07 PM
- Posted Re: Does splunk have any limitation to index recursive directories on NFS from sub directories ? on Splunk Enterprise. 08-23-2017 04:24 AM
- Posted Re: Does splunk have any limitation to index recursive directories on NFS from sub directories ? on Splunk Enterprise. 08-23-2017 04:03 AM
- Posted Re: Does splunk have any limitation to index recursive directories on NFS from sub directories ? on Splunk Enterprise. 08-23-2017 04:02 AM
- Posted Unable to blacklist multiple patterns using "|" in inputs.conf ? on Splunk Search. 08-23-2017 12:13 AM
- Tagged Unable to blacklist multiple patterns using "|" in inputs.conf ? on Splunk Search. 08-23-2017 12:13 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
03-22-2018
03:37 AM
I need to automate a new deployment at our end and for Splunk monitoring to be automated need to make a rest call to create index in Cloud on the fly. Is that doable?
... View more
10-26-2017
08:14 PM
Hi,
Can someone please help guide me based on experience? What is the best mechanism to stream data to Splunk? As part of our organization we have built a custom logger service that can make a REST call (internally this service would then use HTTP event collector) and send data to Splunk. Some of these apps had issues in Splunk HTTP collector with JavaScript/typescript. The constraint with forwarder is that many of these apps have multiple clients wherein it might be difficult to achieve a Forwarder setup. Lastly, with UDP we have seen few reviews that show event loss issues.
Thanks
... View more
10-01-2017
10:28 PM
Does not help resolve. Suspect this is some other issue and not something related to regex.
... View more
10-01-2017
09:55 PM
Does not help. Still not picking up logs as expected. What is strange is that my configuration is working fine as expected in Dev instance of our Splunk. I checked the props.conf to see if any diff that could result in this but found nothing.
... View more
10-01-2017
09:07 PM
Hi, I wish to configure splunk forwarder to pick logs from a directory that match any of the below patterns. Essentially anything that matches the regex "/^(jacket.)?[^\.]*-[^\.]*(.jvm)?.log$/" . I tried to make below changes to inputs.conf but it is not working as expected. Can someone help guide how to debug further ?
may start with “jacket.”
must have at least one hyphen
must end in “.log” or “.jvm.log”
must not have any other “.” characters
Inputs.conf
[monitor:///base/apps/logs]
disabled = false
index = test
sourcetype = _json
whitelist = ^(jacket.)?[^\.]*-[^\.]*(.jvm)?.log$
blacklist = \.gz$
... View more
08-23-2017
04:24 AM
Yes correct
... View more
08-23-2017
04:03 AM
But just to add I did try adding CRC salt as well which did not seem to have fixed the issue.
... View more
08-23-2017
04:02 AM
My bad, I do see an error reported as below.
ERROR TailingProcessor - File will not be read, is too small to match seekptr checksum (file=/appl/proddata/tmp/U/LOG_FILES/elixir_logs/FXModel/20170804_143057_28122/TWDCNY/2017-07-26_1/main.log). Last time we saw this initcrc, filename was different. You may wish to use a CRC salt on this source. Consult the documentation or file a support case online at http://www.splunk.com/page/submit_issue for more info.
... View more
08-23-2017
12:13 AM
I have used the below configuration as part of my inputs.conf but am unable to blacklist the logs that end with client.log and server.log using this. For now I had to explicitly add "blacklist = .server.log$" to blacklist them. Any changes needed to fix and get this working here ?
... View more
08-22-2017
11:48 PM
Dont see any errors reported that can help point out to the root cause for this.
... View more
08-22-2017
11:47 PM
No dont have count of main.log's counting to 1000's not does CPU take a spike on the node where the forwarder is installed.
... View more
08-21-2017
07:50 AM
Yes there are large number of files as part of this directory.
... View more
08-20-2017
09:26 PM
No this failed to help work as well.
... View more
08-18-2017
10:52 PM
Hi all, I was trying to configure a log pattern main.log from using recursive option. However splunk is failing to pick up any new files created and I dont see any errors as part of the _internal log as well. When I tried to enable the recursive option for it seemed to work fine. Is there any workaround or solution to fixing this ? From what I saw wildcard or regex also do not allow more than 2 directories.
index = app_elixir_rg
recursive = true
sourcetype = elixir
whitelist = main.log
... View more
06-16-2017
10:40 AM
Awesome ! Looks like this to be the issue. I will dig more into why we have multivalue fields as part of our logs.
... View more
06-15-2017
11:24 PM
Yes, message field is very much there and it has valid content as well. Also field name casing is the same that I used as part of my query.
... View more
06-14-2017
10:50 PM
I have a field under the name of message that contains the content describing each of the log level. For the alert I have used the substr function to extract the first 300 characters of the message to avoid making email content heavy. However using the same just gives me a blank field. Below is the query to give you more idea.
index="web_rev3" _index_earliest=-15m@m _index_latest=now (level=ERROR OR level=FATAL) | eval Service=substr(index, 5) | eval Time=strftime(_time, "%m/%d %H:%M:%S") | eval msg=substr(msg,1, 300) | eval msg= msg . "..." | table Time, Service, msg | head 20
... View more
06-14-2017
01:49 PM
The substr function is not working for json logs for us in 6.5.2 for Dev version. Whereas the Prod version of the Splunk seems to be supporting the same.
I checked the builds as well, both have the same. Log format is consistent across the two environments as well. Any clue as to what the case be here ?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-21-2023
12:46 AM
|
