The dojo of Splunk. Learn, share, teach, mentor.
-
nick fox
- london
- United Kingdom
- Share
- Share on Twitter
- Share on Facebook
- Blog Posts
- Discussions (6)
- Events
- Videos
- nick fox's Apps (1)
nick fox's Discussions
splunk errors - splunk-optimize failed to start
is this anything serious to worry about? and does it impact me in any way?cheers
Started Feb 13
segmentation and text/XML files
9 Replies
Hi I have just started implementing splunk for some of our application logging and while most logs seem to be working well we have a small issue with some XML messages. I say messages because the XM…
Tagged: rpc, xml, segmentation
Started this discussion. Last reply by Bob Munson Jan 24.
nick fox's Page
Gifts Received
nick fox has not received any gifts yet
Latest Activity
is this anything serious to worry about? and does it impact me in any way?cheers
When you create an index, you may not have noticed but splunk tells you to restart at the top of the screen so you did exactly what you needed to.
This works fantastic, thanks very much.
on another note, It seems that when i create a new index and then go to data inputs even though i can select the index i created in the drop down i cannot save, i get an error at the top saying index not reco…
You should be cool doing this:
1. Manually Sourcetype your input. I called mine "myxml". (this can be done at the GUI when you monitor the directory, or in the $SPLUNK_HOME/etc/apps/search/local/inputs.conf file. Mine looks like this:
2. Configu…
good question. the first message is not timestamped on recipt so if there is a delay in transmission from the other side that first xml message may be inaccurate.
i think the timestamp in the second message where we are forwarding it is the best, t…
More helpful than Splunk?.. well. that is why i started this community, because i think it could be far better than the Splunk forums (which are buried), and possibly better than the best practices in the docs.... but yes.. I do work for Splunk.. Fi…
wow ur more helpful than splunk! you dont work for splunk do you?
Hmm good question. it might be useful in the long run to have each xml message indexed, for reporting etc but for now it would be great to just index the whole file, and maybe later…
Ok.. one more simple question... ultimately it seems like you'd just like each of these files indexed.. preferrably with a proper sourcetype.
Would you like the file as one event... or the responses split up in to single events? and which field con…
ok so format is as follows: text on line 1, a cert id then xml followed by captured response xml and then duplicated again for the transmission, thats subject to change if unable to respond due to system being down etc.. (the line of hyphens are not…
Couple o' Questions for ya!
Is each file a message?
Is there a timestamp in the message?
Is the created date on the file the time the event occured?
What sourcetype is splunk assigning when it indexes the files?
Hi
I have just started implementing splunk for some of our application logging and while most logs seem to be working well we have a small issue with some XML messages.
I say messages because the XML-RPC for a particular system is logged in individ…
Profile Information
- Are you an existing splunk user?
- Free
- What do you do for your day job?
- applications analyst
Comment Wall
- No comments yet!
Videos
Latest Splunk Community Postings
© 2010 Created by Michael Wilde.
Powered by 
.
