"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"
The dojo of Splunk. Learn, share, teach, mentor.
Videos
Latest Activity
Nikita posted a discussionCount failures and success via transaction
Hi,I'm a new in Splunk so sorry for the stupid questions.I want to calculate failures in logs.For example we have request log and response log."request" OR ("fail" OR "response") |transaction startsWith=("request") endsWith=("fail" OR "response") maxpause=5s keepevicted=false maxspan=25s id |eval Failure=if(searchmatch("fail"),1,0)| eval Success=if(searchmatch("response"),1,0) | stats count(Failure) as FailureCount, count(Success) as SuccessCount | table FailureCount SuccessCountThat query…See More
Application Deployment
Is there a Splunk application deployment service built in to the Splunk server? I know I can setup a deployment server, but it looks like it is there to push and update configuration settings. I am looking for a way to mass push out the Splunk application to my Windows and Linux servers.
Tags: application, deployment, install, linux, windows
Views: 157
Replies to This Discussion
-
Permalink Reply by Michael Wilde on -
Apps are just config files. Deployment server/client can work with any Splunk config file and make them available for the deployment client service to pull down. Splunk's deployment model is pull--where the client checks in with server, downloads changes and executes them locally.
Define server classes docs: http://www.splunk.com/base/Documentation/latest/Admin/Definedeploym...
Deploy! http://www.splunk.com/base/Documentation/latest/Admin/Updateconfigu...
-
Permalink Reply by Tony Reinke on -
What I would like to do is to install the Splunk agent on multiple servers. Push the MSI file to a list of Windows based servers. Right now I am looking at the first wave of Window servers being around 350 servers.
-
Permalink Reply by Michael Wilde on
-
Not sure if you aware, but in the current version, Splunk (deployment server/client) does not push its own working bits and binaries out. You need to use some other mechanism, like an MSI via a group policy object. (or another software deployment tool). You can silently install Splunk, and give it command line args at the MSI for settings like "host to forward to"--however, the one thing that is not in the MSI (As far as i know is configuration of deployment client). In practice, you'd have to do a silent MSI install, and at the same time, either create (with a script), or copy down a deployment client configuration file so the "forwarder/agent" knew where to call home for configuration changes.
Not all that difficult, but just wanted to make you aware. I'll check to see when "deployment client" settings are coming to MSI installer.
© 2012 Created by Michael Wilde.
