Videos

  • Add Videos
  • View All

Top Content 

1 Count failures and success via transaction

Count failures and success via transaction

Latest Activity

Profile IconWilliam S and Please... Dee Esssss :-) joined splunkninja
1 hour ago
Amine Recoba is now a member of splunkninja
yesterday
Welcome Them!
Michael Wilde replied to Nikita's discussion Count failures and success via transaction
"How are these transactions linked together... by a field called "ID"?  If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it.   Paste some samples and…"
Friday
Linus Myrefelt updated their profile
May 22
Marie updated their profile
May 21
Marie is now a member of splunkninja
May 21
Welcome Them!
Profile IconJitter and matthew arguin joined splunkninja
May 18
Profile IconMatthew Carter and Nikita joined splunkninja
May 17
nick fox
  • london
  • United Kingdom
Share on Facebook Share on Facebook Share Twitter

nick fox's Discussions

splunk errors - splunk-optimize failed to start

is this anything serious to worry about? and does it impact me in any way?cheersContinue

Started Feb 13, 2010

segmentation and text/XML files
9 Replies

HiI have just started implementing splunk for some of our application logging and while most logs seem to be working well we have a small issue with some XML messages.I say messages because the…Continue

Tags: rpc, xml, segmentation

Started this discussion. Last reply by Bob Munson Jan 24, 2010.

 

nick fox's Page

Gifts Received

Gift

nick fox has not received any gifts yet

Give nick fox a Gift

Latest Activity

nick fox posted a discussion

splunk errors - splunk-optimize failed to start

is this anything serious to worry about? and does it impact me in any way?cheersSee More
Feb 13, 2010
0 Comments
Bob Munson replied to nick fox's discussion segmentation and text/XML files
"When you create an index, you may not have noticed but splunk tells you to restart at the top of the screen so you did exactly what you needed to."
Jan 24, 2010
nick fox replied to nick fox's discussion segmentation and text/XML files
"This works fantastic, thanks very much. on another note, It seems that when i create a new index and then go to data inputs even though i can select the index i created in the drop down i cannot save, i get an error at the top saying index not…"
Nov 10, 2009
Michael Wilde replied to nick fox's discussion segmentation and text/XML files
"You should be cool doing this: 1. Manually Sourcetype your input. I called mine "myxml". (this can be done at the GUI when you monitor the directory, or in the $SPLUNK_HOME/etc/apps/search/local/inputs.conf file. Mine looks like…"
Nov 7, 2009
nick fox replied to nick fox's discussion segmentation and text/XML files
"good question. the first message is not timestamped on recipt so if there is a delay in transmission from the other side that first xml message may be inaccurate. i think the timestamp in the second message where we are forwarding it is the best,…"
Nov 6, 2009
Michael Wilde replied to nick fox's discussion segmentation and text/XML files
"More helpful than Splunk?.. well. that is why i started this community, because i think it could be far better than the Splunk forums (which are buried), and possibly better than the best practices in the docs.... but yes.. I do work for Splunk..…"
Nov 6, 2009
nick fox replied to nick fox's discussion segmentation and text/XML files
"wow ur more helpful than splunk! you dont work for splunk do you? Hmm good question. it might be useful in the long run to have each xml message indexed, for reporting etc but for now it would be great to just index the whole file, and maybe later…"
Nov 6, 2009
Michael Wilde replied to nick fox's discussion segmentation and text/XML files
"Ok.. one more simple question... ultimately it seems like you'd just like each of these files indexed.. preferrably with a proper sourcetype. Would you like the file as one event... or the responses split up in to single events? and which…"
Nov 5, 2009
nick fox replied to nick fox's discussion segmentation and text/XML files
"ok so format is as follows: text on line 1, a cert id then xml followed by captured response xml and then duplicated again for the transmission, thats subject to change if unable to respond due to system being down etc.. (the line of hyphens are not…"
Nov 5, 2009
Michael Wilde replied to nick fox's discussion segmentation and text/XML files
"Couple o' Questions for ya! Is each file a message? Is there a timestamp in the message? Is the created date on the file the time the event occured? What sourcetype is splunk assigning when it indexes the files?"
Nov 5, 2009
nick fox posted a discussion

segmentation and text/XML files

HiI have just started implementing splunk for some of our application logging and while most logs seem to be working well we have a small issue with some XML messages.I say messages because the XML-RPC for a particular system is logged in individual files rather than a log and there are around 40-50k files produced each day.to increase indexing and reduce disk space i THINK we need to alter the way splunk indexes the files. I assume we need to index the entire contents of the file by setting…See More
Nov 4, 2009
9 Comments
nick fox is now a member of splunkninja
Nov 4, 2009
Welcome Them!

Profile Information

Are you an existing splunk user?
Free
What do you do for your day job?
applications analyst

Comment Wall

  • No comments yet!

You need to be a member of splunkninja to add comments!

Join splunkninja

 
 
 

© 2012   Created by Michael Wilde.

Badges  |  Report an Issue  |  Terms of Service