Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Getting Data In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- micro focus Service Manager logs parsing
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
micro focus Service Manager logs parsing
splunking4me
Explorer
11-04-2020
03:29 AM
Spoiler
Hi Everyone,
i want to parse the below custom Application logs, Need your help and advises.
12084( 14140) 11/02/2020 15:39:09 RTE I Base login Response: 0.999 -- RAD: 0.000 JS: 0.313 Log:0.000 Database: 0.686(00910) LDAP: 0.000 LoadBalancer: 0.000 (CPU 0.171) application:login,cleanup
12084( 14140) 11/02/2020 15:39:09 RTE I -Memory : S(4638608) O(809484) MAX(5448092) - MALLOC's Total(143004)
12084( 14140) 11/02/2020 15:39:08 RTE I User integration has logged in and is using a Named license ( 17 out of a maximum 50 )
12084( 14140) 11/02/2020 15:39:08 JRTE I GUID=b2125754-dcca-41a2-846f-f7783841fd8e
12084( 14140) 11/02/2020 15:39:08 RTE I SQL Server default schema is dbo
12084( 14140) 11/02/2020 15:39:08 RTE I MS SQL Server collation 'Arabic_100_CI_AS', varchar codepage 1256, comparison 196609: case insensitive, accent sensitive
12084( 14140) 11/02/2020 15:39:08 RTE I Connected to Data source 'SM' SQL server 'JUSTQQ-HPSQL01' version: 12.0.6329 through SQL driver version: 10.0.14393 using database 'SMPP' as user 'dbo'
12084( 14140) 11/02/2020 15:39:08 RTE I Connection established to dbtype 'sqlserver' database 'SM' user 'sm'
12084( 14140) 11/02/2020 15:39:08 RTE I API=SQLConnect
12084( 14140) 11/02/2020 15:39:08 RTE I Info: SQL State: 01000-5703 Message: [Microsoft][ODBC SQL Server Driver][SQL Server]Changed language setting to us_english.
12084( 14140) 11/02/2020 15:39:08 RTE I Info: SQL State: 01000-5701 Message: [Microsoft][ODBC SQL Server Driver][SQL Server]Changed database context to 'SMAPP'.
12084( 11436) 11/02/2020 15:39:08 JRTE I Webservice API session - Thread ID: 7C5ACF86B350A4A66FA0B58E083; Client IP: 192.168.1.1; session timeout: 45 seconds
12084( 14140) 11/02/2020 15:39:08 RTE I Total sessions since process began: 53144
12084( 14140) 11/02/2020 15:39:08 RTE I Thread 7C5ACF86B350A4A66FA795130B58E083 initialization done. Thread 1 of 50.
12084( 14140) 11/02/2020 15:39:08 RTE I Thread attaching to resources with key 0x61E13C00
12084( 14140) 11/02/2020 15:39:08 RTE I Host network address: 10.10.1.1
12084( 14140) 11/02/2020 15:39:08 RTE I Process sm 9.64.1003 (P1) System: 14080 (0x61E13C00) on PC (x64 64-bit) running Windows (6.2 Build 9200) Timezone GMT+03:00 Locale en_US from JUSTQR-SM01
12084( 14140) 11/02/2020 15:39:08 RTE I Using "utalloc" memory manager, mode [0]
12084( 11436) 11/02/2020 15:39:08 JRTE I Creating new worker thread 7C5ACF86B350A4A66FA0B58E083 t@52
9048( 19280) 11/02/2020 15:39:08 RAD I [INFO][urlCreator]: ====>https://xxxx.domain.com/src?ctx=docEngine&file=probsummary&query=number%3%22IM363572%22&action=&titl...
15984( 20140) 11/02/2020 15:39:07 RAD I [INFO][urlCreator]: ====>https://xxxx.domain.com/src?ctx=docEngine&file=probsummary&query=number%3%22IM363572%22&action=&titl...
15984( 20140) 11/02/2020 15:39:06 RAD I [INFO][urlCreator]: ====>https://xxxx.domain.com/src?ctx=docEngine&file=probsummary&query=number%3%22IM363572%22&action=&titl...
7440( 11732) 11/02/2020 15:39:05 RTE A Performance-7-$G.imAreas, Globallist $G.imAreas contains too many items! num=705 ; application(display), panel(show.rio)
7440( 11732) 11/02/2020 15:39:05 RTE A Performance-7-$G.imAreas.local, Globallist $G.imAreas.local contains too many items! num=705 ; application(display), panel(show.rio)
7440( 11732) 11/02/2020 15:39:05 RTE I -Memory : S(12882272) O(3118468) MAX(16000740) - MALLOC's Total(781539)
6984( 192) 11/02/2020 15:39:05 RAD I [INFO][urlCreator]: ====>https://xxxx.domain.com/src?ctx=docEngine&file=probsummary&query=number%3%22IM363572%22&action=&titl...
i want to parse the below custom Application logs, Need your help and advises.
12084( 14140) 11/02/2020 15:39:09 RTE I Base login Response: 0.999 -- RAD: 0.000 JS: 0.313 Log:0.000 Database: 0.686(00910) LDAP: 0.000 LoadBalancer: 0.000 (CPU 0.171) application:login,cleanup
12084( 14140) 11/02/2020 15:39:09 RTE I -Memory : S(4638608) O(809484) MAX(5448092) - MALLOC's Total(143004)
12084( 14140) 11/02/2020 15:39:08 RTE I User integration has logged in and is using a Named license ( 17 out of a maximum 50 )
12084( 14140) 11/02/2020 15:39:08 JRTE I GUID=b2125754-dcca-41a2-846f-f7783841fd8e
12084( 14140) 11/02/2020 15:39:08 RTE I SQL Server default schema is dbo
12084( 14140) 11/02/2020 15:39:08 RTE I MS SQL Server collation 'Arabic_100_CI_AS', varchar codepage 1256, comparison 196609: case insensitive, accent sensitive
12084( 14140) 11/02/2020 15:39:08 RTE I Connected to Data source 'SM' SQL server 'JUSTQQ-HPSQL01' version: 12.0.6329 through SQL driver version: 10.0.14393 using database 'SMPP' as user 'dbo'
12084( 14140) 11/02/2020 15:39:08 RTE I Connection established to dbtype 'sqlserver' database 'SM' user 'sm'
12084( 14140) 11/02/2020 15:39:08 RTE I API=SQLConnect
12084( 14140) 11/02/2020 15:39:08 RTE I Info: SQL State: 01000-5703 Message: [Microsoft][ODBC SQL Server Driver][SQL Server]Changed language setting to us_english.
12084( 14140) 11/02/2020 15:39:08 RTE I Info: SQL State: 01000-5701 Message: [Microsoft][ODBC SQL Server Driver][SQL Server]Changed database context to 'SMAPP'.
12084( 11436) 11/02/2020 15:39:08 JRTE I Webservice API session - Thread ID: 7C5ACF86B350A4A66FA0B58E083; Client IP: 192.168.1.1; session timeout: 45 seconds
12084( 14140) 11/02/2020 15:39:08 RTE I Total sessions since process began: 53144
12084( 14140) 11/02/2020 15:39:08 RTE I Thread 7C5ACF86B350A4A66FA795130B58E083 initialization done. Thread 1 of 50.
12084( 14140) 11/02/2020 15:39:08 RTE I Thread attaching to resources with key 0x61E13C00
12084( 14140) 11/02/2020 15:39:08 RTE I Host network address: 10.10.1.1
12084( 14140) 11/02/2020 15:39:08 RTE I Process sm 9.64.1003 (P1) System: 14080 (0x61E13C00) on PC (x64 64-bit) running Windows (6.2 Build 9200) Timezone GMT+03:00 Locale en_US from JUSTQR-SM01
12084( 14140) 11/02/2020 15:39:08 RTE I Using "utalloc" memory manager, mode [0]
12084( 11436) 11/02/2020 15:39:08 JRTE I Creating new worker thread 7C5ACF86B350A4A66FA0B58E083 t@52
9048( 19280) 11/02/2020 15:39:08 RAD I [INFO][urlCreator]: ====>https://xxxx.domain.com/src?ctx=docEngine&file=probsummary&query=number%3%22IM363572%22&action=&titl...
15984( 20140) 11/02/2020 15:39:07 RAD I [INFO][urlCreator]: ====>https://xxxx.domain.com/src?ctx=docEngine&file=probsummary&query=number%3%22IM363572%22&action=&titl...
15984( 20140) 11/02/2020 15:39:06 RAD I [INFO][urlCreator]: ====>https://xxxx.domain.com/src?ctx=docEngine&file=probsummary&query=number%3%22IM363572%22&action=&titl...
7440( 11732) 11/02/2020 15:39:05 RTE A Performance-7-$G.imAreas, Globallist $G.imAreas contains too many items! num=705 ; application(display), panel(show.rio)
7440( 11732) 11/02/2020 15:39:05 RTE A Performance-7-$G.imAreas.local, Globallist $G.imAreas.local contains too many items! num=705 ; application(display), panel(show.rio)
7440( 11732) 11/02/2020 15:39:05 RTE I -Memory : S(12882272) O(3118468) MAX(16000740) - MALLOC's Total(781539)
6984( 192) 11/02/2020 15:39:05 RAD I [INFO][urlCreator]: ====>https://xxxx.domain.com/src?ctx=docEngine&file=probsummary&query=number%3%22IM363572%22&action=&titl...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
inventsekar
SplunkTrust
11-04-2020
04:07 AM
from the Splunk GUI, you can create the search time field extractions..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
inventsekar
SplunkTrust
11-04-2020
03:50 AM
Hi @splunking4me .. some more details are needed.
- do you have UF--HF--indexer or no HF?
- is the logs already ingested to splunk or not yet?
- by the word "parsing", you mean the "field extraction"?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunking4me
Explorer
11-04-2020
03:59 AM
Hi inventsekar,
1. Yes HF is available
2. logs already ingested to splunk
3. yes i need field extraction with CIM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunking4me
Explorer
11-04-2020
06:05 AM
Hi,
i want to extract base on CIM
Get Updates on the Splunk Community!
Join Us for Splunk University and Get Your Bootcamp Game On!
If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...
.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!
.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...
Announcing Scheduled Export GA for Dashboard Studio
We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...
