If it performs its own queries, is that configurable? Will changing the order of entries in /etc/nf require restarting Splunk? While the logs are being written with host=, these alerts will never trigger.ĭo I need to change the order of my dns servers listed in /etc/nf prior to rebooting my DNS servers? Or should I expect splunk to seamlessly send queries to the 2nd DNS to get a response?ĭoes splunk perform it's own DNS queries or does it rely on the underlying OS? This breaks my alerting because my alerts are (mostly) defined by hostnames, for examplle: Every month, when I patch and reboot these Windows servers - which I do sequentially, Splunk writes logs to the database where host= instead of host=. My DNS servers are a pair of Windows Server 2008 domain controllers. Now the issue is, that the system recognizes the fields but does not treat them as multi-value fields. My nf looks like this: įIELDS = "field1","field2","field3","field4","field5" I need to extract multi-value fields (shown as FRAG's below) I have encountered an issue with SOURCE_KEY and MV_ADD I also figured out I can run this on the command to reproduce the same error: bin]$ python jmx.py -validate-arguments < config/weblogic_banapps.xml ERROR Error parsing XML : null Basically, what I did was take config.xml, copy it, and modified the first 'jmxserver' element to look like this: Īny ideas on where else I can go to get more info on the error so I can correct it? I have the schema doc and ensured the right values are present. I have validated and re-validate the config XML multiple times. Trying to get the JMX input running, and the following is being reported in the splunkd.log: 6-05-2014 03:15:47.837 -0700 ERROR ExecProcessor - message from "python /opt/splunk-home/splunk/etc/apps/jmx_ta/bin/jmx.py" Error parsing XML : nullĠ6-05-2014 03:15:47.839 -0700 ERROR ExecProcessor - message from "python /opt/splunk-home/splunk/etc/apps/jmx_ta/bin/jmx.py" Error executing modular input : null
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |