Hello,
I am trying to create an alarm if the value of a field changes over time.
The value corresponds to the serial number of a device and I want to know how it is possible to generate an alarm if the device's serial is modified or altered.
Thanks for your help.
↧
How do I create an alarm which triggers if the value of a field changes over time?
↧
Can you help me search a yes/no field with a single checkbox token?
Dear All,
I have a YES/NO field named "FIELD2" which I want to search with a single checkbox token named "Checkbox1" , in the following way:
Checkbox1.checked = TRUE
search: index=db FIELD1= FIELD2="YES"
Checkbox2.checked = FALSE
search: index=db FIELD1= FIELD2="*"
or better
search: index=db FIELD1=
I tried with condition and match but no result.
Can someone advise "from scratch"?
best regards
Altin
↧
↧
Challenges integrating a lookup into a search
I am trying to integrate a lookup into a search with no success. My goal is to run the search, lookup the hostname or TID and compare it to the lookup table (HOSTNAME field) and return results based on matches to the ROLE field. The ROLE column in the lookup that defines whether TID is core, cpe or aggregation. Here is my search:
index=my_main "SFP receive power low alarm set"
| stats dc(date_mday) as Days, count by TID, J_Port | eval c_TID=upper(c_TID)
| where Days > 2 AND count > 49 | appendpipe [stats count | where count=0]
| rename count as "Total Errors", TID as Hostname, J_Port as Port
| sort -"Total Errors"
The lookup table file and definition are working. My difficulty is integrating it into my search.
↧
Internal Logs from Forwarders not stopped
I am trying to stop the splunkd.log and metrics.log from Windows Universal Forwarders.
Since it is a distributed environment, I deployed a small base app config to make this happen. My inputs.conf stanza looks like as follows:
[monitor://$SPLUNK_HOME\var\log\splunk\splunkd.log]
index = _internal
disabled = true
[monitor://$SPLUNK_HOME\var\log\splunk\metrics.log]
index = _internal
disabled = true
Any suggestions?
Thanks in advance.
- Akshay
↧
How do you make a search rex / regex to extract outcode from UK postcodes from a lookup table?
Hi,
Could anyone help me get further with this please? I have a list of UK post codes in my event data. They will always be in UK postcode format as per this table:
Format Example
AA9A 9AA EC1A 1BB
A9A 9AA W1A 0AX
A9 9AA M1 1AE
A99 9AA B33 8TH
AA9 9AA CR2 6XH
AA99 9AA DN55 1PT
I have got this far " search "postcode" NOT "{postcode}" | rex field=postcode "(?P\w{2}).*" |stats count by area "
And I get
area count
B1 2
B2 1
B4 1
B5 1
BB 1
BD 2
L1 20
L2 5
I have a lookup table that contains data similar to this and I have a definition that points to the file,
outcode, and postcode.
B1,B
B2,B
B3,B
B4,B
L1,L
L2,L
L3,L
S1,S
S2,S
S3,S
S4,S
I can't work out how the change my search to look at the first 1 or 2 characters and replace them if they are in the table so my end result would be:
B 5
BB 1
BD 2
L 25
I have tried rex field=postcode "(?P\b[a-zA-Z]{2}[0-9]{1}\b)" |stats count by area however that just broke down the first part into individual stats and only on postcode where the first two characters were alpha BB9, BH8 etc.....
Many thanks in advance.
Kane.
↧
↧
Can you help me integrate a lookup into a search?
I am trying to integrate a lookup into a search with no success. My goal is to run the search, lookup the hostname or TID and compare it to the lookup table (HOSTNAME field) and return results based on matches to the ROLE field. The ROLE column in the lookup that defines whether TID is core, cpe or aggregation. Here is my search:
index=my_main "SFP receive power low alarm set"
| stats dc(date_mday) as Days, count by TID, J_Port | eval c_TID=upper(c_TID)
| where Days > 2 AND count > 49 | appendpipe [stats count | where count=0]
| rename count as "Total Errors", TID as Hostname, J_Port as Port
| sort -"Total Errors"
The lookup table file and definition are working. My difficulty is integrating it into my search.
↧
how to evaluate user CPU per user id
Can we track CPU usage of users via splunk? We have users that are running lots of transactions. We are looking to determine how those transactions may affect overall CPU and what percent of the CPU is being used by those users within a set time frame.
↧
How do you evaluate user CPU per user ID?
Can we track CPU usage of users via splunk? We have users that are running lots of transactions. We are looking to determine how those transactions may affect overall CPU and what percent of the CPU is being used by those users within a set time frame.
↧
How do I index only my application data from windows event logs
Hi,
I have an application **ABC**. From application **ABC** , I'm writing my logs to Windows *Application* Event logs. I want to index only my ABC application logs, not complete my windows event logs.
Could you please help me figure out how I can index specific application event logs?
↧
↧
Best way to search for number of sessions in IIS Logs?
What is the best way to determine the number of sessions from IIS logs using search?
Fields include:
date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
I want a session to be ended if the next "view" is 30 minutes away.
Thanks.
↧
How to deploy Splunk ProofPoint Add-in?
Hi All -
I'm new with Splunk and currently just started learning the Fundamentals. I just received a request to setup and configure ProofPoint RSyslog in Splunk.
Hoping to give me more information and instruction how to setup Proofpoint add-in in Splunk.
Thank you in advance and any inputs and suggestion is highly appreciated.
↧
DB Connect 3.1.3 Java Issue?
Simple development/test setup single splunk server with DB Connect 3.1.3 installed. Installed Java 1.8_181 to the following directory:
/usr/java/jre1.8.0_181-amd64/
Set java home variables, etc. I get no error messages when I select the DB Connect app, I just get a spinning wheel. Checked the log files within the splunk directory, anyone have any guidance? Thanks.
↧
How to combine subtotals and totals in search query?
![alt text][1]
Is it possible to do this?
Should I use appendcol? multisearch? join? Please enlightened me.
Scenario: The IP below the **Sub-Total** is the "server" while the others are "clients".
I used the tutorialdata.zip of Splunk in this case but the IPs indicated are only samples.
Thank you!
[1]: /storage/temp/255026-splunkanswers.png
↧
↧
Rundeck api token value exposed in log events
Hello,
During troubleshooting, I noticed token value is exposed in clear text in some log events... That is not very good from a security perspective. Could you please fix that... below a sample event:
09-25-2018 04:42:08.751 +0000 ERROR ExecProcessor - message from "python <...>/splunk/etc/apps/rundeck_app/bin/rundeck.py" ERROR:Rundeck:rundeck://users : HTTP Request error: 400 Client Error: Bad Request for url: https:///api/18/user/list?authtoken=
Regards.
↧
Splunk top-level menu bar not visible in Rundeck app
Hello,
It looks you made a strange design choice hiding the top-level menu Splunk bar.
Once inside the Rundeck app context, it is no longer possible (easily) to access Splunk core features from top-level menu, and especially no longer possible to browse the app menu to swtich to another app.
This is very confusing for my Splunk users.
Could you please re-establish standard GUI behavior, or at least give the option to choose.
Thanks by advance.
Regards.
[1]: /storage/temp/255027-rundeck.png
↧
Earliest is the max(timestamp) from an inputlookup
We have a job which routinely creates an outputlookup containing the time (timestamp) it has completed a successful summary index. We'd like to use this information in a dashboard such that the earliest is `max(timestamp)`
idea:
index=some_index_summary earliest=the max(timestamp) from my inputlookup
↧
How to rotate introspection.log?
On a end node, how do I rotate introspection.log?
I see splunk can do it for its own logs like stdout and stderr via https://docs.splunk.com/Documentation/Splunk/7.0.2/Admin/Serverconf#Log_rotation_of_splunkd_stderr.log_.26_splunkd_stdout.log
Is there a way to do the same for introspection logs too?
↧
↧
For splunk search 7.0.0. Getting Search process did not exit cleanly, exit_code=255, description="exited with code 255".
its a distributed search head. Please find the below search.log information:
09-25-2018 06:17:18.345 INFO dispatchRunner - Search process mode: preforked (first search in process) (build c8a78efdd40f).
09-25-2018 06:17:18.346 INFO dispatchRunner - initing LicenseMgr in search process: nonPro=0
09-25-2018 06:17:18.346 INFO LicenseMgr - Initing LicenseMgr
09-25-2018 06:17:18.346 INFO LMConfig - serverName=PROD-SH-1 guid=D23FC9B5-262E-422F-81CF-45B5F5C63769
09-25-2018 06:17:18.349 INFO LMConfig - connection_timeout=30
09-25-2018 06:17:18.349 INFO LMConfig - send_timeout=30
09-25-2018 06:17:18.349 INFO LMConfig - receive_timeout=30
09-25-2018 06:17:18.349 INFO LMConfig - squash_threshold=2000
09-25-2018 06:17:18.349 INFO LMConfig - strict_pool_quota=1
09-25-2018 06:17:18.349 INFO LMConfig - key=pool_suggestion not found in licenser stanza of server.conf, defaulting=''
09-25-2018 06:17:18.349 INFO LMConfig - key=test_aws_metering not found in licenser stanza of server.conf, defaulting=0
09-25-2018 06:17:18.349 INFO LMConfig - key=test_aws_product_code not found in licenser stanza of server.conf, defaulting=0
09-25-2018 06:17:18.349 INFO LicenseMgr - Initing LicenseMgr runContext_splunkd=false
09-25-2018 06:17:18.349 INFO LMStackMgr - closing stack mgr
09-25-2018 06:17:18.349 INFO LMSlaveInfo - all slaves cleared
09-25-2018 06:17:18.349 INFO LMStackMgr - partial init only since node has remote master=https://10.33.9.9:8089
09-25-2018 06:17:18.349 INFO LicenseMgr - StackMgr init complete...
09-25-2018 06:17:18.349 INFO LMTracker - Setting default product type='enterprise'
09-25-2018 06:17:18.349 INFO LMTracker - this is not splunkd, will perform partial init
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=Acceleration state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=AdvancedSearchCommands state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=AdvancedXML state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=Alerting state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=ArchiveToHdfs state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=Auth state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=CustomRoles state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=DeployClient state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=DeployServer state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=DistSearch state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=FwdData state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=GuestPass state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=KVStore state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=LDAPAuth state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=LocalSearch state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=MultifactorAuth state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=MultisiteClustering state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=NontableLookups state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=RcvData state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=RcvSearch state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=RollingWindowAlerts state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=SAMLAuth state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=ScheduledAlerts state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=ScheduledReports state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.349 INFO LMTracker - Setting feature=ScheduledSearch state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=ScriptedAuth state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=SearchheadPooling state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=SigningProcessor state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=SplunkWeb state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=SubgroupId state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=SyslogOutputProcessor state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LMTracker - Setting feature=UnisiteClustering state=ENABLED (featureStatus=1)
09-25-2018 06:17:18.350 INFO LicenseMgr - Tracker init complete...
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'licenses'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'pools'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'stacks'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'groups'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'slaves'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'localslave'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'licensermessages'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'scriptedwarning'
09-25-2018 06:17:18.356 INFO AdminManagerDispatch - added factory for admin handler: 'licenseusage'
09-25-2018 06:17:18.357 INFO dispatchRunner - registering build time modules, count=1
09-25-2018 06:17:18.357 INFO dispatchRunner - registering search time components of build time module name=vix
09-25-2018 06:17:18.357 INFO dispatchRunner - Getting search configuration data from: /opt/splunk/etc/modules/parsing/config.xml
09-25-2018 06:17:18.360 INFO BundlesSetup - Setup stats for /opt/splunk/etc: wallclock_elapsed_msec=48, cpu_time_used=0.046992, shared_services_generation=2, shared_services_population=1
09-25-2018 06:17:18.374 INFO UserManagerPro - Load authentication: forcing roles="admin, alert_manager_user, export data role, power, user"
09-25-2018 06:17:18.378 INFO SessionManager - auth tokens will be generated with shpooling shared secret
09-25-2018 06:17:18.378 INFO UserManager - Setting user context: splunk-system-user
09-25-2018 06:17:18.378 INFO UserManager - Done setting user context: NULL -> splunk-system-user
09-25-2018 06:17:18.380 INFO UserManager - Unwound user context: splunk-system-user -> NULL
09-25-2018 06:17:18.380 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.380 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.380 INFO dispatchRunner - search context: user="admin", app="nmon", bs-pathname="/opt/splunk/etc"
09-25-2018 06:17:18.386 WARN IndexConfig - idx=_telemetry Path homePath='/opt/splunk/var/lib/splunk/_telemetry/db' (realpath '/opt/splunk/var/lib/splunk/_telemetry/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.386 WARN IndexConfig - idx=_telemetry Path coldPath='/opt/splunk/var/lib/splunk/_telemetry/colddb' (realpath '/opt/splunk/var/lib/splunk/_telemetry/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - idx=alerts Path homePath='/opt/splunk/var/lib/splunk/alerts/db' (realpath '/opt/splunk/var/lib/splunk/alerts/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - idx=alerts Path coldPath='/opt/splunk/var/lib/splunk/alerts/colddb' (realpath '/opt/splunk/var/lib/splunk/alerts/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - idx=ioc Path homePath='/opt/splunk/var/lib/splunk/iocdb/db' (realpath '/opt/splunk/var/lib/splunk/iocdb/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - idx=ioc Path coldPath='/opt/splunk/var/lib/splunk/iocdb/colddb' (realpath '/opt/splunk/var/lib/splunk/iocdb/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - Max bucket size is larger than the index size limit. Please check your index configuration. idx=main; bucket size in MB (from maxDataSize) 10240, maxDataSizeMB=1024
09-25-2018 06:17:18.387 WARN IndexConfig - idx=nmon Path homePath='/opt/splunk/var/lib/splunk/nmon/db' (realpath '/opt/splunk/var/lib/splunk/nmon/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.387 WARN IndexConfig - idx=nmon Path coldPath='/opt/splunk/var/lib/splunk/nmon/colddb' (realpath '/opt/splunk/var/lib/splunk/nmon/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.388 WARN IndexConfig - idx=threat_activity Path homePath='/opt/splunk/var/lib/splunk/threat_activitydb/db' (realpath '/opt/splunk/var/lib/splunk/threat_activitydb/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.388 WARN IndexConfig - idx=threat_activity Path coldPath='/opt/splunk/var/lib/splunk/threat_activitydb/colddb' (realpath '/opt/splunk/var/lib/splunk/threat_activitydb/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.388 WARN IndexConfig - idx=unix_summary Path homePath='/opt/splunk/var/lib/splunk/unix_summary/db' (realpath '/opt/splunk/var/lib/splunk/unix_summary/db') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by homePath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.389 WARN IndexConfig - idx=unix_summary Path coldPath='/opt/splunk/var/lib/splunk/unix_summary/colddb' (realpath '/opt/splunk/var/lib/splunk/unix_summary/colddb') is inside volume=home (path='/opt/splunk/var/lib/splunk', realpath='/opt/splunk/var/lib/splunk'), but does not reference that volume. Space used by coldPath will *not* be volume-mananged. Please check indexes.conf for configuration errors.
09-25-2018 06:17:18.390 INFO dispatchRunner - Executing the DispatchThread.
09-25-2018 06:17:18.390 INFO SearchParser - PARSING: | pivot NMON_Config Nmon_Config last(AIX_Machine_SerialNumber) AS "AIX_Machine_SerialNumber" dc(hostname) AS "dcount" SPLITROW hostname AS hostname SORT 0 hostname ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 0 | eval serialnum=if(isnull(AIX_Machine_SerialNumber), hostname, AIX_Machine_SerialNumber) | fields hostname,serialnum | stats count
09-25-2018 06:17:18.391 INFO PivotEvaluator - Loading pivot for model 'NMON_Config' and object 'Nmon_Config'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'last(AIX_Machine_SerialNumber)'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'dc(hostname)'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'SPLITROW'
09-25-2018 06:17:18.397 INFO PivotRowCol - adding row
09-25-2018 06:17:18.397 INFO PivotRowCol - next: 'AS'
09-25-2018 06:17:18.397 INFO PivotRowCol - next: 'SORT'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'SORT'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'ROWSUMMARY'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'COLSUMMARY'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'NUMCOLS'
09-25-2018 06:17:18.397 INFO PivotReport - arg: 'SHOWOTHER'
09-25-2018 06:17:18.398 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.400 INFO ISplunkDispatch - Not running in splunkd. Bundle replication not triggered.
09-25-2018 06:17:18.482 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.482 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.482 INFO TsidxStats - Using a chunk size of 10000000
09-25-2018 06:17:18.484 INFO TsidxStats - Initial expanded filtering search: '( nodename=Nmon_Config )'
09-25-2018 06:17:18.487 INFO TsidxStats - Finalized TimeBounds: final_et=1537250400.000000 final_lt=1537856238.000000 info.startTime=1537250400.000000 info.endTime=1537856238.000000
09-25-2018 06:17:18.487 INFO TsidxStats - Using summaryid="57E9834B-43B4-41D0-A3BD-042A352C4C79_DM_nmon_NMON_Config"
09-25-2018 06:17:18.487 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.487 INFO ProxyConfig - Failed to initialize http_proxy from server.conf for splunkd. Please make sure that the http_proxy property is set as http_proxy=http://host:port in case HTTP proxying needs to be enabled.
09-25-2018 06:17:18.487 INFO ProxyConfig - Failed to initialize https_proxy from server.conf for splunkd. Please make sure that the https_proxy property is set as https_proxy=http://host:port in case HTTP proxying needs to be enabled.
09-25-2018 06:17:18.487 INFO ProxyConfig - Failed to initialize the no_proxy setting from server.conf for splunkd. Please provide a valid set of no_proxy rules in case HTTP proxying needs to be enabled.
09-25-2018 06:17:18.542 INFO TsidxStats - Finished evaluating arguments for datamodel-based query
09-25-2018 06:17:18.542 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.542 INFO SearchParser - PARSING: prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.542 INFO SearchParser - PARSING: addinfo type=count label=prereport_events
09-25-2018 06:17:18.543 INFO SearchParser - PARSING: presort 0 auto("Nmon_Config.hostname")
09-25-2018 06:17:18.543 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.543 INFO StatsProcessor - No group-by fields specified, incompatible for high cardinality improvements
09-25-2018 06:17:18.543 INFO DispatchThread - BatchMode: allowBatchMode: 1, conf(1): 1, timeline/Status buckets(0):0, realtime(0):0, report pipe empty(0):0, reqTimeOrder(0):0, summarize(0):0, statefulStreaming(0):0
09-25-2018 06:17:18.543 INFO DispatchThread - required fields list to add to remote search = Nmon_Config.AIX_Machine_SerialNumber,Nmon_Config.hostname,prestats_reserved_*,psrsvd_*
09-25-2018 06:17:18.543 INFO SearchParser - PARSING: fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_*" "psrsvd_*"
09-25-2018 06:17:18.543 INFO DispatchCommandProcessor - summaryHash=513a3eee1f1aac4d summaryId=57E9834B-43B4-41D0-A3BD-042A352C4C79_nmon_admin_513a3eee1f1aac4d remoteSearch=tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_*" "psrsvd_*" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.543 INFO DispatchCommandProcessor - summaryHash=NS98be7406deb91d6f summaryId=57E9834B-43B4-41D0-A3BD-042A352C4C79_nmon_admin_NS98be7406deb91d6f remoteSearch=tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_*" "psrsvd_*" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.543 INFO DispatchThread - Getting summary ID for summaryHash=NS98be7406deb91d6f
09-25-2018 06:17:18.550 INFO DispatchThread - Did not find a usable summary_id, setting info._summary_mode=none, not modifying input summary_id=57E9834B-43B4-41D0-A3BD-042A352C4C79_nmon_admin_NS98be7406deb91d6f
09-25-2018 06:17:18.550 INFO DispatchThread - Matches no summary
09-25-2018 06:17:18.550 INFO DispatchThread - SrchOptMetrics check_query_matches_ra=69
09-25-2018 06:17:18.550 INFO SearchParser - PARSING: | tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | stats dedup_splitvals=t last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount by Nmon_Config.hostname | sort limit=0 Nmon_Config.hostname | fields - _span | rename Nmon_Config.hostname AS hostname | fillnull dcount | fields hostname, AIX_Machine_SerialNumber, dcount| eval serialnum=if(isnull(AIX_Machine_SerialNumber), hostname, AIX_Machine_SerialNumber) | fields hostname,serialnum | stats count
09-25-2018 06:17:18.550 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.550 INFO TsidxStats - Using a chunk size of 10000000
09-25-2018 06:17:18.552 INFO TsidxStats - Initial expanded filtering search: '( nodename=Nmon_Config )'
09-25-2018 06:17:18.552 INFO TsidxStats - Finished simple parsing
09-25-2018 06:17:18.552 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.552 INFO StatsProcessor - No group-by fields specified, incompatible for high cardinality improvements
09-25-2018 06:17:18.552 INFO DispatchThread - SrchOptMetrics optimize_toJson=2
09-25-2018 06:17:18.553 INFO ProjElim - Black listed processors=[addinfo]
09-25-2018 06:17:18.553 INFO AstVisitorFactory - Field=hostname will be rewritten to Field=Nmon_Config.hostname
09-25-2018 06:17:18.553 INFO AstVisitorFactory - Field=hostname will be rewritten to Field=Nmon_Config.hostname
09-25-2018 06:17:18.580 INFO DispatchThread - SrchOptMetrics optimization=28
09-25-2018 06:17:18.580 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.580 INFO SearchPipeline - Command='rename' doesnt have raw field
09-25-2018 06:17:18.580 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.580 INFO DispatchThread - Optimized Search = | tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | stats dedup_splitvals=t last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount by Nmon_Config.hostname | sort limit=0 Nmon_Config.hostname | fields - _span | rename "Nmon_Config.hostname" as hostname | fillnull dcount | fields hostname, AIX_Machine_SerialNumber, dcount | eval serialnum=if(isnull(AIX_Machine_SerialNumber),hostname,AIX_Machine_SerialNumber) | fields hostname,serialnum | stats count
09-25-2018 06:17:18.580 INFO DispatchThread - SrchOptMetrics fromJsontoSpl=1
09-25-2018 06:17:18.580 INFO SearchParser - PARSING: | tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | stats dedup_splitvals=t last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount by Nmon_Config.hostname | sort limit=0 Nmon_Config.hostname | fields - _span | rename "Nmon_Config.hostname" as hostname | fillnull dcount | fields hostname, AIX_Machine_SerialNumber, dcount | eval serialnum=if(isnull(AIX_Machine_SerialNumber),hostname,AIX_Machine_SerialNumber) | fields hostname,serialnum | stats count
09-25-2018 06:17:18.580 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.580 INFO DispatchThread - SrchOptMetrics reparse_optimized_query=1
09-25-2018 06:17:18.580 INFO TsidxStats - Using a chunk size of 10000000
09-25-2018 06:17:18.582 INFO TsidxStats - Initial expanded filtering search: '( nodename=Nmon_Config )'
09-25-2018 06:17:18.582 INFO TsidxStats - Finalized TimeBounds: final_et=1537250400.000000 final_lt=1537856238.000000 info.startTime=1537250400.000000 info.endTime=1537856238.000000
09-25-2018 06:17:18.582 INFO TsidxStats - Using summaryid="57E9834B-43B4-41D0-A3BD-042A352C4C79_DM_nmon_NMON_Config"
09-25-2018 06:17:18.582 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.582 INFO TsidxStats - Could not obtain a valid set of indexes to search
09-25-2018 06:17:18.582 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.582 INFO SearchParser - PARSING: prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.582 INFO SearchParser - PARSING: addinfo type=count label=prereport_events
09-25-2018 06:17:18.582 INFO SearchParser - PARSING: presort 0 auto("Nmon_Config.hostname")
09-25-2018 06:17:18.582 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.582 INFO StatsProcessor - No group-by fields specified, incompatible for high cardinality improvements
09-25-2018 06:17:18.582 INFO DispatchThread - BatchMode: allowBatchMode: 1, conf(1): 1, timeline/Status buckets(0):0, realtime(0):0, report pipe empty(0):0, reqTimeOrder(0):0, summarize(0):0, statefulStreaming(0):0
09-25-2018 06:17:18.582 INFO DispatchThread - required fields list to add to remote search = Nmon_Config.AIX_Machine_SerialNumber,Nmon_Config.hostname,prestats_reserved_*,psrsvd_*
09-25-2018 06:17:18.582 INFO SearchParser - PARSING: fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_*" "psrsvd_*"
09-25-2018 06:17:18.582 INFO DispatchCommandProcessor - summaryHash=513a3eee1f1aac4d summaryId=57E9834B-43B4-41D0-A3BD-042A352C4C79_nmon_admin_513a3eee1f1aac4d remoteSearch=tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_*" "psrsvd_*" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.583 INFO DispatchCommandProcessor - summaryHash=NS98be7406deb91d6f summaryId=57E9834B-43B4-41D0-A3BD-042A352C4C79_nmon_admin_NS98be7406deb91d6f remoteSearch=tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_*" "psrsvd_*" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.584 INFO DispatchThread - Setting summary_mode=NONE after optimization
09-25-2018 06:17:18.584 INFO DispatchThread - SrchOptMetrics FinalEval=4
09-25-2018 06:17:18.584 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.584 INFO UserManager - Done setting user context: admin -> admin
09-25-2018 06:17:18.585 INFO UserManager - Unwound user context: admin -> admin
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Stream search: tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_*" "psrsvd_*" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.585 INFO ExternalResultProvider - No external result providers are configured
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - ERP_FACTORY initialized, but zero external result provider, hence disabling _isERPCollectionEnabled
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Default search group:*
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer DR-IX-1 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer DR-IX-2 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer NFT-IX-1 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer NFT-IX-2 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer PROD-IX-1 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer PROD-IX-2 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.585 INFO DistributedSearchResultCollectionManager - Connecting to peer PROD-SH-1 connectAll 0 connectToSpecificPeer 1
09-25-2018 06:17:18.586 INFO ServerConfig - Using REMOTE_SERVER_NAME=57E9834B-43B4-41D0-A3BD-042A352C4C79
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Checking for localhost key pair
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Public key already exists: /opt/splunk/etc/auth/distServerKeys/trusted.pem
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Reading public key for localhost: /opt/splunk/etc/auth/distServerKeys/trusted.pem
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Finished reading public key for localhost: /opt/splunk/etc/auth/distServerKeys/trusted.pem
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Reading private key for localhost: /opt/splunk/etc/auth/distServerKeys/private.pem
09-25-2018 06:17:18.587 INFO KeyManagerLocalhost - Finished reading private key for localhost: /opt/splunk/etc/auth/distServerKeys/private.pem
09-25-2018 06:17:18.588 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=DR-IX-1 in 0.003 seconds
09-25-2018 06:17:18.590 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=DR-IX-2 in 0.003 seconds
09-25-2018 06:17:18.592 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=NFT-IX-1 in 0.003 seconds
09-25-2018 06:17:18.594 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=NFT-IX-2 in 0.003 seconds
09-25-2018 06:17:18.597 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=PROD-IX-1 in 0.003 seconds
09-25-2018 06:17:18.599 INFO DistributedSearchResultCollectionManager - Successfully created search result collector for peer=PROD-IX-2 in 0.003 seconds
09-25-2018 06:17:18.602 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.602 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.602 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.602 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.603 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.603 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.605 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.605 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.605 INFO DispatchThread - Disk quota = 10485760000
09-25-2018 06:17:18.606 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.606 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.608 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.608 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.608 INFO SearchParser - PARSING: tstats last(Nmon_Config.AIX_Machine_SerialNumber) AS AIX_Machine_SerialNumber dc(Nmon_Config.hostname) AS dcount from datamodel=NMON_Config where (nodename = Nmon_Config) groupby Nmon_Config.hostname prestats=true | addinfo type=count label=prereport_events | fields keepcolorder=t "Nmon_Config.AIX_Machine_SerialNumber" "Nmon_Config.hostname" "prestats_reserved_*" "psrsvd_*" | prestats dedup_splitvals=t distinct_count("Nmon_Config.hostname") last("Nmon_Config.AIX_Machine_SerialNumber") by "Nmon_Config.hostname"
09-25-2018 06:17:18.609 INFO TsidxStats - Using a chunk size of 10000000
09-25-2018 06:17:18.609 INFO TsidxStats - Initial expanded filtering search: '( nodename=Nmon_Config )'
09-25-2018 06:17:18.609 INFO TsidxStats - Using summaryid="57E9834B-43B4-41D0-A3BD-042A352C4C79_DM_nmon_NMON_Config"
09-25-2018 06:17:18.609 INFO SearchParser - PARSING: search (index=* OR index=_*) (eventtype=nmon:config) | eval nodename = "Nmon_Config"| rex field=_raw "(?i),host,(?P.+)" max_match=1 | rex field=_raw "(?i),version,(?P.+)" max_match=1 | rex field=_raw "(?i),command,(?P.+)" max_match=1 | rex field=_raw "(?i),OS,(?P[^,]+)" max_match=1 | rex field=_raw "AAA,cpus,(?P\\d+)" max_match=1 | rex field=_raw "AAA,cpus,\\d+,(?P\\d+)" max_match=1 | rex field=_raw "AAA,AIX,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Online\\sVirtual\\sCPUs\\s+\\:\\s(?P\\d+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,online\\sMemory,(?P\\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"\\s+Total\\sPaging\\sSpace:\\s(?P\\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sImplementation\\sMode:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sClock\\sSpeed:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"CPU\\sType:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Kernel\\sType:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Platform\\sFirmware\\slevel:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Machine\\sSerial\\sNumber:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "AAA,SerialNumber,(?P\\w+)" max_match=1 | eval AIX_Machine_SerialNumber=if(isnotnull(AIX_std_Machine_SerialNumber), AIX_std_Machine_SerialNumber, AIX_alt_Machine_SerialNumber) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Shared\\sPool\\sID\\s+\\:\\s(?P.+)\\\"" max_match=1 | eval AIX_PoolID=if(AIX_extracted_PoolID=="-","N/A" ,AIX_extracted_PoolID) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Maximum\\sPhysical\\sCPUs\\sin\\ssystem\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Active\\sPhysical\\sCPUs\\sin\\ssystem\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Active\\sCPUs\\sin\\sPool\\s+\\:\\s(?P.+)\\\"" max_match=1 | eval AIX_PoolCPUs=if(AIX_extracted_PoolCPUs=="-","N/A" ,AIX_extracted_PoolCPUs) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Entitled\\sCapacity\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sType:\\s(?P.+\\w)\\\"" max_match=1 | eval cpu_cores_combo=(AIX_virtualcpus+" / "+cpu_cores_position2), AIX_logicalcores=if(isnotnull(cpu_cores_position2), cpu_cores_position2, cpu_cores_position1) | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+cpuinfo,.+model\\sname.+:\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\\"(?!LSB_VERSION|DISTRIB|NAME|ID|VERSION)(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Description:\\s*(?.+)\\\"" max_match=1 | eval Linux_distribution=if(isnotnull(Linux_lsb_distribution), Linux_lsb_distribution, Linux_release_distribution) | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Distributor\\s*ID:\\s*(?.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Release:\\s*(?.+)\\\"" max_match=1 | eval Linux_vendor=if(isnotnull(Linux_lsb_distibutorid), Linux_lsb_distibutorid, "Undeterminated") | rex field=_raw "BBB.+,[0-9].+,lsb\\_release,\\\"Release:\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\\"MemTotal:\\s+(?P\\d+)" max_match=1 | eval Linux_memory_MB=round(Linux_memory_kB/1024,0) | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\\"SwapTotal:\\s+(?P\\d+)" max_match=1 | eval Linux_swap_MB=round(Linux_swap_kB/1024,0) | rex field=_raw "AAA,OS,Linux,(?P\\d+.\\d+).+,#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+),#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,.+,(?P.+),.+,.+" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+),.+,.+,.+" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\\"\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\\s\\-pv,\\\"\\s+(?P.+)\\s*\\(.+\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\\s\\-pv,.+clock\\s(?P.+)\\)\\\"" max_match=1 | eval OStype=case(OS == "Linux", "Linux", OS == "Solaris", "Solaris", isnotnull(AIX_LEVEL), "AIX", isnull(OS), "Unknown"), OS_Level=case(isnotnull(AIX_LEVEL), AIX_LEVEL, isnotnull(Solaris_version), Solaris_version, isnotnull(Linux_distribution), Linux_distribution), cpu_cores=if(isnotnull(AIX_virtualcpus), cpu_cores_combo, cpu_cores_position1), Processor=case(isnotnull(AIX_processor), AIX_processor, isnotnull(Solaris_processor), Solaris_processor, isnotnull(Linux_processor), Linux_processor) | rename uptime AS Nmon_Config.uptime hostname AS Nmon_Config.hostname nmon_version AS Nmon_Config.nmon_version nmon_command AS Nmon_Config.nmon_command OS AS Nmon_Config.OS cpu_cores_position1 AS Nmon_Config.cpu_cores_position1 cpu_cores_position2 AS Nmon_Config.cpu_cores_position2 AIX_LEVEL AS Nmon_Config.AIX_LEVEL AIX_virtualcpus AS Nmon_Config.AIX_virtualcpus AIX_memory_MB AS Nmon_Config.AIX_memory_MB AIX_pagingspace_MB AS Nmon_Config.AIX_pagingspace_MB AIX_processor_mode AS Nmon_Config.AIX_processor_mode AIX_processor_clockspeed AS Nmon_Config.AIX_processor_clockspeed AIX_cpu_type AS Nmon_Config.AIX_cpu_type AIX_kernel_type AS Nmon_Config.AIX_kernel_type AIX_plateform_firmware_level AS Nmon_Config.AIX_plateform_firmware_level AIX_std_Machine_SerialNumber AS Nmon_Config.AIX_std_Machine_SerialNumber AIX_alt_Machine_SerialNumber AS Nmon_Config.AIX_alt_Machine_SerialNumber AIX_Machine_SerialNumber AS Nmon_Config.AIX_Machine_SerialNumber AIX_extracted_PoolID AS Nmon_Config.AIX_extracted_PoolID AIX_PoolID AS Nmon_Config.AIX_PoolID AIX_system_installed_CPUs AS Nmon_Config.AIX_system_installed_CPUs AIX_system_active_CPUs AS Nmon_Config.AIX_system_active_CPUs AIX_extracted_PoolCPUs AS Nmon_Config.AIX_extracted_PoolCPUs AIX_PoolCPUs AS Nmon_Config.AIX_PoolCPUs AIX_entitled AS Nmon_Config.AIX_entitled AIX_processor AS Nmon_Config.AIX_processor cpu_cores_combo AS Nmon_Config.cpu_cores_combo AIX_logicalcores AS Nmon_Config.AIX_logicalcores Linux_LEVEL AS Nmon_Config.Linux_LEVEL Linux_processor AS Nmon_Config.Linux_processor Linux_release_distribution AS Nmon_Config.Linux_release_distribution Linux_lsb_distribution AS Nmon_Config.Linux_lsb_distribution Linux_distribution AS Nmon_Config.Linux_distribution Linux_lsb_distibutorid AS Nmon_Config.Linux_lsb_distibutorid Linux_lsb_releaseid AS Nmon_Config.Linux_lsb_releaseid Linux_vendor AS Nmon_Config.Linux_vendor Linux_version AS Nmon_Config.Linux_version Linux_memory_kB AS Nmon_Config.Linux_memory_kB Linux_memory_MB AS Nmon_Config.Linux_memory_MB Linux_swap_kB AS Nmon_Config.Linux_swap_kB Linux_swap_MB AS Nmon_Config.Linux_swap_MB Linux_kernelversion AS Nmon_Config.Linux_kernelversion Linux_kernel AS Nmon_Config.Linux_kernel Linux_fullkernel AS Nmon_Config.Linux_fullkernel Solaris_LEVEL AS Nmon_Config.Solaris_LEVEL Solaris_kernel AS Nmon_Config.Solaris_kernel Solaris_sunOS_version AS Nmon_Config.Solaris_sunOS_version Solaris_version AS Nmon_Config.Solaris_version Solaris_processor AS Nmon_Config.Solaris_processor Solaris_processor_clockspeed AS Nmon_Config.Solaris_processor_clockspeed OStype AS Nmon_Config.OStype OS_Level AS Nmon_Config.OS_Level cpu_cores AS Nmon_Config.cpu_cores Processor AS Nmon_Config.Processor | search ( nodename=Nmon_Config )
09-25-2018 06:17:18.610 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.637 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.638 INFO DispatchThread - SrchOptMetrics optimize_toJson=29
09-25-2018 06:17:18.639 INFO ProjElim - Black listed processors=[addinfo]
09-25-2018 06:17:18.639 INFO PredicatePushOptimizer - searchcannot be pushed through eval. Reason='nodename' is modified (Ref:'nodename')
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_LEVEL will be rewritten to Field=AIX_LEVEL
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_Machine_SerialNumber will be rewritten to Field=AIX_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_PoolCPUs will be rewritten to Field=AIX_PoolCPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_PoolID will be rewritten to Field=AIX_PoolID
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_alt_Machine_SerialNumber will be rewritten to Field=AIX_alt_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_cpu_type will be rewritten to Field=AIX_cpu_type
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_entitled will be rewritten to Field=AIX_entitled
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_extracted_PoolCPUs will be rewritten to Field=AIX_extracted_PoolCPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_extracted_PoolID will be rewritten to Field=AIX_extracted_PoolID
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_kernel_type will be rewritten to Field=AIX_kernel_type
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_logicalcores will be rewritten to Field=AIX_logicalcores
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_memory_MB will be rewritten to Field=AIX_memory_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_pagingspace_MB will be rewritten to Field=AIX_pagingspace_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_plateform_firmware_level will be rewritten to Field=AIX_plateform_firmware_level
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor will be rewritten to Field=AIX_processor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor_clockspeed will be rewritten to Field=AIX_processor_clockspeed
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor_mode will be rewritten to Field=AIX_processor_mode
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_std_Machine_SerialNumber will be rewritten to Field=AIX_std_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_system_active_CPUs will be rewritten to Field=AIX_system_active_CPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_system_installed_CPUs will be rewritten to Field=AIX_system_installed_CPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_virtualcpus will be rewritten to Field=AIX_virtualcpus
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_LEVEL will be rewritten to Field=Linux_LEVEL
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_distribution will be rewritten to Field=Linux_distribution
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_fullkernel will be rewritten to Field=Linux_fullkernel
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_kernel will be rewritten to Field=Linux_kernel
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_kernelversion will be rewritten to Field=Linux_kernelversion
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_distibutorid will be rewritten to Field=Linux_lsb_distibutorid
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_distribution will be rewritten to Field=Linux_lsb_distribution
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_releaseid will be rewritten to Field=Linux_lsb_releaseid
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_memory_MB will be rewritten to Field=Linux_memory_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_memory_kB will be rewritten to Field=Linux_memory_kB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_processor will be rewritten to Field=Linux_processor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_release_distribution will be rewritten to Field=Linux_release_distribution
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_swap_MB will be rewritten to Field=Linux_swap_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_swap_kB will be rewritten to Field=Linux_swap_kB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_vendor will be rewritten to Field=Linux_vendor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_version will be rewritten to Field=Linux_version
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.OS will be rewritten to Field=OS
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.OS_Level will be rewritten to Field=OS_Level
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.OStype will be rewritten to Field=OStype
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Processor will be rewritten to Field=Processor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_LEVEL will be rewritten to Field=Solaris_LEVEL
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_kernel will be rewritten to Field=Solaris_kernel
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_processor will be rewritten to Field=Solaris_processor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_processor_clockspeed will be rewritten to Field=Solaris_processor_clockspeed
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_sunOS_version will be rewritten to Field=Solaris_sunOS_version
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_version will be rewritten to Field=Solaris_version
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores will be rewritten to Field=cpu_cores
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_combo will be rewritten to Field=cpu_cores_combo
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_position1 will be rewritten to Field=cpu_cores_position1
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_position2 will be rewritten to Field=cpu_cores_position2
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.hostname will be rewritten to Field=hostname
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.nmon_command will be rewritten to Field=nmon_command
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.nmon_version will be rewritten to Field=nmon_version
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.uptime will be rewritten to Field=uptime
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_LEVEL will be rewritten to Field=AIX_LEVEL
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_Machine_SerialNumber will be rewritten to Field=AIX_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_PoolCPUs will be rewritten to Field=AIX_PoolCPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_PoolID will be rewritten to Field=AIX_PoolID
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_alt_Machine_SerialNumber will be rewritten to Field=AIX_alt_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_cpu_type will be rewritten to Field=AIX_cpu_type
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_entitled will be rewritten to Field=AIX_entitled
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_extracted_PoolCPUs will be rewritten to Field=AIX_extracted_PoolCPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_extracted_PoolID will be rewritten to Field=AIX_extracted_PoolID
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_kernel_type will be rewritten to Field=AIX_kernel_type
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_logicalcores will be rewritten to Field=AIX_logicalcores
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_memory_MB will be rewritten to Field=AIX_memory_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_pagingspace_MB will be rewritten to Field=AIX_pagingspace_MB
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_plateform_firmware_level will be rewritten to Field=AIX_plateform_firmware_level
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor will be rewritten to Field=AIX_processor
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor_clockspeed will be rewritten to Field=AIX_processor_clockspeed
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_processor_mode will be rewritten to Field=AIX_processor_mode
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_std_Machine_SerialNumber will be rewritten to Field=AIX_std_Machine_SerialNumber
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_system_active_CPUs will be rewritten to Field=AIX_system_active_CPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_system_installed_CPUs will be rewritten to Field=AIX_system_installed_CPUs
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.AIX_virtualcpus will be rewritten to Field=AIX_virtualcpus
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_LEVEL will be rewritten to Field=Linux_LEVEL
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_distribution will be rewritten to Field=Linux_distribution
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_fullkernel will be rewritten to Field=Linux_fullkernel
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_kernel will be rewritten to Field=Linux_kernel
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_kernelversion will be rewritten to Field=Linux_kernelversion
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_distibutorid will be rewritten to Field=Linux_lsb_distibutorid
09-25-2018 06:17:18.639 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_distribution will be rewritten to Field=Linux_lsb_distribution
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_lsb_releaseid will be rewritten to Field=Linux_lsb_releaseid
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_memory_MB will be rewritten to Field=Linux_memory_MB
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_memory_kB will be rewritten to Field=Linux_memory_kB
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_processor will be rewritten to Field=Linux_processor
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_release_distribution will be rewritten to Field=Linux_release_distribution
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_swap_MB will be rewritten to Field=Linux_swap_MB
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_swap_kB will be rewritten to Field=Linux_swap_kB
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_vendor will be rewritten to Field=Linux_vendor
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Linux_version will be rewritten to Field=Linux_version
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.OS will be rewritten to Field=OS
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.OS_Level will be rewritten to Field=OS_Level
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.OStype will be rewritten to Field=OStype
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Processor will be rewritten to Field=Processor
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_LEVEL will be rewritten to Field=Solaris_LEVEL
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_kernel will be rewritten to Field=Solaris_kernel
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_processor will be rewritten to Field=Solaris_processor
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_processor_clockspeed will be rewritten to Field=Solaris_processor_clockspeed
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_sunOS_version will be rewritten to Field=Solaris_sunOS_version
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.Solaris_version will be rewritten to Field=Solaris_version
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores will be rewritten to Field=cpu_cores
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_combo will be rewritten to Field=cpu_cores_combo
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_position1 will be rewritten to Field=cpu_cores_position1
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.cpu_cores_position2 will be rewritten to Field=cpu_cores_position2
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.hostname will be rewritten to Field=hostname
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.nmon_command will be rewritten to Field=nmon_command
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.nmon_version will be rewritten to Field=nmon_version
09-25-2018 06:17:18.640 INFO AstVisitorFactory - Field=Nmon_Config.uptime will be rewritten to Field=uptime
09-25-2018 06:17:18.640 INFO DispatchThread - SrchOptMetrics optimization=3
09-25-2018 06:17:18.640 INFO SearchPipeline - Command='search' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='search' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='eval' doesnt have raw field
09-25-2018 06:17:18.642 INFO SearchPipeline - Command='rename' doesnt have raw field
09-25-2018 06:17:18.642 INFO DispatchThread - Optimized Search = | search (eventtype=nmon:config (index=* OR index=_*)) | eval nodename="Nmon_Config"| search nodename=Nmon_Config | rex field=_raw "(?i),host,(?P.+)" max_match=1 | rex field=_raw "(?i),version,(?P.+)" max_match=1 | rex field=_raw "(?i),command,(?P.+)" max_match=1 | rex field=_raw "(?i),OS,(?P[^,]+)" max_match=1 | rex field=_raw "AAA,cpus,(?P\\d+)" max_match=1 | rex field=_raw "AAA,cpus,\\d+,(?P\\d+)" max_match=1 | rex field=_raw "AAA,AIX,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Online\\sVirtual\\sCPUs\\s+\\:\\s(?P\\d+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,online\\sMemory,(?P\\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"\\s+Total\\sPaging\\sSpace:\\s(?P\\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sImplementation\\sMode:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sClock\\sSpeed:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"CPU\\sType:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Kernel\\sType:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Platform\\sFirmware\\slevel:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Machine\\sSerial\\sNumber:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "AAA,SerialNumber,(?P\\w+)" max_match=1 | eval AIX_Machine_SerialNumber=if(isnotnull(AIX_std_Machine_SerialNumber),AIX_std_Machine_SerialNumber,AIX_alt_Machine_SerialNumber) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Shared\\sPool\\sID\\s+\\:\\s(?P.+)\\\"" max_match=1 | eval AIX_PoolID=if((AIX_extracted_PoolID == "-"),"N/A",AIX_extracted_PoolID) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Maximum\\sPhysical\\sCPUs\\sin\\ssystem\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Active\\sPhysical\\sCPUs\\sin\\ssystem\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Active\\sCPUs\\sin\\sPool\\s+\\:\\s(?P.+)\\\"" max_match=1 | eval AIX_PoolCPUs=if((AIX_extracted_PoolCPUs == "-"),"N/A",AIX_extracted_PoolCPUs) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Entitled\\sCapacity\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sType:\\s(?P.+\\w)\\\"" max_match=1 | eval cpu_cores_combo=((AIX_virtualcpus + " / ") + cpu_cores_position2), AIX_logicalcores=if(isnotnull(cpu_cores_position2),cpu_cores_position2,cpu_cores_position1) | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+cpuinfo,.+model\\sname.+:\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\\"(?!LSB_VERSION|DISTRIB|NAME|ID|VERSION)(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Description:\\s*(?.+)\\\"" max_match=1 | eval Linux_distribution=if(isnotnull(Linux_lsb_distribution),Linux_lsb_distribution,Linux_release_distribution) | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Distributor\\s*ID:\\s*(?.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Release:\\s*(?.+)\\\"" max_match=1 | eval Linux_vendor=if(isnotnull(Linux_lsb_distibutorid),Linux_lsb_distibutorid,"Undeterminated") | rex field=_raw "BBB.+,[0-9].+,lsb\\_release,\\\"Release:\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\\"MemTotal:\\s+(?P\\d+)" max_match=1 | eval Linux_memory_MB=round((Linux_memory_kB / 1024),0) | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\\"SwapTotal:\\s+(?P\\d+)" max_match=1 | eval Linux_swap_MB=round((Linux_swap_kB / 1024),0) | rex field=_raw "AAA,OS,Linux,(?P\\d+.\\d+).+,#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+),#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,.+,(?P.+),.+,.+" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+),.+,.+,.+" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\\"\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\\s\\-pv,\\\"\\s+(?P.+)\\s*\\(.+\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\\s\\-pv,.+clock\\s(?P.+)\\)\\\"" max_match=1 | eval OStype=case((OS == "Linux"),"Linux",(OS == "Solaris"),"Solaris",isnotnull(AIX_LEVEL),"AIX",isnull(OS),"Unknown"), OS_Level=case(isnotnull(AIX_LEVEL),AIX_LEVEL,isnotnull(Solaris_version),Solaris_version,isnotnull(Linux_distribution),Linux_distribution), cpu_cores=if(isnotnull(AIX_virtualcpus),cpu_cores_combo,cpu_cores_position1), Processor=case(isnotnull(AIX_processor),AIX_processor,isnotnull(Solaris_processor),Solaris_processor,isnotnull(Linux_processor),Linux_processor) | rename AIX_LEVEL as "Nmon_Config.AIX_LEVEL", AIX_Machine_SerialNumber as "Nmon_Config.AIX_Machine_SerialNumber", AIX_PoolCPUs as "Nmon_Config.AIX_PoolCPUs", AIX_PoolID as "Nmon_Config.AIX_PoolID", AIX_alt_Machine_SerialNumber as "Nmon_Config.AIX_alt_Machine_SerialNumber", AIX_cpu_type as "Nmon_Config.AIX_cpu_type", AIX_entitled as "Nmon_Config.AIX_entitled", AIX_extracted_PoolCPUs as "Nmon_Config.AIX_extracted_PoolCPUs", AIX_extracted_PoolID as "Nmon_Config.AIX_extracted_PoolID", AIX_kernel_type as "Nmon_Config.AIX_kernel_type", AIX_logicalcores as "Nmon_Config.AIX_logicalcores", AIX_memory_MB as "Nmon_Config.AIX_memory_MB", AIX_pagingspace_MB as "Nmon_Config.AIX_pagingspace_MB", AIX_plateform_firmware_level as "Nmon_Config.AIX_plateform_firmware_level", AIX_processor as "Nmon_Config.AIX_processor", AIX_processor_clockspeed as "Nmon_Config.AIX_processor_clockspeed", AIX_processor_mode as "Nmon_Config.AIX_processor_mode", AIX_std_Machine_SerialNumber as "Nmon_Config.AIX_std_Machine_SerialNumber", AIX_system_active_CPUs as "Nmon_Config.AIX_system_active_CPUs", AIX_system_installed_CPUs as "Nmon_Config.AIX_system_installed_CPUs", AIX_virtualcpus as "Nmon_Config.AIX_virtualcpus", Linux_LEVEL as "Nmon_Config.Linux_LEVEL", Linux_distribution as "Nmon_Config.Linux_distribution", Linux_fullkernel as "Nmon_Config.Linux_fullkernel", Linux_kernel as "Nmon_Config.Linux_kernel", Linux_kernelversion as "Nmon_Config.Linux_kernelversion", Linux_lsb_distibutorid as "Nmon_Config.Linux_lsb_distibutorid", Linux_lsb_distribution as "Nmon_Config.Linux_lsb_distribution", Linux_lsb_releaseid as "Nmon_Config.Linux_lsb_releaseid", Linux_memory_MB as "Nmon_Config.Linux_memory_MB", Linux_memory_kB as "Nmon_Config.Linux_memory_kB", Linux_processor as "Nmon_Config.Linux_processor", Linux_release_distribution as "Nmon_Config.Linux_release_distribution", Linux_swap_MB as "Nmon_Config.Linux_swap_MB", Linux_swap_kB as "Nmon_Config.Linux_swap_kB", Linux_vendor as "Nmon_Config.Linux_vendor", Linux_version as "Nmon_Config.Linux_version", OS as "Nmon_Config.OS", OS_Level as "Nmon_Config.OS_Level", OStype as "Nmon_Config.OStype", Processor as "Nmon_Config.Processor", Solaris_LEVEL as "Nmon_Config.Solaris_LEVEL", Solaris_kernel as "Nmon_Config.Solaris_kernel", Solaris_processor as "Nmon_Config.Solaris_processor", Solaris_processor_clockspeed as "Nmon_Config.Solaris_processor_clockspeed", Solaris_sunOS_version as "Nmon_Config.Solaris_sunOS_version", Solaris_version as "Nmon_Config.Solaris_version", cpu_cores as "Nmon_Config.cpu_cores", cpu_cores_combo as "Nmon_Config.cpu_cores_combo", cpu_cores_position1 as "Nmon_Config.cpu_cores_position1", cpu_cores_position2 as "Nmon_Config.cpu_cores_position2", hostname as "Nmon_Config.hostname", nmon_command as "Nmon_Config.nmon_command", nmon_version as "Nmon_Config.nmon_version", uptime as "Nmon_Config.uptime"
09-25-2018 06:17:18.642 INFO DispatchThread - SrchOptMetrics fromJsontoSpl=2
09-25-2018 06:17:18.643 INFO SearchParser - PARSING: | search (eventtype=nmon:config (index=* OR index=_*)) | eval nodename="Nmon_Config"| search nodename=Nmon_Config | rex field=_raw "(?i),host,(?P.+)" max_match=1 | rex field=_raw "(?i),version,(?P.+)" max_match=1 | rex field=_raw "(?i),command,(?P.+)" max_match=1 | rex field=_raw "(?i),OS,(?P[^,]+)" max_match=1 | rex field=_raw "AAA,cpus,(?P\\d+)" max_match=1 | rex field=_raw "AAA,cpus,\\d+,(?P\\d+)" max_match=1 | rex field=_raw "AAA,AIX,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Online\\sVirtual\\sCPUs\\s+\\:\\s(?P\\d+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,online\\sMemory,(?P\\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"\\s+Total\\sPaging\\sSpace:\\s(?P\\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sImplementation\\sMode:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sClock\\sSpeed:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"CPU\\sType:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Kernel\\sType:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Platform\\sFirmware\\slevel:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Machine\\sSerial\\sNumber:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "AAA,SerialNumber,(?P\\w+)" max_match=1 | eval AIX_Machine_SerialNumber=if(isnotnull(AIX_std_Machine_SerialNumber),AIX_std_Machine_SerialNumber,AIX_alt_Machine_SerialNumber) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Shared\\sPool\\sID\\s+\\:\\s(?P.+)\\\"" max_match=1 | eval AIX_PoolID=if((AIX_extracted_PoolID == "-"),"N/A",AIX_extracted_PoolID) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Maximum\\sPhysical\\sCPUs\\sin\\ssystem\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Active\\sPhysical\\sCPUs\\sin\\ssystem\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Active\\sCPUs\\sin\\sPool\\s+\\:\\s(?P.+)\\\"" max_match=1 | eval AIX_PoolCPUs=if((AIX_extracted_PoolCPUs == "-"),"N/A",AIX_extracted_PoolCPUs) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Entitled\\sCapacity\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sType:\\s(?P.+\\w)\\\"" max_match=1 | eval cpu_cores_combo=((AIX_virtualcpus + " / ") + cpu_cores_position2), AIX_logicalcores=if(isnotnull(cpu_cores_position2),cpu_cores_position2,cpu_cores_position1) | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+cpuinfo,.+model\\sname.+:\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\\"(?!LSB_VERSION|DISTRIB|NAME|ID|VERSION)(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Description:\\s*(?.+)\\\"" max_match=1 | eval Linux_distribution=if(isnotnull(Linux_lsb_distribution),Linux_lsb_distribution,Linux_release_distribution) | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Distributor\\s*ID:\\s*(?.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Release:\\s*(?.+)\\\"" max_match=1 | eval Linux_vendor=if(isnotnull(Linux_lsb_distibutorid),Linux_lsb_distibutorid,"Undeterminated") | rex field=_raw "BBB.+,[0-9].+,lsb\\_release,\\\"Release:\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\\"MemTotal:\\s+(?P\\d+)" max_match=1 | eval Linux_memory_MB=round((Linux_memory_kB / 1024),0) | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\\"SwapTotal:\\s+(?P\\d+)" max_match=1 | eval Linux_swap_MB=round((Linux_swap_kB / 1024),0) | rex field=_raw "AAA,OS,Linux,(?P\\d+.\\d+).+,#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+),#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,.+,(?P.+),.+,.+" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+),.+,.+,.+" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\\"\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\\s\\-pv,\\\"\\s+(?P.+)\\s*\\(.+\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\\s\\-pv,.+clock\\s(?P.+)\\)\\\"" max_match=1 | eval OStype=case((OS == "Linux"),"Linux",(OS == "Solaris"),"Solaris",isnotnull(AIX_LEVEL),"AIX",isnull(OS),"Unknown"), OS_Level=case(isnotnull(AIX_LEVEL),AIX_LEVEL,isnotnull(Solaris_version),Solaris_version,isnotnull(Linux_distribution),Linux_distribution), cpu_cores=if(isnotnull(AIX_virtualcpus),cpu_cores_combo,cpu_cores_position1), Processor=case(isnotnull(AIX_processor),AIX_processor,isnotnull(Solaris_processor),Solaris_processor,isnotnull(Linux_processor),Linux_processor) | rename AIX_LEVEL as "Nmon_Config.AIX_LEVEL", AIX_Machine_SerialNumber as "Nmon_Config.AIX_Machine_SerialNumber", AIX_PoolCPUs as "Nmon_Config.AIX_PoolCPUs", AIX_PoolID as "Nmon_Config.AIX_PoolID", AIX_alt_Machine_SerialNumber as "Nmon_Config.AIX_alt_Machine_SerialNumber", AIX_cpu_type as "Nmon_Config.AIX_cpu_type", AIX_entitled as "Nmon_Config.AIX_entitled", AIX_extracted_PoolCPUs as "Nmon_Config.AIX_extracted_PoolCPUs", AIX_extracted_PoolID as "Nmon_Config.AIX_extracted_PoolID", AIX_kernel_type as "Nmon_Config.AIX_kernel_type", AIX_logicalcores as "Nmon_Config.AIX_logicalcores", AIX_memory_MB as "Nmon_Config.AIX_memory_MB", AIX_pagingspace_MB as "Nmon_Config.AIX_pagingspace_MB", AIX_plateform_firmware_level as "Nmon_Config.AIX_plateform_firmware_level", AIX_processor as "Nmon_Config.AIX_processor", AIX_processor_clockspeed as "Nmon_Config.AIX_processor_clockspeed", AIX_processor_mode as "Nmon_Config.AIX_processor_mode", AIX_std_Machine_SerialNumber as "Nmon_Config.AIX_std_Machine_SerialNumber", AIX_system_active_CPUs as "Nmon_Config.AIX_system_active_CPUs", AIX_system_installed_CPUs as "Nmon_Config.AIX_system_installed_CPUs", AIX_virtualcpus as "Nmon_Config.AIX_virtualcpus", Linux_LEVEL as "Nmon_Config.Linux_LEVEL", Linux_distribution as "Nmon_Config.Linux_distribution", Linux_fullkernel as "Nmon_Config.Linux_fullkernel", Linux_kernel as "Nmon_Config.Linux_kernel", Linux_kernelversion as "Nmon_Config.Linux_kernelversion", Linux_lsb_distibutorid as "Nmon_Config.Linux_lsb_distibutorid", Linux_lsb_distribution as "Nmon_Config.Linux_lsb_distribution", Linux_lsb_releaseid as "Nmon_Config.Linux_lsb_releaseid", Linux_memory_MB as "Nmon_Config.Linux_memory_MB", Linux_memory_kB as "Nmon_Config.Linux_memory_kB", Linux_processor as "Nmon_Config.Linux_processor", Linux_release_distribution as "Nmon_Config.Linux_release_distribution", Linux_swap_MB as "Nmon_Config.Linux_swap_MB", Linux_swap_kB as "Nmon_Config.Linux_swap_kB", Linux_vendor as "Nmon_Config.Linux_vendor", Linux_version as "Nmon_Config.Linux_version", OS as "Nmon_Config.OS", OS_Level as "Nmon_Config.OS_Level", OStype as "Nmon_Config.OStype", Processor as "Nmon_Config.Processor", Solaris_LEVEL as "Nmon_Config.Solaris_LEVEL", Solaris_kernel as "Nmon_Config.Solaris_kernel", Solaris_processor as "Nmon_Config.Solaris_processor", Solaris_processor_clockspeed as "Nmon_Config.Solaris_processor_clockspeed", Solaris_sunOS_version as "Nmon_Config.Solaris_sunOS_version", Solaris_version as "Nmon_Config.Solaris_version", cpu_cores as "Nmon_Config.cpu_cores", cpu_cores_combo as "Nmon_Config.cpu_cores_combo", cpu_cores_position1 as "Nmon_Config.cpu_cores_position1", cpu_cores_position2 as "Nmon_Config.cpu_cores_position2", hostname as "Nmon_Config.hostname", nmon_command as "Nmon_Config.nmon_command", nmon_version as "Nmon_Config.nmon_version", uptime as "Nmon_Config.uptime"
09-25-2018 06:17:18.662 INFO SearchProcessor - Building search filter
09-25-2018 06:17:18.693 INFO LookupOperator - Using wildcard matching for field 'host' in lookup table 'dropdownsLookup'
09-25-2018 06:17:18.693 INFO LookupOperator - Loading lookup table='dropdownsLookup', file size=2301, modtime=1537833607
09-25-2018 06:17:18.694 INFO LookupOperator - Loading lookup table='nix_endpoint_change_action_lookup', file size=186, modtime=1500632298
09-25-2018 06:17:18.694 INFO LookupOperator - Loading lookup table='nix_endpoint_change_fs_notification_object_category_lookup', file size=57, modtime=1500632298
09-25-2018 06:17:18.694 INFO LookupOperator - Loading lookup table='nix_action_lookup', file size=413, modtime=1500632298
09-25-2018 06:17:18.695 INFO LookupOperator - Loading lookup table='nmon_inventory', file size=0, modtime=1537855205
09-25-2018 06:17:18.695 INFO LookupOperator - Loading lookup table='ossec_action_lookup', file size=779, modtime=1500632289
09-25-2018 06:17:18.695 INFO LookupOperator - Loading lookup table='ossec_object_category_lookup', file size=217, modtime=1500632289
09-25-2018 06:17:18.695 INFO LookupOperator - Loading lookup table='ossec_severities_lookup', file size=180, modtime=1500632289
09-25-2018 06:17:18.696 INFO LookupOperator - Loading lookup table='rsa_securid_change_status_lookup', file size=54, modtime=1500632290
09-25-2018 06:17:18.696 INFO LookupOperator - Loading lookup table='rsa_securid_severity_lookup_lookup', file size=84, modtime=1500632290
09-25-2018 06:17:18.696 INFO LookupOperator - Loading lookup table='rsa_securid_actions_lookup', file size=137, modtime=1500632290
09-25-2018 06:17:18.698 INFO LookupOperator - Using wildcard matching for field 'category_id' in lookup table 'websense_categories_lookup'
09-25-2018 06:17:18.698 INFO LookupOperator - Loading lookup table='websense_categories_lookup', file size=6061, modtime=1500632291
09-25-2018 06:17:18.698 INFO LookupOperator - Loading lookup table='websense_action_lookup', file size=54, modtime=1500632291
09-25-2018 06:17:18.698 INFO LookupOperator - Using wildcard matching for field 'status' in lookup table 'websense_http_statuses_lookup'
09-25-2018 06:17:18.698 INFO LookupOperator - Loading lookup table='websense_http_statuses_lookup', file size=1355, modtime=1500632291
09-25-2018 06:17:18.699 INFO LookupOperator - Loading lookup table='websense_severity_lookup', file size=119, modtime=1500632291
09-25-2018 06:17:18.906 INFO UnifiedSearch - Expanded index search = (index=nmon sourcetype=nmon_config (index=* OR index=_*))
09-25-2018 06:17:18.906 INFO UnifiedSearch - base lispy: [ AND index::nmon sourcetype::nmon_config [ OR index::* index::_* ] ]
09-25-2018 06:17:18.908 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.908 INFO UserManager - Done setting user context: admin -> admin
09-25-2018 06:17:18.908 INFO FastSearchFilter - Finished initializing IndexScopedFilter - trivial=0, nTerms=0, oTerms=0, host=0, source=0, sourcetype=1, linecount=0 exactCustomCmp=0
09-25-2018 06:17:18.908 INFO UserManager - Unwound user context: admin -> admin
09-25-2018 06:17:18.908 INFO BatchSearch - Using Batch Search
09-25-2018 06:17:18.908 INFO BatchSearch - Clearing any DDM references
09-25-2018 06:17:18.908 INFO BatchSearch - index: nmon dbsize=0
09-25-2018 06:17:18.908 INFO UnifiedSearch - Initialization of search data structures took 3 ms
09-25-2018 06:17:18.909 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.909 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.910 INFO SearchParser - PARSING: litsearch (index=nmon sourcetype=nmon_config (index=* OR index=_*)) | eval nodename="Nmon_Config" | search nodename=Nmon_Config | rex field=_raw "(?i),host,(?P.+)" max_match=1 | rex field=_raw "(?i),version,(?P.+)" max_match=1 | rex field=_raw "(?i),command,(?P.+)" max_match=1 | rex field=_raw "(?i),OS,(?P[^,]+)" max_match=1 | rex field=_raw "AAA,cpus,(?P\\d+)" max_match=1 | rex field=_raw "AAA,cpus,\\d+,(?P\\d+)" max_match=1 | rex field=_raw "AAA,AIX,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Online\\sVirtual\\sCPUs\\s+\\:\\s(?P\\d+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,online\\sMemory,(?P\\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"\\s+Total\\sPaging\\sSpace:\\s(?P\\d+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sImplementation\\sMode:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sClock\\sSpeed:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"CPU\\sType:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Kernel\\sType:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Platform\\sFirmware\\slevel:\\s(?P.+\\w)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Machine\\sSerial\\sNumber:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "AAA,SerialNumber,(?P\\w+)" max_match=1 | eval AIX_Machine_SerialNumber=if(isnotnull(AIX_std_Machine_SerialNumber),AIX_std_Machine_SerialNumber,AIX_alt_Machine_SerialNumber) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Shared\\sPool\\sID\\s+\\:\\s(?P.+)\\\"" max_match=1 | eval AIX_PoolID=if((AIX_extracted_PoolID == "-"),"N/A",AIX_extracted_PoolID) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Maximum\\sPhysical\\sCPUs\\sin\\ssystem\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Active\\sPhysical\\sCPUs\\sin\\ssystem\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Active\\sCPUs\\sin\\sPool\\s+\\:\\s(?P.+)\\\"" max_match=1 | eval AIX_PoolCPUs=if((AIX_extracted_PoolCPUs == "-"),"N/A",AIX_extracted_PoolCPUs) | rex field=_raw "BBB.+,[0-9].+,lparstat.+,\\\"Entitled\\sCapacity\\s+\\:\\s(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsconf,\\\"Processor\\sType:\\s(?P.+\\w)\\\"" max_match=1 | eval cpu_cores_combo=((AIX_virtualcpus + " / ") + cpu_cores_position2), AIX_logicalcores=if(isnotnull(cpu_cores_position2),cpu_cores_position2,cpu_cores_position1) | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "BBB.+,[0-9].+cpuinfo,.+model\\sname.+:\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\\"(?!LSB_VERSION|DISTRIB|NAME|ID|VERSION)(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Description:\\s*(?.+)\\\"" max_match=1 | eval Linux_distribution=if(isnotnull(Linux_lsb_distribution),Linux_lsb_distribution,Linux_release_distribution) | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Distributor\\s*ID:\\s*(?.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,lsb_release,\\\"Release:\\s*(?.+)\\\"" max_match=1 | eval Linux_vendor=if(isnotnull(Linux_lsb_distibutorid),Linux_lsb_distibutorid,"Undeterminated") | rex field=_raw "BBB.+,[0-9].+,lsb\\_release,\\\"Release:\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\\"MemTotal:\\s+(?P\\d+)" max_match=1 | eval Linux_memory_MB=round((Linux_memory_kB / 1024),0) | rex field=_raw "BBB.+,[0-9].+,.proc.meminfo,\\\"SwapTotal:\\s+(?P\\d+)" max_match=1 | eval Linux_swap_MB=round((Linux_swap_kB / 1024),0) | rex field=_raw "AAA,OS,Linux,(?P\\d+.\\d+).+,#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+),#" max_match=1 | rex field=_raw "AAA,OS,Linux,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+)" max_match=1 | rex field=_raw "AAA,OS,Solaris,.+,(?P.+),.+,.+" max_match=1 | rex field=_raw "AAA,OS,Solaris,(?P.+),.+,.+,.+" max_match=1 | rex field=_raw "BBB.+,[0-9].+,.+etc+.release,\\\"\\s+(?P.+)\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\\s\\-pv,\\\"\\s+(?P.+)\\s*\\(.+\\\"" max_match=1 | rex field=_raw "BBB.+,[0-9].+psrinfo\\s\\-pv,.+clock\\s(?P.+)\\)\\\"" max_match=1 | eval OStype=case((OS == "Linux"),"Linux",(OS == "Solaris"),"Solaris",isnotnull(AIX_LEVEL),"AIX",isnull(OS),"Unknown"), OS_Level=case(isnotnull(AIX_LEVEL),AIX_LEVEL,isnotnull(Solaris_version),Solaris_version,isnotnull(Linux_distribution),Linux_distribution), cpu_cores=if(isnotnull(AIX_virtualcpus),cpu_cores_combo,cpu_cores_position1), Processor=case(isnotnull(AIX_processor),AIX_processor,isnotnull(Solaris_processor),Solaris_processor,isnotnull(Linux_processor),Linux_processor) | rename AIX_LEVEL as "Nmon_Config.AIX_LEVEL", AIX_Machine_SerialNumber as "Nmon_Config.AIX_Machine_SerialNumber", AIX_PoolCPUs as "Nmon_Config.AIX_PoolCPUs", AIX_PoolID as "Nmon_Config.AIX_PoolID", AIX_alt_Machine_SerialNumber as "Nmon_Config.AIX_alt_Machine_SerialNumber", AIX_cpu_type as "Nmon_Config.AIX_cpu_type", AIX_entitled as "Nmon_Config.AIX_entitled", AIX_extracted_PoolCPUs as "Nmon_Config.AIX_extracted_PoolCPUs", AIX_extracted_PoolID as "Nmon_Config.AIX_extracted_PoolID", AIX_kernel_type as "Nmon_Config.AIX_kernel_type", AIX_logicalcores as "Nmon_Config.AIX_logicalcores", AIX_memory_MB as "Nmon_Config.AIX_memory_MB", AIX_pagingspace_MB as "Nmon_Config.AIX_pagingspace_MB", AIX_plateform_firmware_level as "Nmon_Config.AIX_plateform_firmware_level", AIX_processor as "Nmon_Config.AIX_processor", AIX_processor_clockspeed as "Nmon_Config.AIX_processor_clockspeed", AIX_processor_mode as "Nmon_Config.AIX_processor_mode", AIX_std_Machine_SerialNumber as "Nmon_Config.AIX_std_Machine_SerialNumber", AIX_system_active_CPUs as "Nmon_Config.AIX_system_active_CPUs", AIX_system_installed_CPUs as "Nmon_Config.AIX_system_installed_CPUs", AIX_virtualcpus as "Nmon_Config.AIX_virtualcpus", Linux_LEVEL as "Nmon_Config.Linux_LEVEL", Linux_distribution as "Nmon_Config.Linux_distribution", Linux_fullkernel as "Nmon_Config.Linux_fullkernel", Linux_kernel as "Nmon_Config.Linux_kernel", Linux_kernelversion as "Nmon_Config.Linux_kernelversion", Linux_lsb_distibutorid as "Nmon_Config.Linux_lsb_distibutorid", Linux_lsb_distribution as "Nmon_Config.Linux_lsb_distribution", Linux_lsb_releaseid as "Nmon_Config.Linux_lsb_releaseid", Linux_memory_MB as "Nmon_Config.Linux_memory_MB", Linux_memory_kB as "Nmon_Config.Linux_memory_kB", Linux_processor as "Nmon_Config.Linux_processor", Linux_release_distribution as "Nmon_Config.Linux_release_distribution", Linux_swap_MB as "Nmon_Config.Linux_swap_MB", Linux_swap_kB as "Nmon_Config.Linux_swap_kB", Linux_vendor as "Nmon_Config.Linux_vendor", Linux_version as "Nmon_Config.Linux_version", OS as "Nmon_Config.OS", OS_Level as "Nmon_Config.OS_Level", OStype as "Nmon_Config.OStype", Processor as "Nmon_Config.Processor", Solaris_LEVEL as "Nmon_Config.Solaris_LEVEL", Solaris_kernel as "Nmon_Config.Solaris_kernel", Solaris_processor as "Nmon_Config.Solaris_processor", Solaris_processor_clockspeed as "Nmon_Config.Solaris_processor_clockspeed", Solaris_sunOS_version as "Nmon_Config.Solaris_sunOS_version", Solaris_version as "Nmon_Config.Solaris_version", cpu_cores as "Nmon_Config.cpu_cores", cpu_cores_combo as "Nmon_Config.cpu_cores_combo", cpu_cores_position1 as "Nmon_Config.cpu_cores_position1", cpu_cores_position2 as "Nmon_Config.cpu_cores_position2", hostname as "Nmon_Config.hostname", nmon_command as "Nmon_Config.nmon_command", nmon_version as "Nmon_Config.nmon_version", uptime as "Nmon_Config.uptime"
09-25-2018 06:17:18.929 INFO LookupOperator - Using wildcard matching for field 'host' in lookup table 'dropdownsLookup'
09-25-2018 06:17:18.929 INFO LookupOperator - Loading lookup table='dropdownsLookup', file size=2301, modtime=1537833607
09-25-2018 06:17:18.930 INFO LookupOperator - Loading lookup table='nix_endpoint_change_action_lookup', file size=186, modtime=1500632298
09-25-2018 06:17:18.930 INFO LookupOperator - Loading lookup table='nix_endpoint_change_fs_notification_object_category_lookup', file size=57, modtime=1500632298
09-25-2018 06:17:18.930 INFO LookupOperator - Loading lookup table='nix_action_lookup', file size=413, modtime=1500632298
09-25-2018 06:17:18.931 INFO LookupOperator - Loading lookup table='nmon_inventory', file size=0, modtime=1537855205
09-25-2018 06:17:18.931 INFO LookupOperator - Loading lookup table='ossec_action_lookup', file size=779, modtime=1500632289
09-25-2018 06:17:18.931 INFO LookupOperator - Loading lookup table='ossec_object_category_lookup', file size=217, modtime=1500632289
09-25-2018 06:17:18.931 INFO LookupOperator - Loading lookup table='ossec_severities_lookup', file size=180, modtime=1500632289
09-25-2018 06:17:18.932 INFO LookupOperator - Loading lookup table='rsa_securid_change_status_lookup', file size=54, modtime=1500632290
09-25-2018 06:17:18.932 INFO LookupOperator - Loading lookup table='rsa_securid_severity_lookup_lookup', file size=84, modtime=1500632290
09-25-2018 06:17:18.932 INFO LookupOperator - Loading lookup table='rsa_securid_actions_lookup', file size=137, modtime=1500632290
09-25-2018 06:17:18.934 INFO LookupOperator - Using wildcard matching for field 'category_id' in lookup table 'websense_categories_lookup'
09-25-2018 06:17:18.934 INFO LookupOperator - Loading lookup table='websense_categories_lookup', file size=6061, modtime=1500632291
09-25-2018 06:17:18.934 INFO LookupOperator - Loading lookup table='websense_action_lookup', file size=54, modtime=1500632291
09-25-2018 06:17:18.934 INFO LookupOperator - Using wildcard matching for field 'status' in lookup table 'websense_http_statuses_lookup'
09-25-2018 06:17:18.934 INFO LookupOperator - Loading lookup table='websense_http_statuses_lookup', file size=1355, modtime=1500632291
09-25-2018 06:17:18.935 INFO LookupOperator - Loading lookup table='websense_severity_lookup', file size=119, modtime=1500632291
09-25-2018 06:17:18.937 INFO SearchParser - PARSING: typer | tags
09-25-2018 06:17:18.962 INFO FastTyper - found nodes count: comparisons=100, unique_comparisons=61, terms=4, unique_terms=4, phrases=12, unique_phrases=12, total leaves=116
09-25-2018 06:17:18.970 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.970 INFO UserManager - Done setting user context: admin -> admin
09-25-2018 06:17:18.970 INFO FastSearchFilter - Finished initializing IndexScopedFilter - trivial=0, nTerms=0, oTerms=0, host=0, source=0, sourcetype=1, linecount=0 exactCustomCmp=0
09-25-2018 06:17:18.970 INFO UserManager - Unwound user context: admin -> admin
09-25-2018 06:17:18.970 INFO BatchSearch - Using Batch Search
09-25-2018 06:17:18.970 INFO BatchSearch - Clearing any DDM references
09-25-2018 06:17:18.970 INFO BatchSearch - index: nmon dbsize=0
09-25-2018 06:17:18.970 INFO UnifiedSearch - Initialization of search data structures took 34 ms
09-25-2018 06:17:18.970 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.970 INFO UnifiedSearch - Processed search targeting arguments
09-25-2018 06:17:18.972 INFO SortOperator - maxmem = 209715200
09-25-2018 06:17:18.972 INFO TsidxStats - Getting buckets for index=nmon
09-25-2018 06:17:18.972 INFO TsidxStats - Using lispy:[ AND nodename::nmon_config ] query_et=1537250400 query_lt=1537856237 info._startTime=1537250400.000000 info._endTime=1537856238.000000
09-25-2018 06:17:18.972 INFO TsidxStats - Sorting 0 buckets in time descending order
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='(?::){0}*_app_logs' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='(?i)source::....zip(.\d+)?' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='127.0.0.1' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='ActiveDirectory' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='New Text Document-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='PerformanceMonitor' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='Unix:UserAccounts' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='WinNetMonMk' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='WinPrintMon' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='WinRegistry' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='WinWinHostMon' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='__singleline' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='_json' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='access_combined' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='access_combined_wcookie' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='access_common' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager-7' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_controllers-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_eventhandler-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_incidentcontext-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_notifications-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_suppression_helper-2' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_manager_suppression_helper-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_metadata' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='alert_results' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='anaconda' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='anaconda_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='apache_error' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='asterisk_cdr' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='asterisk_event' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='asterisk_messages' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='asterisk_queue' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='backup_file' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='batch_scripts' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='breakable_text' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='catalina' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='checksplunk' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='cisco:asa' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='cisco_cdr' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='cisco_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='clavister' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='collectd_http' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='csv' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='cups_access' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='cups_error' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='db2_diag' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='default' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='delayedrule::breakable_text' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='delayedrule::syslog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='django_access' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='django_error' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='django_service' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='dmesg' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='exchange' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='exim_main' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='exim_reject' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='export_metrics-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='fileTrackerCrcLog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='first_install-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='nix_endpoint_change_action_lookup' for conf='fs_notification' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='fs_notification' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='nix_endpoint_change_fs_notification_object_category_lookup' for conf='fs_notification' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='ftp' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='generic_single_line' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='http_event_collector_metrics' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='ignored_type' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='iis' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='incident_change' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='jenkins-14' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='json_no_timestamp' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='known_binary' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='kvstore' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='lastlog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='linux_audit' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='linux_bootlog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='linux_messages_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='nix_action_lookup' for conf='linux_secure' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='linux_secure' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='log4j' because the output fields are not referenced.
09-25-2018 06:17:18.983 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='log4net_xml' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='log4php' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='manpage' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='metrics_csv' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='middleware_app_logs' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='midtier_app_logs' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='misc_text' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mobile_access' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mongod' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mysql_slow' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mysqld' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mysqld_bin' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='mysqld_error' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_clean:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_collect:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_config' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_config:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='nmon_inventory' for conf='nmon_data' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_data' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_data:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_processing' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='nmon_processing:fromsyslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='novell_groupwise' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='openioc' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='oracletype' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='ossec_action_lookup' for conf='ossec' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='ossec' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='ossec_object_category_lookup' for conf='ossec' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='ossec_severities_lookup' for conf='ossec' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_asl' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_crash_log' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_crashreporter' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_daily' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_install' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_monthly' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='nix_action_lookup' for conf='osx_secure' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_secure' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_weekly' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='osx_window_server' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='paladin-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='pdfgen-2' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='pdfgen-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='postfix_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-Z' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-bzip' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-gzip' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-tar' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-targz' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-winevt' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='preprocess-zip' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='procmail' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='psv' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-10' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-11' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-12' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-13' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-2' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-3' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-4' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-5' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-6' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-7' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-8' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-9' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-10' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-2' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-3' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-4' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-5' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-6' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-7' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-8' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='python_modular_input.log-9' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rpmpkgs' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_change_status_lookup' for conf='rsa:securid:admin:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_severity_lookup_lookup' for conf='rsa:securid:admin:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rsa:securid:admin:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_actions_lookup' for conf='rsa:securid:runtime:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_change_status_lookup' for conf='rsa:securid:runtime:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_severity_lookup_lookup' for conf='rsa:securid:runtime:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rsa:securid:runtime:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rsa:securid:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='rsa_securid_severity_lookup_lookup' for conf='rsa:securid:system:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rsa:securid:system:syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='ruby_on_rails' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::access_combined' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::access_combined_wcookie' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::access_common' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::exim_main' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::postfix_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::sendmail_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='rule::snort' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='sar' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='scHeadlinesHandler-too_small' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='scheduler' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='searches' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='sendmail_syslog' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='simontest' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='snort' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='source::(?:::){0}*invocationEvents.log' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='source::...((.(bak|old))|,v|~|#)' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='source::....(0t|a|ali|asa|au|bmp|cg|cgi|class|d|dat|deb|del|dot|dvi|dylib|elc|eps|exe|ftn|gif|hlp|hqx|hs|icns|ico|inc|iso|jame|jin|jpeg|jpg|kml|la|lhs|lib|lo|lock|mcp|mid|mp3|mpg|msf|nib|o|obj|odt|ogg|ook|opt|os|pal|pbm|pdf|pem|pgm|plo|png|po|pod|pp|ppd|ppm|ppt|prc|ps|psd|psym|pyc|pyd|rast|rb|rde|rdf|rdr|rgb|ro|rpm|rsrc|so|ss|stg|strings|tdt|tif|tiff|tk|uue|vhd|xbm|xlb|xls|xlw)' because the output fields are not referenced.
09-25-2018 06:17:18.984 INFO LookupOperator - Disabling automatic lookup of table='dropdownsLookup' for conf='source::....(? NULL
09-25-2018 06:17:18.996 INFO UserManager - Setting user context: admin
09-25-2018 06:17:18.996 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:18.996 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:19.011 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:19.013 INFO UserManager - Setting user context: admin
09-25-2018 06:17:19.013 INFO UserManager - Done setting user context: NULL -> admin
09-25-2018 06:17:19.013 INFO UserManager - Unwound user context: admin -> NULL
09-25-2018 06:17:19.013 INFO DispatchManager - DispatchManager::dispatchHasFinished(id='admin__admin__nmon__RMD50bf1c9c79bc13548_at_1537856238_13363_D23FC9B5-262E-422F-81CF-45B5F5C63769', username='admin')
09-25-2018 06:17:19.018 INFO UserManager - Unwound user context: admin -> NULL
↧
Cisco WLC syslog integration
Hi folks
I have been trying to get specific information from a Cisco WLC device (CT 5520) (which I can see in the Cisco console) written into syslog, but have been unsuccessful. I have tried changing the various facilities, but nothing has helped.
If there is anyone who has faced this before and / or is aware of how to get the information to flow through to syslog, would greatly appreciate your assistance, Thank you
Have attached the information/metrics that needs to be passed onto splunk from WLC device.
![alt text][2]
[1]: /storage/temp/255028-image2.png
[2]: /storage/temp/255029-screen-shot-2018-09-24-at-125050-pm.png
↧
Lastpass - TimeZone
Hi! Just noticed that the timezone settings in props.conf is set to PDT.
Might be worth changing if you are in different parts of the world :)
Could probably include it as an option in the setup to set it accordingly?
↧