Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all 47296 articles
Browse latest View live

Charting results by a _time bucket, a calculated percentage of a count of events flagged in the bucket, in separate series on one chart

September 21, 2017, 7:29 pm
$
0
0
I have stats results from a search which form what amounts to a transaction per row on the order of several thousands of rows per hour. The transaction has relevant for this chart the following: _time, a flag "RED" or "GREEN", and a location code which is one of several codes. I want to bin _time by the hour and display a percentage as GREEN/(RED+GREEN) on a line graph with a line for each location in the series. This basically calculates the performance per location based on a percentage on the hour over time. I've tried several things and it's just not working, so maybe someone can shortcut me here. simplified example for a time bucket 12345: _time location_code flag 12345 A GREEN 12345 A GREEN 12345 A RED 12345 B RED 12345 C GREEN 12345 C GREEN Thanks!
Search

HTTPS collector not receiving items from scrape?

September 22, 2017, 12:30 am
$
0
0
Using Splunk enterprise. https://45.55.161.5:8000/en-US/app/launcher/home A HTTPS event collector is listening on 8088 with token DB84F19F-B2F1-4B89-BB38-643DFB641B34 From source, this code is trying to send JSON to Spunk. But Splunk does not receive. Can anyone help to get this right? Thanks import requests import json url = 'http://45.55.161.5:8088/services/collector/event' payload = { "Test": "Splunk ", } headers = { "Authorization": "Splunk DB84F19F-B2F1-4B89-BB38-643DFB641B34", } r = requests.post(url, data=json.dumps(payload), headers=headers) print(r.content)

Compare field with lookup

September 22, 2017, 1:06 am
$
0
0
Hi I have a lookup table containg the host name and a software version hostlookup.csv hostname,version hostA,2 hostB,2 hostC,3 Each host is sending the current installed software version each 5 min to splunk. How can I create a table like this. I Iike to compare if a host has installed the right software version. hostname, installed_version, expected_version, result hostA, 2, 2, OK hostB, 3, 2, WRONG hostC, 2, 3, WRONG

Forwarding and receiving no WinEventLog on Application, Security etc except Setup

September 22, 2017, 1:43 am
$
0
0
My forwarder's conf: Input: [default] host = IE8Win7 [script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path] disabled = 0 [WinEventLog://Application] disabled = 0 [WinEventLog://Security] disabled = 0 [WinEventLog://System] disabled = 0 Output: [tcpout] defaultGroup = default-autolb-group [tcpout:default-autolb-group] server = 192.168.0.1:9998 [tcpout-server://192.168.0.1:9998] My receiver is set to listen on port 9998. But in my Splunk Search & Reporting, it only shows WinEventLog:Setup in my Sourcetype and Source.

Splunk Enterprise maximum local users?

September 22, 2017, 2:27 am
$
0
0
Hi Could not find a setting in limits.conf OR authentication.conf. But is there a maximum number of local users we can create in a Splunk Enterprise instance? Thanks.

Moniotoring a specific process in windows using splunk forwarders

September 22, 2017, 2:28 am
$
0
0
I want to monitor a specific process in windows server using splunk forwarders. for example. our servers will run a specific application as multiple process. (3 to 4 process). I need to monitor the performance and memory usage of those process.

IBM Common Data Provider for z Systems (mainframe): How to integrate to Splunk?

September 22, 2017, 3:02 am
$
0
0
I've seen multiple posts and links to say about integration of mainframe to Splunk. I can see lot of theory and functionalities, but want to see how practically things are done, if you have any hands-on experience with the common data provider 1. Common data provider: Is it a package for z-systems which IBM have to install on each mainframe servers or on specific master server? 2. How costly are they? Or is it part of the support package for z-systems? 3. How the data is pushed from the "Data Streamer" component of z-system to Splunk? via syslog? 4. Is there a TA/data format example for these type of data streamed from z-systems? I feel the SplunkBase app is just an advertisement, which takes it to IBM website but no practical examples in it.

why Splunk is crashing with error "Crashing thread: TcpChannelThread"?

September 21, 2017, 5:58 pm
$
0
0
Splunk is crashing. The following is the crash log. Could you tell me why splunk is crashing? (2 time) Splunk version 6.6.1 Splunk build aeae3fe0c5af [build aeae3fe0c5af] 2017-09-15 10:56:38 Received fatal signal 11 (Segmentation fault). Cause: No memory mapped at address [0x00007FF200000001]. Crashing thread: TcpChannelThread Registers: RIP: [0x00007FF282359DE4] ? (libc.so.6 + 0x160DE4) RDI: [0x00007FF251AEFC3E] RSI: [0x00007FF20000000F] RBP: [0x000000000000000E] RSP: [0x00007FF2561FD1F8] RAX: [0x697463656C6C6F63] RBX: [0x00007FF25886B540] RCX: [0x00007FF282359DE0] RDX: [0x000000000000000E] R8: [0x00007FF2561FD170] R9: [0x00007FF27FE93040] R10: [0x00007FF2838A5D50] R11: [0x00007FF28237F870] R12: [0x00007FF2561FDC38] R13: [0x00007FF2561FDC30] R14: [0x00007FF2561FDC38] R15: [0x00007FF2561FD690] EFL: [0x0000000000010203] TRAPNO: [0x000000000000000E] ERR: [0x0000000000000004] CSGSFS: [0x0000000000000033] OLDMASK: [0x0000000000000000] OS: Linux Arch: x86-64 Backtrace (PIC build): [0x00007FF282359DE4] ? (libc.so.6 + 0x160DE4) [0x00007FF284AE2FAE] _Z18mem_compare_normalPKcmS0_m + 30 (splunkd + 0x1237FAE) [0x00007FF284B66191] _ZNK11Application12toConfigInfoER10ConfigInfo + 65 (splunkd + 0x12BB191) [0x00007FF284B8985E] _ZNK9DSManager18getAllApplicationsER10ConfigInfoRK14ClientSelectorPK15ClientRegistrar + 430 (splunkd + 0x12DE85E) [0x00007FF284B42E09] _ZNK16DeploymentServer18getAllApplicationsER10ConfigInfoRK14ClientSelector + 89 (splunkd + 0x1297E09) [0x00007FF284B48DB1] _ZN23ApplicationAdminHandler10handleListER10ConfigInfo + 97 (splunkd + 0x129DDB1) [0x00007FF28459453C] _ZN14MConfigHandler14executeHandlerER10ConfigInfo + 556 (splunkd + 0xCE953C) [0x00007FF2845A49ED] _ZN14MConfigHandler2goER10ConfigInfo + 189 (splunkd + 0xCF99ED) [0x00007FF2845A55B4] _ZN29AdminManagerReplyDataProvider2goEv + 804 (splunkd + 0xCFA5B4) [0x00007FF28463DDE8] _ZN33ServicesEndpointReplyDataProvider9rawHandleEv + 88 (splunkd + 0xD92DE8) [0x00007FF28463389F] _ZN18RawRestHttpHandler10getPreBodyEP21HttpServerTransaction + 31 (splunkd + 0xD8889F) [0x00007FF284A74D50] _ZN32HttpThreadedCommunicationHandler11communicateER17TcpSyncDataBuffer + 272 (splunkd + 0x11C9D50) [0x00007FF2840B3023] _ZN16TcpChannelThread4mainEv + 227 (splunkd + 0x808023) [0x00007FF284AFE130] _ZN6Thread8callMainEPv + 64 (splunkd + 0x1253130) [0x00007FF2825C6182] ? (libpthread.so.0 + 0x8182) [0x00007FF2822F347D] clone + 109 (libc.so.6 + 0xFA47D) Linux / VDBS1520 / 3.19.0-25-generic / #26~14.04.1-Ubuntu SMP Fri Jul 24 21:16:20 UTC 2015 / x86_64 /etc/debian_version: jessie/sid MAP: 7ff24be00000-7ff24ea00000 rw-p 00000000 00:00 0 MAP: 7ff24ebfe000-7ff24ebff000 ---p 00000000 00:00 0 MAP: 7ff24ebff000-7ff24edff000 rw-p 00000000 00:00 0 MAP: 7ff24f000000-7ff24f800000 rw-p 00000000 00:00 0 MAP: 7ff24f9ea000-7ff24fa00000 r-xp 00000000 08:03 3276993 /lib/x86_64-linux-gnu/libgcc_s.so.1 MAP: 7ff24fa00000-7ff24fbff000 ---p 00016000 08:03 3276993 /lib/x86_64-linux-gnu/libgcc_s.so.1 MAP: 7ff24fbff000-7ff24fc00000 rw-p 00015000 08:03 3276993 /lib/x86_64-linux-gnu/libgcc_s.so.1 MAP: 7ff24fc00000-7ff250400000 rw-p 00000000 00:00 0 MAP: 7ff2505d3000-7ff2505ea000 r-xp 00000000 08:03 3277063 /lib/x86_64-linux-gnu/libresolv-2.19.so MAP: 7ff2505ea000-7ff2507ea000 ---p 00017000 08:03 3277063 /lib/x86_64-linux-gnu/libresolv-2.19.so MAP: 7ff2507ea000-7ff2507eb000 r--p 00017000 08:03 3277063 /lib/x86_64-linux-gnu/libresolv-2.19.so MAP: 7ff2507eb000-7ff2507ec000 rw-p 00018000 08:03 3277063 /lib/x86_64-linux-gnu/libresolv-2.19.so MAP: 7ff2507ec000-7ff2507ee000 rw-p 00000000 00:00 0 MAP: 7ff2507ee000-7ff2507f3000 r-xp 00000000 08:03 3277026 /lib/x86_64-linux-gnu/libnss_dns-2.19.so MAP: 7ff2507f3000-7ff2509f2000 ---p 00005000 08:03 3277026 /lib/x86_64-linux-gnu/libnss_dns-2.19.so MAP: 7ff2509f2000-7ff2509f3000 r--p 00004000 08:03 3277026 /lib/x86_64-linux-gnu/libnss_dns-2.19.so MAP: 7ff2509f3000-7ff2509f4000 rw-p 00005000 08:03 3277026 /lib/x86_64-linux-gnu/libnss_dns-2.19.so MAP: 7ff2509f4000-7ff2509ff000 r-xp 00000000 08:03 3277028 /lib/x86_64-linux-gnu/libnss_files-2.19.so MAP: 7ff2509ff000-7ff250bfe000 ---p 0000b000 08:03 3277028 /lib/x86_64-linux-gnu/libnss_files-2.19.so MAP: 7ff250bfe000-7ff250bff000 r--p 0000a000 08:03 3277028 /lib/x86_64-linux-gnu/libnss_files-2.19.so MAP: 7ff250bff000-7ff250c00000 rw-p 0000b000 08:03 3277028 /lib/x86_64-linux-gnu/libnss_files-2.19.so MAP: 7ff250c00000-7ff251600000 rw-p 00000000 00:00 0 MAP: 7ff2517ff000-7ff251800000 ---p 00000000 00:00 0 MAP: 7ff251800000-7ff251a00000 rw-p 00000000 00:00 0 MAP: 7ff251a00000-7ff254200000 rw-p 00000000 00:00 0 MAP: 7ff254400000-7ff254600000 rw-p 00000000 00:00 0 MAP: 7ff2547ff000-7ff254800000 ---p 00000000 00:00 0 MAP: 7ff254800000-7ff254a00000 rw-p 00000000 00:00 0 [stack:29472] MAP: 7ff254a00000-7ff254c00000 rw-p 00000000 00:00 0 MAP: 7ff254df5000-7ff254df6000 ---p 00000000 00:00 0 MAP: 7ff254df6000-7ff254ff6000 rw-p 00000000 00:00 0 MAP: 7ff254ff6000-7ff254ff7000 ---p 00000000 00:00 0 MAP: 7ff254ff7000-7ff2551f7000 rw-p 00000000 00:00 0 MAP: 7ff2551f7000-7ff2551f8000 ---p 00000000 00:00 0 MAP: 7ff2551f8000-7ff2553f8000 rw-p 00000000 00:00 0 MAP: 7ff2553f8000-7ff2553f9000 ---p 00000000 00:00 0 MAP: 7ff2553f9000-7ff2555f9000 rw-p 00000000 00:00 0 [stack:29476] MAP: 7ff255800000-7ff255a00000 rw-p 00000000 00:00 0 MAP: 7ff255bfc000-7ff255bfd000 ---p 00000000 00:00 0 MAP: 7ff255bfd000-7ff255dfd000 rw-p 00000000 00:00 0 [stack:76354] MAP: 7ff255ffe000-7ff255fff000 ---p 00000000 00:00 0 MAP: 7ff255fff000-7ff2561ff000 rw-p 00000000 00:00 0 [stack:29416] MAP: 7ff2561ff000-7ff256200000 ---p 00000000 00:00 0 MAP: 7ff256200000-7ff256400000 rw-p 00000000 00:00 0 [stack:29493] MAP: 7ff256400000-7ff258c00000 rw-p 00000000 00:00 0 MAP: 7ff258dff000-7ff258e00000 ---p 00000000 00:00 0 MAP: 7ff258e00000-7ff259000000 rw-p 00000000 00:00 0 [stack:29492] MAP: 7ff259000000-7ff259e00000 rw-p 00000000 00:00 0 MAP: 7ff259fff000-7ff25a000000 ---p 00000000 00:00 0 MAP: 7ff25a000000-7ff25a200000 rw-p 00000000 00:00 0 [stack:71772] MAP: 7ff25a200000-7ff25c400000 rw-p 00000000 00:00 0 MAP: 7ff25c5ff000-7ff25c600000 ---p 00000000 00:00 0 MAP: 7ff25c600000-7ff25c800000 rw-p 00000000 00:00 0 [stack:71467] MAP: 7ff25c800000-7ff25ca00000 rw-p 00000000 00:00 0 MAP: 7ff25cbff000-7ff25cc00000 ---p 00000000 00:00 0 MAP: 7ff25cc00000-7ff25ce00000 rw-p 00000000 00:00 0 [stack:71466] MAP: 7ff25ce00000-7ff266000000 rw-p 00000000 00:00 0 MAP: 7ff2661fe000-7ff2661ff000 ---p 00000000 00:00 0 MAP: 7ff2661ff000-7ff2669ff000 rw-p 00000000 00:00 0 [stack:71334] MAP: 7ff2669ff000-7ff266a00000 ---p 00000000 00:00 0 MAP: 7ff266a00000-7ff267200000 rw-p 00000000 00:00 0 [stack:71331] MAP: 7ff267200000-7ff26a400000 rw-p 00000000 00:00 0 MAP: 7ff26a5ff000-7ff26a600000 ---p 00000000 00:00 0 MAP: 7ff26a600000-7ff26a800000 rw-p 00000000 00:00 0 [stack:60090] MAP: 7ff26a800000-7ff26c200000 rw-p 00000000 00:00 0 MAP: 7ff26c3ff000-7ff26c400000 ---p 00000000 00:00 0 MAP: 7ff26c400000-7ff26c600000 rw-p 00000000 00:00 0 MAP: 7ff26c600000-7ff26cc00000 rw-p 00000000 00:00 0 MAP: 7ff26cdfe000-7ff26cdff000 ---p 00000000 00:00 0 MAP: 7ff26cdff000-7ff26cfff000 rw-p 00000000 00:00 0 [stack:71296] MAP: 7ff26cfff000-7ff26d000000 ---p 00000000 00:00 0 MAP: 7ff26d000000-7ff26d200000 rw-p 00000000 00:00 0 [stack:71295] MAP: 7ff26d200000-7ff26d400000 rw-p 00000000 00:00 0 MAP: 7ff26d5ff000-7ff26d600000 ---p 00000000 00:00 0 MAP: 7ff26d600000-7ff26d800000 rw-p 00000000 00:00 0 [stack:71702] MAP: 7ff26d800000-7ff26e200000 rw-p 00000000 00:00 0 MAP: 7ff26e3fd000-7ff26e3fe000 ---p 00000000 00:00 0 MAP: 7ff26e3fe000-7ff26e5fe000 rw-p 00000000 00:00 0 [stack:71293] MAP: 7ff26e5fe000-7ff26e5ff000 ---p 00000000 00:00 0 MAP: 7ff26e5ff000-7ff26e7ff000 rw-p 00000000 00:00 0 [stack:71292] MAP: 7ff26e7ff000-7ff26e800000 ---p 00000000 00:00 0 MAP: 7ff26e800000-7ff26ea00000 rw-p 00000000 00:00 0 [stack:71291] MAP: 7ff26ea00000-7ff26f000000 rw-p 00000000 00:00 0 MAP: 7ff26f1ff000-7ff26f200000 ---p 00000000 00:00 0 MAP: 7ff26f200000-7ff26f400000 rw-p 00000000 00:00 0 [stack:71227] MAP: 7ff26f400000-7ff26f600000 rw-p 00000000 00:00 0 MAP: 7ff26f7ff000-7ff26f800000 ---p 00000000 00:00 0 MAP: 7ff26f800000-7ff26fa00000 rw-p 00000000 00:00 0 [stack:71225] MAP: 7ff26fa00000-7ff26fc00000 rw-p 00000000 00:00 0 MAP: 7ff26fdfe000-7ff26fdff000 ---p 00000000 00:00 0 MAP: 7ff26fdff000-7ff26ffff000 rw-p 00000000 00:00 0 [stack:71223] MAP: 7ff26ffff000-7ff270000000 ---p 00000000 00:00 0 MAP: 7ff270000000-7ff270200000 rw-p 00000000 00:00 0 [stack:71290] MAP: 7ff270200000-7ff270400000 rw-p 00000000 00:00 0 MAP: 7ff2705ff000-7ff270600000 ---p 00000000 00:00 0 MAP: 7ff270600000-7ff270800000 rw-p 00000000 00:00 0 MAP: 7ff270800000-7ff270a00000 rw-p 00000000 00:00 0 MAP: 7ff270bff000-7ff270c00000 ---p 00000000 00:00 0 MAP: 7ff270c00000-7ff270e00000 rw-p 00000000 00:00 0 [stack:71221] MAP: 7ff270e00000-7ff271400000 rw-p 00000000 00:00 0 MAP: 7ff2715ff000-7ff271600000 ---p 00000000 00:00 0 MAP: 7ff271600000-7ff271800000 rw-p 00000000 00:00 0 [stack:71217] MAP: 7ff271800000-7ff271a00000 rw-p 00000000 00:00 0 MAP: 7ff271bff000-7ff271c00000 ---p 00000000 00:00 0 MAP: 7ff271c00000-7ff271e00000 rw-p 00000000 00:00 0 [stack:71215] MAP: 7ff271e00000-7ff272000000 rw-p 00000000 00:00 0 MAP: 7ff2721ff000-7ff272200000 ---p 00000000 00:00 0 MAP: 7ff272200000-7ff272400000 rw-p 00000000 00:00 0 [stack:71218] MAP: 7ff272400000-7ff272c00000 rw-p 00000000 00:00 0 MAP: 7ff272dff000-7ff272e00000 ---p 00000000 00:00 0 MAP: 7ff272e00000-7ff273000000 rw-p 00000000 00:00 0 [stack:71207] MAP: 7ff273000000-7ff273200000 rw-p 00000000 00:00 0 MAP: 7ff2733ff000-7ff273400000 ---p 00000000 00:00 0 MAP: 7ff273400000-7ff273600000 rw-p 00000000 00:00 0 [stack:71208] MAP: 7ff273600000-7ff273800000 rw-p 00000000 00:00 0 MAP: 7ff2739ff000-7ff273a00000 ---p 00000000 00:00 0 MAP: 7ff273a00000-7ff273c00000 rw-p 00000000 00:00 0 [stack:71204] MAP: 7ff273c00000-7ff273e00000 rw-p 00000000 00:00 0 MAP: 7ff273fff000-7ff274000000 ---p 00000000 00:00 0 MAP: 7ff274000000-7ff274200000 rw-p 00000000 00:00 0 [stack:71205] MAP: 7ff274200000-7ff274400000 rw-p 00000000 00:00 0 MAP: 7ff2745ff000-7ff274600000 ---p 00000000 00:00 0 MAP: 7ff274600000-7ff274800000 rw-p 00000000 00:00 0 [stack:71201] MAP: 7ff274800000-7ff274a00000 rw-p 00000000 00:00 0 MAP: 7ff274bff000-7ff274c00000 ---p 00000000 00:00 0 MAP: 7ff274c00000-7ff274e00000 rw-p 00000000 00:00 0 [stack:71202] MAP: 7ff274e00000-7ff275200000 rw-p 00000000 00:00 0 MAP: 7ff2753fe000-7ff2753ff000 ---p 00000000 00:00 0 MAP: 7ff2753ff000-7ff2755ff000 rw-p 00000000 00:00 0 [stack:71199] MAP: 7ff2755ff000-7ff275600000 ---p 00000000 00:00 0 MAP: 7ff275600000-7ff275800000 rw-p 00000000 00:00 0 [stack:71198] MAP: 7ff275800000-7ff275a00000 rw-p 00000000 00:00 0 MAP: 7ff275bff000-7ff275c00000 ---p 00000000 00:00 0 MAP: 7ff275c00000-7ff275e00000 rw-p 00000000 00:00 0 [stack:71196] MAP: 7ff275e00000-7ff276000000 rw-p 00000000 00:00 0 MAP: 7ff2761ff000-7ff276200000 ---p 00000000 00:00 0 MAP: 7ff276200000-7ff276400000 rw-p 00000000 00:00 0 [stack:71197] MAP: 7ff276400000-7ff276600000 rw-p 00000000 00:00 0 MAP: 7ff2767ff000-7ff276800000 ---p 00000000 00:00 0 MAP: 7ff276800000-7ff276a00000 rw-p 00000000 00:00 0 [stack:71193] MAP: 7ff276a00000-7ff276c00000 rw-p 00000000 00:00 0 MAP: 7ff276dff000-7ff276e00000 ---p 00000000 00:00 0 MAP: 7ff276e00000-7ff277000000 rw-p 00000000 00:00 0 [stack:71191] MAP: 7ff277000000-7ff277200000 rw-p 00000000 00:00 0 MAP: 7ff2773ff000-7ff277400000 ---p 00000000 00:00 0 MAP: 7ff277400000-7ff277600000 rw-p 00000000 00:00 0 [stack:71194] MAP: 7ff277600000-7ff277800000 rw-p 00000000 00:00 0 MAP: 7ff2779fe000-7ff2779ff000 ---p 00000000 00:00 0 MAP: 7ff2779ff000-7ff277bff000 rw-p 00000000 00:00 0 [stack:71187] MAP: 7ff277bff000-7ff277c00000 ---p 00000000 00:00 0 MAP: 7ff277c00000-7ff277e00000 rw-p 00000000 00:00 0 [stack:71189] MAP: 7ff277e00000-7ff278200000 rw-p 00000000 00:00 0 MAP: 7ff2783ff000-7ff278400000 ---p 00000000 00:00 0 MAP: 7ff278400000-7ff278600000 rw-p 00000000 00:00 0 [stack:71185] MAP: 7ff278600000-7ff278e00000 rw-p 00000000 00:00 0 MAP: 7ff278fff000-7ff279000000 ---p 00000000 00:00 0 MAP: 7ff279000000-7ff279200000 rw-p 00000000 00:00 0 [stack:25187] MAP: 7ff279200000-7ff279400000 rw-p 00000000 00:00 0 MAP: 7ff2795ff000-7ff279600000 ---p 00000000 00:00 0 MAP: 7ff279600000-7ff279800000 rw-p 00000000 00:00 0 [stack:25188] MAP: 7ff279800000-7ff279a00000 rw-p 00000000 00:00 0 MAP: 7ff279bff000-7ff279c00000 ---p 00000000 00:00 0 MAP: 7ff279c00000-7ff279e00000 rw-p 00000000 00:00 0 [stack:25189] MAP: 7ff279e00000-7ff27a000000 rw-p 00000000 00:00 0 MAP: 7ff27a1fe000-7ff27a1ff000 ---p 00000000 00:00 0 MAP: 7ff27a1ff000-7ff27a3ff000 rw-p 00000000 00:00 0 [stack:25190] MAP: 7ff27a3ff000-7ff27a400000 ---p 00000000 00:00 0 MAP: 7ff27a400000-7ff27a600000 rw-p 00000000 00:00 0 [stack:25191] MAP: 7ff27a600000-7ff27a800000 rw-p 00000000 00:00 0 MAP: 7ff27a9fd000-7ff27a9fe000 ---p 00000000 00:00 0 MAP: 7ff27a9fe000-7ff27abfe000 rw-p 00000000 00:00 0 [stack:25192] MAP: 7ff27adfe000-7ff27adff000 ---p 00000000 00:00 0 MAP: 7ff27adff000-7ff27afff000 rw-p 00000000 00:00 0 [stack:25193] MAP: 7ff27afff000-7ff27b000000 ---p 00000000 00:00 0 MAP: 7ff27b000000-7ff27b200000 rw-p 00000000 00:00 0 [stack:25194] MAP: 7ff27b200000-7ff27b400000 rw-p 00000000 00:00 0 MAP: 7ff27b5ff000-7ff27b600000 ---p 00000000 00:00 0 MAP: 7ff27b600000-7ff27b800000 rw-p 00000000 00:00 0 [stack:71175] MAP: 7ff27b800000-7ff27ba00000 rw-p 00000000 00:00 0 MAP: 7ff27bbfe000-7ff27bbff000 ---p 00000000 00:00 0 MAP: 7ff27bbff000-7ff27bdff000 rw-p 00000000 00:00 0 [stack:71174] MAP: 7ff27bdff000-7ff27be00000 ---p 00000000 00:00 0 MAP: 7ff27be00000-7ff27c000000 rw-p 00000000 00:00 0 [stack:76187] MAP: 7ff27c000000-7ff27c400000 rw-p 00000000 00:00 0 MAP: 7ff27c5fe000-7ff27c5ff000 ---p 00000000 00:00 0 MAP: 7ff27c5ff000-7ff27c7ff000 rw-p 00000000 00:00 0 [stack:71172] MAP: 7ff27c7ff000-7ff27c800000 ---p 00000000 00:00 0 MAP: 7ff27c800000-7ff27ca00000 rw-p 00000000 00:00 0 [stack:71171] MAP: 7ff27ca00000-7ff27cc00000 rw-p 00000000 00:00 0 MAP: 7ff27cdff000-7ff27ce00000 ---p 00000000 00:00 0 MAP: 7ff27ce00000-7ff27d000000 rw-p 00000000 00:00 0 [stack:71170] MAP: 7ff27d000000-7ff27d200000 rw-p 00000000 00:00 0 MAP: 7ff27d3ff000-7ff27d400000 ---p 00000000 00:00 0 MAP: 7ff27d400000-7ff27d600000 rw-p 00000000 00:00 0 [stack:71188] MAP: 7ff27d600000-7ff27d800000 rw-p 00000000 00:00 0 MAP: 7ff27d9ff000-7ff27da00000 ---p 00000000 00:00 0 MAP: 7ff27da00000-7ff27dc00000 rw-p 00000000 00:00 0 [stack:71167] MAP: 7ff27dc00000-7ff27de00000 rw-p 00000000 00:00 0 MAP: 7ff27dfff000-7ff27e000000 ---p 00000000 00:00 0 MAP: 7ff27e000000-7ff27e200000 rw-p 00000000 00:00 0 [stack:71166] MAP: 7ff27e200000-7ff27e800000 rw-p 00000000 00:00 0 MAP: 7ff27e9fd000-7ff27e9fe000 ---p 00000000 00:00 0 MAP: 7ff27e9fe000-7ff27ebfe000 rw-p 00000000 00:00 0 [stack:71165] MAP: 7ff27ebfe000-7ff27ebff000 ---p 00000000 00:00 0 MAP: 7ff27ebff000-7ff27edff000 rw-p 00000000 00:00 0 [stack:71164] MAP: 7ff27edff000-7ff27ee00000 ---p 00000000 00:00 0 MAP: 7ff27ee00000-7ff27f000000 rw-p 00000000 00:00 0 [stack:71163] MAP: 7ff27f000000-7ff27f200000 rw-p 00000000 00:00 0 MAP: 7ff27f3ff000-7ff27f400000 ---p 00000000 00:00 0 MAP: 7ff27f400000-7ff27f600000 rw-p 00000000 00:00 0 [stack:71162] MAP: 7ff27f600000-7ff280600000 rw-p 00000000 00:00 0 MAP: 7ff28063f000-7ff2807ff000 rwxp 00000000 00:00 0 MAP: 7ff2807ff000-7ff280800000 ---p 00000000 00:00 0 MAP: 7ff280800000-7ff280a00000 rw-p 00000000 00:00 0 [stack:71161] MAP: 7ff280a00000-7ff280c00000 rw-p 00000000 00:00 0 MAP: 7ff280c0f000-7ff280dff000 rwxp 00000000 00:00 0 MAP: 7ff280dff000-7ff280e00000 ---p 00000000 00:00 0 MAP: 7ff280e00000-7ff281000000 rw-p 00000000 00:00 0 [stack:71160] MAP: 7ff281000000-7ff281400000 rw-p 00000000 00:00 0 MAP: 7ff28140f000-7ff2815ff000 rwxp 00000000 00:00 0 MAP: 7ff2815ff000-7ff281600000 ---p 00000000 00:00 0 MAP: 7ff281600000-7ff281800000 rw-p 00000000 00:00 0 [stack:71159] MAP: 7ff281800000-7ff281a00000 rw-p 00000000 00:00 0 MAP: 7ff281a05000-7ff281b55000 rwxp 00000000 00:00 0 MAP: 7ff281b55000-7ff281b56000 ---p 00000000 00:00 0 MAP: 7ff281b56000-7ff281b5f000 rw-p 00000000 00:00 0 MAP: 7ff281b5f000-7ff281b60000 ---p 00000000 00:00 0 MAP: 7ff281b60000-7ff281c00000 rwxp 00000000 00:00 0 MAP: 7ff281c00000-7ff282000000 rw-p 00000000 00:00 0 MAP: 7ff282009000-7ff2821f9000 rwxp 00000000 00:00 0 MAP: 7ff2821f9000-7ff2823b4000 r-xp 00000000 08:03 3276969 /lib/x86_64-linux-gnu/libc-2.19.so MAP: 7ff2823b4000-7ff2825b3000 ---p 001bb000 08:03 3276969 /lib/x86_64-linux-gnu/libc-2.19.so MAP: 7ff2825b3000-7ff2825b7000 r--p 001ba000 08:03 3276969 /lib/x86_64-linux-gnu/libc-2.19.so MAP: 7ff2825b7000-7ff2825b9000 rw-p 001be000 08:03 3276969 /lib/x86_64-linux-gnu/libc-2.19.so MAP: 7ff2825b9000-7ff2825be000 rw-p 00000000 00:00 0 MAP: 7ff2825be000-7ff2825d7000 r-xp 00000000 08:03 3277059 /lib/x86_64-linux-gnu/libpthread-2.19.so MAP: 7ff2825d7000-7ff2827d6000 ---p 00019000 08:03 3277059 /lib/x86_64-linux-gnu/libpthread-2.19.so MAP: 7ff2827d6000-7ff2827d7000 r--p 00018000 08:03 3277059 /lib/x86_64-linux-gnu/libpthread-2.19.so MAP: 7ff2827d7000-7ff2827d8000 rw-p 00019000 08:03 3277059 /lib/x86_64-linux-gnu/libpthread-2.19.so MAP: 7ff2827d8000-7ff2827dc000 rw-p 00000000 00:00 0 MAP: 7ff2827dc000-7ff2828e1000 r-xp 00000000 08:03 3277007 /lib/x86_64-linux-gnu/libm-2.19.so MAP: 7ff2828e1000-7ff282ae0000 ---p 00105000 08:03 3277007 /lib/x86_64-linux-gnu/libm-2.19.so MAP: 7ff282ae0000-7ff282ae1000 r--p 00104000 08:03 3277007 /lib/x86_64-linux-gnu/libm-2.19.so MAP: 7ff282ae1000-7ff282ae2000 rw-p 00105000 08:03 3277007 /lib/x86_64-linux-gnu/libm-2.19.so MAP: 7ff282ae2000-7ff282b0e000 r-xp 00000000 08:11 6558030 /home/splunk/lib/libbson-1.0.so.0.0.0 MAP: 7ff282b0e000-7ff282b11000 rw-p 0002c000 08:11 6558030 /home/splunk/lib/libbson-1.0.so.0.0.0 MAP: 7ff282b11000-7ff282b17000 rw-p 00000000 00:00 0 MAP: 7ff282b17000-7ff282b69000 r-xp 00000000 08:11 6558008 /home/splunk/lib/libmongoc-1.0.so.0.0.0 MAP: 7ff282b69000-7ff282b6b000 rw-p 00051000 08:11 6558008 /home/splunk/lib/libmongoc-1.0.so.0.0.0 MAP: 7ff282b6b000-7ff282c62000 r-xp 00000000 08:11 6558015 /home/splunk/lib/libsqlite3.so.0.8.6 MAP: 7ff282c62000-7ff282c66000 rw-p 000f6000 08:11 6558015 /home/splunk/lib/libsqlite3.so.0.8.6 MAP: 7ff282c66000-7ff282c67000 rw-p 00000000 00:00 0 MAP: 7ff282c67000-7ff282d08000 r-xp 00000000 08:11 6558027 /home/splunk/lib/libarchive.so.13.3.1 MAP: 7ff282d08000-7ff282d0c000 rw-p 000a1000 08:11 6558027 /home/splunk/lib/libarchive.so.13.3.1 MAP: 7ff282d0c000-7ff282d0f000 r-xp 00000000 08:03 3276985 /lib/x86_64-linux-gnu/libdl-2.19.so MAP: 7ff282d0f000-7ff282f0e000 ---p 00003000 08:03 3276985 /lib/x86_64-linux-gnu/libdl-2.19.so MAP: 7ff282f0e000-7ff282f0f000 r--p 00002000 08:03 3276985 /lib/x86_64-linux-gnu/libdl-2.19.so MAP: 7ff282f0f000-7ff282f10000 rw-p 00003000 08:03 3276985 /lib/x86_64-linux-gnu/libdl-2.19.so MAP: 7ff282f10000-7ff2831ba000 r-xp 00000000 08:11 6558010 /home/splunk/lib/libcrypto.so.1.0.0 MAP: 7ff2831ba000-7ff2831e6000 rw-p 002aa000 08:11 6558010 /home/splunk/lib/libcrypto.so.1.0.0 MAP: 7ff2831e6000-7ff2831ea000 rw-p 00000000 00:00 0 MAP: 7ff2831ea000-7ff283238000 r-xp 00000000 08:11 6558028 /home/splunk/lib/libxmlsec1-openssl.so.1.2.20 MAP: 7ff283238000-7ff28323c000 rw-p 0004e000 08:11 6558028 /home/splunk/lib/libxmlsec1-openssl.so.1.2.20 MAP: 7ff28323c000-7ff28323d000 rw-p 00000000 00:00 0 MAP: 7ff28323d000-7ff2832b3000 r-xp 00000000 08:11 6558024 /home/splunk/lib/libxmlsec1.so.1.2.20 MAP: 7ff2832b3000-7ff2832b7000 rw-p 00076000 08:11 6558024 /home/splunk/lib/libxmlsec1.so.1.2.20 MAP: 7ff2832b7000-7ff283473000 r-xp 00000000 08:11 6558026 /home/splunk/lib/libxml2.so.2.9.4 MAP: 7ff283473000-7ff28347d000 rw-p 001bb000 08:11 6558026 /home/splunk/lib/libxml2.so.2.9.4 MAP: 7ff28347d000-7ff28347e000 rw-p 00000000 00:00 0 MAP: 7ff28347e000-7ff283485000 r-xp 00000000 08:03 3277065 /lib/x86_64-linux-gnu/librt-2.19.so MAP: 7ff283485000-7ff283684000 ---p 00007000 08:03 3277065 /lib/x86_64-linux-gnu/librt-2.19.so MAP: 7ff283684000-7ff283685000 r--p 00006000 08:03 3277065 /lib/x86_64-linux-gnu/librt-2.19.so MAP: 7ff283685000-7ff283686000 rw-p 00007000 08:03 3277065 /lib/x86_64-linux-gnu/librt-2.19.so MAP: 7ff283686000-7ff2836a9000 r-xp 00000000 08:03 3276949 /lib/x86_64-linux-gnu/ld-2.19.so MAP: 7ff2836a9000-7ff2836b9000 rwxp 00000000 00:00 0 MAP: 7ff2836b9000-7ff2836bf000 rw-p 00000000 00:00 0 MAP: 7ff2836bf000-7ff2836d9000 r-xp 00000000 08:11 6557997 /home/splunk/lib/libz.so.1.2.8 MAP: 7ff2836d9000-7ff2836da000 rw-p 00019000 08:11 6557997 /home/splunk/lib/libz.so.1.2.8 MAP: 7ff2836da000-7ff2836eb000 r-xp 00000000 08:11 6558014 /home/splunk/lib/libbz2.so.1.0.3 MAP: 7ff2836eb000-7ff2836ed000 rw-p 00010000 08:11 6558014 /home/splunk/lib/libbz2.so.1.0.3 MAP: 7ff2836ed000-7ff2836ef000 rw-p 00000000 00:00 0 MAP: 7ff2836ef000-7ff28375a000 r-xp 00000000 08:11 6558017 /home/splunk/lib/libssl.so.1.0.0 MAP: 7ff28375a000-7ff283764000 rw-p 0006b000 08:11 6558017 /home/splunk/lib/libssl.so.1.0.0 MAP: 7ff283764000-7ff283765000 rw-p 00000000 00:00 0 MAP: 7ff283765000-7ff2837b8000 r-xp 00000000 08:11 6558009 /home/splunk/lib/libxslt.so.1.1.29 MAP: 7ff2837b8000-7ff2837ba000 rw-p 00052000 08:11 6558009 /home/splunk/lib/libxslt.so.1.1.29 MAP: 7ff2837ba000-7ff28384d000 r-xp 00000000 08:11 6558029 /home/splunk/lib/libpcre2-8.so MAP: 7ff28384d000-7ff28384e000 rw-p 00093000 08:11 6558029 /home/splunk/lib/libpcre2-8.so MAP: 7ff28384e000-7ff28384f000 rw-p 00000000 00:00 0 MAP: 7ff283854000-7ff283855000 rw-p 00000000 00:00 0 MAP: 7ff283855000-7ff2838a2000 r-xp 00000000 08:11 6558001 /home/splunk/lib/libjemalloc.so.2 MAP: 7ff2838a2000-7ff2838a5000 rw-p 0004c000 08:11 6558001 /home/splunk/lib/libjemalloc.so.2 MAP: 7ff2838a5000-7ff2838a8000 rw-p 00000000 00:00 0 MAP: 7ff2838a8000-7ff2838a9000 r--p 00022000 08:03 3276949 /lib/x86_64-linux-gnu/ld-2.19.so MAP: 7ff2838a9000-7ff2838aa000 rw-p 00023000 08:03 3276949 /lib/x86_64-linux-gnu/ld-2.19.so MAP: 7ff2838aa000-7ff2838ab000 rw-p 00000000 00:00 0 MAP: 7ff2838ab000-7ff285d90000 r-xp 00000000 08:11 6687922 /home/splunk/bin/splunkd MAP: 7ff285d90000-7ff285e39000 rw-p 024e5000 08:11 6687922 /home/splunk/bin/splunkd MAP: 7ff285e39000-7ff285eb4000 rw-p 00000000 00:00 0 MAP: 7ffe9e587000-7ffe9e5a8000 rw-p 00000000 00:00 0 [stack] MAP: 7ffe9e5c1000-7ffe9e5c3000 r--p 00000000 00:00 0 [vvar] MAP: 7ffe9e5c3000-7ffe9e5c5000 r-xp 00000000 00:00 0 [vdso] MAP: ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Last errno: 0 Threads running: 66 Runtime: 2159561.006358s argv: [splunkd -p 8089 start] Regex JIT enabled using CLOCK_MONOTONIC Thread: "TcpChannelThread", did_join=0, ready_to_run=Y, main_thread=N First 8 bytes of Thread token @0x7ff264260010: 00000000 00 e7 1f 56 f2 7f 00 00 |...V....| 00000008 commandForThread=0, nextIdle=(nil), requestAfterThread=0, _tpfd=0x7ff26429d800, writeCorkCount=0, terminateCallback=(nil), ioError=No error, lastError=No error, terminateError=No error giveCmd @0x7ff264260168: _queuedOn=(nil), ran=N, wantWake=N, wantFailIfLoopDone=N, cmd=0, ok=Y, chan=0x7ff26426d800 writeDataAvail @0x7ff2642601c8: _queuedOn=(nil), ran=N, wantWake=N, wantFailIfLoopDone=N, chan=0x7ff26426d800 wbuf: ptr=0x7ff264260268, size=0x8000, rptr=0x0, wptr=0x0 HttpListeningConnection: _transactionActive=Y, _haveHadTransaction=Y, _alreadyLoggedTimeout=N HttpTcpConnection: peer=10.89.33.40, _desiredCompressionLevel=6 RestHttpServerTransaction: _restPath="deployment/server/applications", namespaced=N, context=-/-, session=[user=admin, refcnt=5, touched=1505440598, refreshEligible=1505440809, removed=N, id=0b9d6929554a8de80972e65f1a4ad447, created=1505440584, expires=1505444184, initialLife=3600, createdBy=51AE738F-A015-477C-B126-BB7EF84092A8, ip=10.89.33.40, csrf=7613166970095751799] HttpServerTransaction: _state=6, _shouldLog=Y, _startTime=1505440598.811555 REQUEST: GET /ko-KR/splunkd/__raw/services/deployment/server/applications?output_mode=json&count=10&offset=0&_=1505440596334 HTTP/1.1 Host: 168.219.245.30:8000 Connection: keep-alive Accept: text/javascript, text/html, application/xml, text/xml, */* User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 X-Requested-With: XMLHttpRequest Accept-Encoding: gzip, deflate Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.6,en;q=0.4 Cookie: session_id_8000=608193e9c5dfb21c1ebdbc47e5a0ae62dd7cc098; splunkd_8000=N9p4DHCd6OpLml7yhELr127GN3A63aLUX_n6_sphcnjGtjHMP7SdtrNMt1eiJe3lNIEtPAAam9WssvMeWnDmZoCl_vGIAk8FhlHNdQ5JS_xHvW94awlhVBSmnwN; splunkweb_csrf_token_8000=7613166970095751799 _bytesReceived=0, _maximumRequestDataSize=0, _totalBytesExpectedOfRequestData=-1 _bytesLeftInRequestDataChunk=0, _requestTransferEncodingIsChunked=N, _receivingRequestDataForever=N _needToSetupRequestGunzip=N, _owedConsume=140679533153728, _wantSavedRequestData=N _100continue=0, _expectDisconnect=N, _overrideSourceState=0 POST arguments: {} REPLY: 200 Set-Cookie: splunkd_8000=N9p4DHCd6OpLml7yhELr127GN3A63aLUX_n6_sphcnjGtjHMP7SdtrNMt1eiJe3lNIEtPAAam9WssvMeWnDmZoCl_vGIAk8FhlHNdQ5JS_xHvW94awlhVBSmnwN; Path=/; HttpOnly; Max-Age=3600; Expires=Fri, 15 Sep 2017 02:56:38 GMT Set-Cookie: splunkweb_csrf_token_8000=7613166970095751799; Path=/; Max-Age=157680000; Expires=Wed, 14 Sep 2022 01:56:38 GMT admin_handler="applications" MConfigHandler: name=applications, _atomFormat=2, _customAction= caller args: id="" _docShowEntry=Y, _didFilter=N, _didPaginate=N _maxCount=10, posOffset=0, _requestedAction=2 _shouldFilter=N, _shouldReload=N, _shouldAutoList=Y, _sortSpecified=N _strict_mode=N, _list_new=N, _force_stanza_overwite=N, _force_app_context_on_write=Y sort keys: ["name"] sort modes: ["auto"] supported args: ["clientId" type=0, "hasDeploymentError" type=0] Paginator: offset=0, count=10 _customStatusCode=0, _supportedActions=0x47, hasSession=Y _forceBoolNormalization=N, _contextMode=0, _didCapCheck=Y _ranSetup=Y, _restartRequired=N, _listingOne=N _userName=admin, _appName=search ServicesEndpointReplyDataProvider: _setupState=0, _outputMode=2, _explicitOutputMode=Y GET args: {["count"] = "10", ["offset"] = "0"} _allowedMethods={GET,POST,PUT,DELETE,HEAD,OPTIONS}, _preconditionState=0 _wantsSeparateThread=N, _alreadyBuiltHeaders=N, _needToSendBody=Y _bodyBytesWritten=0, _chunkedState=0, _isLastTransaction=N _varyBy=0x8, _redirectUrl="", _downloadFilename="", _totalScheduledLength=0 _willSendDataLater=N, _toSendState=0, _toSendSafe=Y _knowCompleteLength=N, _desiredCompressionLevel=6 _replyIsGzipCompressed=N, _cacheControl=0x0, _maxCacheSeconds=4294967295, _dontIncludeFrameOptions=N In TcpChannel 0x7ff26429d800, _tcloop=0x7ff26c09d288, no async write data, _data._shouldKill=N, r/w_timeouts=5.000/300.000, timeout_count=0 SSL: inactive rbuf: ptr=0x7ff26429d8a0, size=0x2000, rptr=0x0, wptr=0x0 TcpChannelAcceptor: , tcloop=0x7ff26c09d288, _disabledReasons=0, _activeCount=4, _inflightSubordinateAccepts=0 HttpListener: ssl=N, _maxActiveConnections=1365, _wellBelowConnectionLimit=Y, _maxThreads=1365 SplunkdHttpListener: PORT: _allowGzip=Y, bind=http://:8000 conf: _sslopt={rootCAPath="", caCertFile="", certFile="", privateKeyFile="", privateKeyPassword_set=N, commonNameToCheck="", altNameToCheck="", allowSslRenegotiation=Y, sslVersions="SSL3,TLS1.0,TLS1.1,TLS1.2", cipherSuite="", ecdhCurves="", useCompression=N, quietShutdown=NdhFile="", shouldVerifyClientCert=N}, _allowSslRenegotiation=Y, _frameOptionsSameOrigin=Y, _strictTransportSecurityHeader=N, _allowBasicAuth=N, _allowCookieAuth=N conf: _streamInWriteTimeout=5.000, _maxContentLength=524288000, _maxThreads=1365, _maxSockets=1365, _forceHttp10=0 _thread=0x7ff264260000: commandForThread=0, nextIdle=(nil), requestAfterThread=0, _tpfd=0x7ff26429d800, writeCorkCount=0, terminateCallback=(nil), ioError=No error, lastError=No error, terminateError=No error giveCmd @0x7ff264260168: _queuedOn=(nil), ran=N, wantWake=N, wantFailIfLoopDone=N, cmd=0, ok=Y, chan=0x7ff26426d800 writeDataAvail @0x7ff2642601c8: _queuedOn=(nil), ran=N, wantWake=N, wantFailIfLoopDone=N, chan=0x7ff26426d800 wbuf: ptr=0x7ff264260268, size=0x8000, rptr=0x0, wptr=0x0 x86 CPUID registers: 0: 0000000F 756E6547 6C65746E 49656E69 1: 000306F2 26200800 7FFEFBFF BFEBFBFF 2: 76036301 00F0B5FF 00000000 00C10000 3: 00000000 00000000 00000000 00000000 4: 00000000 00000000 00000000 00000000 5: 00000040 00000040 00000003 00002120 6: 00000077 00000002 00000009 00000000 7: 00000000 00000000 00000000 00000000 8: 00000000 00000000 00000000 00000000 9: 00000001 00000000 00000000 00000000 A: 07300403 00000000 00000000 00000603 B: 00000000 00000000 0000005D 00000026 C: 00000000 00000000 00000000 00000000 D: 00000000 00000000 00000000 00000000 E: 00000000 00000000 00000000 00000000 F: 00000000 00000000 00000000 00000000 80000000: 80000008 00000000 00000000 00000000 80000001: 00000000 00000000 00000021 2C100800 80000002: 65746E49 2952286C 6F655820 2952286E 80000003: 55504320 2D354520 37393632 20337620 80000004: 2E322040 48473036 0000007A 00000000 80000005: 00000000 00000000 00000000 00000000 80000006: 00000000 00000000 01006040 00000000 80000007: 00000000 00000000 00000000 00000100 80000008: 0000302E 00000000 00000000 00000000 terminating... [build aeae3fe0c5af] 2017-09-18 02:01:39 Received fatal signal 11 (Segmentation fault). Cause: Unknown signal origin (si_code=128, si_addr=[0x0000000000000000]). Crashing thread: TcpChannelThread Registers: RIP: [0x00007F0B58A35AC0] _ZN11Application20belongsToServerclassEPK11Serverclass + 48 (splunkd + 0x12B7AC0) RDI: [0x00007F0B35030000] RSI: [0x00007F0B5362FB40] RBP: [0x00007F0B355FE1A0] RSP: [0x00007F0B355FDF60] RAX: [0x0000000000000000] RBX: [0x9040B23ED9181D83] RCX: [0x000000006567616E] RDX: [0x0000000000000000] R8: [0x0000000000000001] R9: [0x0000000000000000] R10: [0x0000000000000001] R11: [0x00007F0B56252870] R12: [0x00007F0B5362FB40] R13: [0x00007F0B35030028] R14: [0x00007F0B35030000] R15: [0x0000000000000000] EFL: [0x0000000000010292] TRAPNO: [0x000000000000000D] ERR: [0x0000000000000000] CSGSFS: [0x0000000000000033] OLDMASK: [0x0000000000000000] OS: Linux Arch: x86-64 Backtrace (PIC build): [0x00007F0B58A35AC0] _ZN11Application20belongsToServerclassEPK11Serverclass + 48 (splunkd + 0x12B7AC0) [0x00007F0B58A5F080] _ZNK11Serverclass12findKnownAppERK3StrRKSt8multimapIS0_P11ApplicationSt4lessIS0_ESaISt4pairIS1_S5_EEE + 272 (splunkd + 0x12E1080) [0x00007F0B58A60027] _ZN11Serverclass26reloadOneAppFromRepositoryERK3StrRK13PropertiesMapRKSt8multimapIS0_P11ApplicationSt4lessIS0_ESaISt4pairIS1_S8_EEERSt3setIS8_S9_IS8_ESaIS8_EERK8PathnameRS0_b + 215 (splunkd + 0x12E2027) [0x00007F0B58A638C2] _ZN11Serverclass24reloadAppsFromRepositoryERKSt8multimapI3StrP11ApplicationSt4lessIS1_ESaISt4pairIKS1_S3_EEERSt3setIS3_S4_IS3_ESaIS3_EEP13PropertyPagesRS1_b + 834 (splunkd + 0x12E58C2) [0x00007F0B58A63C14] _ZN11Serverclass20reloadFromRepositoryERKSt8multimapI3StrP11ApplicationSt4lessIS1_ESaISt4pairIKS1_S3_EEERSt3setIS3_S4_IS3_ESaIS3_EEP13PropertyPagesRS1_b + 308 (splunkd + 0x12E5C14) [0x00007F0B58A59A74] _ZN9DSManager31reloadServerclassFromRepositoryEP11ServerclassR3Strb + 196 (splunkd + 0x12DBA74) [0x00007F0B58A5A8D6] _ZN9DSManager36reloadFromPages_serverclass_withLockER3StrRKS0_b + 566 (splunkd + 0x12DC8D6) [0x00007F0B58A1448A] _ZN16DeploymentServer24reloadServerclass_noLockER3StrPKcRKS0_b + 74 (splunkd + 0x129648A) [0x00007F0B58A167DC] _ZN16DeploymentServer17reloadServerclassER3StrPKcRKS0_b + 140 (splunkd + 0x12987DC) [0x00007F0B58A244E2] _ZN28DeploymentServerAdminHandler12handleReloadER10ConfigInfo + 370 (splunkd + 0x12A64E2) [0x00007F0B58467664] _ZN14MConfigHandler14executeHandlerER10ConfigInfo + 852 (splunkd + 0xCE9664) [0x00007F0B584779ED] _ZN14MConfigHandler2goER10ConfigInfo + 189 (splunkd + 0xCF99ED) [0x00007F0B584785B4] _ZN29AdminManagerReplyDataProvider2goEv + 804 (splunkd + 0xCFA5B4) [0x00007F0B58510DE8] _ZN33ServicesEndpointReplyDataProvider9rawHandleEv + 88 (splunkd + 0xD92DE8) [0x00007F0B5850689F] _ZN18RawRestHttpHandler10getPreBodyEP21HttpServerTransaction + 31 (splunkd + 0xD8889F) [0x00007F0B58947D50] _ZN32HttpThreadedCommunicationHandler11communicateER17TcpSyncDataBuffer + 272 (splunkd + 0x11C9D50) [0x00007F0B57F86023] _ZN16TcpChannelThread4mainEv + 227 (splunkd + 0x808023) [0x00007F0B589D1130] _ZN6Thread8callMainEPv + 64 (splunkd + 0x1253130) [0x00007F0B56499182] ? (libpthread.so.0 + 0x8182) [0x00007F0B561C647D] clone + 109 (libc.so.6 + 0xFA47D) Linux / VDBS1520 / 3.19.0-25-generic / #26~14.04.1-Ubuntu SMP Fri Jul 24 21:16:20 UTC 2015 / x86_64 /etc/debian_version: jessie/sid MAP: 7f0b235ea000-7f0b23600000 r-xp 00000000 08:03 3276993 /lib/x86_64-linux-gnu/libgcc_s.so.1 MAP: 7f0b23600000-7f0b237ff000 ---p 00016000 08:03 3276993 /lib/x86_64-linux-gnu/libgcc_s.so.1 MAP: 7f0b237ff000-7f0b23800000 rw-p 00015000 08:03 3276993 /lib/x86_64-linux-gnu/libgcc_s.so.1 MAP: 7f0b23800000-7f0b23a00000 rw-p 00000000 00:00 0 MAP: 7f0b23bff000-7f0b23c00000 ---p 00000000 00:00 0 MAP: 7f0b23c00000-7f0b23e00000 rw-p 00000000 00:00 0 MAP: 7f0b23e00000-7f0b25e00000 rw-p 00000000 00:00 0 MAP: 7f0b25ffe000-7f0b25fff000 ---p 00000000 00:00 0 MAP: 7f0b25fff000-7f0b261ff000 rw-p 00000000 00:00 0 MAP: 7f0b261ff000-7f0b26200000 ---p 00000000 00:00 0 MAP: 7f0b26200000-7f0b26400000 rw-p 00000000 00:00 0 MAP: 7f0b26400000-7f0b26600000 rw-p 00000000 00:00 0 MAP: 7f0b267f7000-7f0b267f8000 ---p 00000000 00:00 0 MAP: 7f0b267f8000-7f0b269f8000 rw-p 00000000 00:00 0 MAP: 7f0b269f8000-7f0b269f9000 ---p 00000000 00:00 0 MAP: 7f0b269f9000-7f0b26bf9000 rw-p 00000000 00:00 0 MAP: 7f0b26bf9000-7f0b26bfa000 ---p 00000000 00:00 0 MAP: 7f0b26bfa000-7f0b26dfa000 rw-p 00000000 00:00 0 MAP: 7f0b26dfa000-7f0b26dfb000 ---p 00000000 00:00 0 MAP: 7f0b26dfb000-7f0b26ffb000 rw-p 00000000 00:00 0 MAP: 7f0b26ffb000-7f0b26ffc000 ---p 00000000 00:00 0 MAP: 7f0b26ffc000-7f0b271fc000 rw-p 00000000 00:00 0 MAP: 7f0b271fc000-7f0b271fd000 ---p 00000000 00:00 0 MAP: 7f0b271fd000-7f0b273fd000 rw-p 00000000 00:00 0 MAP: 7f0b273fd000-7f0b273fe000 ---p 00000000 00:00 0 MAP: 7f0b273fe000-7f0b275fe000 rw-p 00000000 00:00 0 MAP: 7f0b275fe000-7f0b275ff000 ---p 00000000 00:00 0 MAP: 7f0b275ff000-7f0b277ff000 rw-p 00000000 00:00 0 MAP: 7f0b277ff000-7f0b27800000 ---p 00000000 00:00 0 MAP: 7f0b27800000-7f0b27a00000 rw-p 00000000 00:00 0 MAP: 7f0b27a00000-7f0b28400000 rw-p 00000000 00:00 0 MAP: 7f0b285ff000-7f0b28600000 ---p 00000000 00:00 0 MAP: 7f0b28600000-7f0b28800000 rw-p 00000000 00:00 0 [stack:121774] MAP: 7f0b28800000-7f0b28a00000 rw-p 00000000 00:00 0 MAP: 7f0b28bff000-7f0b28c00000 ---p 00000000 00:00 0 MAP: 7f0b28c00000-7f0b28e00000 rw-p 00000000 00:00 0 MAP: 7f0b28e00000-7f0b29000000 rw-p 00000000 00:00 0 MAP: 7f0b291ff000-7f0b29200000 ---p 00000000 00:00 0 MAP: 7f0b29200000-7f0b29400000 rw-p 00000000 00:00 0 MAP: 7f0b29400000-7f0b29800000 rw-p 00000000 00:00 0 MAP: 7f0b299ff000-7f0b29a00000 ---p 00000000 00:00 0 MAP: 7f0b29a00000-7f0b29c00000 rw-p 00000000 00:00 0 MAP: 7f0b29c00000-7f0b2ca00000 rw-p 00000000 00:00 0 MAP: 7f0b2cbff000-7f0b2cc00000 ---p 00000000 00:00 0 MAP: 7f0b2cc00000-7f0b2ce00000 rw-p 00000000 00:00 0 MAP: 7f0b2ce00000-7f0b2ec00000 rw-p 00000000 00:00 0 MAP: 7f0b2edd3000-7f0b2edea000 r-xp 00000000 08:03 3277063 /lib/x86_64-linux-gnu/libresolv-2.19.so MAP: 7f0b2edea000-7f0b2efea000 ---p 00017000 08:03 3277063 /lib/x86_64-linux-gnu/libresolv-2.19.so MAP: 7f0b2efea000-7f0b2efeb000 r--p 00017000 08:03 3277063 /lib/x86_64-linux-gnu/libresolv-2.19.so MAP: 7f0b2efeb000-7f0b2efec000 rw-p 00018000 08:03 3277063 /lib/x86_64-linux-gnu/libresolv-2.19.so MAP: 7f0b2efec000-7f0b2efee000 rw-p 00000000 00:00 0 MAP: 7f0b2efee000-7f0b2eff3000 r-xp 00000000 08:03 3277026 /lib/x86_64-linux-gnu/libnss_dns-2.19.so MAP: 7f0b2eff3000-7f0b2f1f2000 ---p 00005000 08:03 3277026 /lib/x86_64-linux-gnu/libnss_dns-2.19.so MAP: 7f0b2f1f2000-7f0b2f1f3000 r--p 00004000 08:03 3277026 /lib/x86_64-linux-gnu/libnss_dns-2.19.so MAP: 7f0b2f1f3000-7f0b2f1f4000 rw-p 00005000 08:03 3277026 /lib/x86_64-linux-gnu/libnss_dns-2.19.so MAP: 7f0b2f1f4000-7f0b2f1ff000 r-xp 00000000 08:03 3277028 /lib/x86_64-linux-gnu/libnss_files-2.19.so MAP: 7f0b2f1ff000-7f0b2f3fe000 ---p 0000b000 08:03 3277028 /lib/x86_64-linux-gnu/libnss_files-2.19.so MAP: 7f0b2f3fe000-7f0b2f3ff000 r--p 0000a000 08:03 3277028 /lib/x86_64-linux-gnu/libnss_files-2.19.so MAP: 7f0b2f3ff000-7f0b2f400000 rw-p 0000b000 08:03 3277028 /lib/x86_64-linux-gnu/libnss_files-2.19.so MAP: 7f0b2f400000-7f0b31000000 rw-p 00000000 00:00 0 MAP: 7f0b311ff000-7f0b31200000 ---p 00000000 00:00 0 MAP: 7f0b31200000-7f0b31400000 rw-p 00000000 00:00 0 [stack:32169] MAP: 7f0b31400000-7f0b31600000 rw-p 00000000 00:00 0 MAP: 7f0b317ff000-7f0b31800000 ---p 00000000 00:00 0 MAP: 7f0b31800000-7f0b31a00000 rw-p 00000000 00:00 0 [stack:32168] MAP: 7f0b31a00000-7f0b35200000 rw-p 00000000 00:00 0 MAP: 7f0b353ff000-7f0b35400000 ---p 00000000 00:00 0 MAP: 7f0b35400000-7f0b35600000 rw-p 00000000 00:00 0 [stack:32105] MAP: 7f0b35600000-7f0b39e00000 rw-p 00000000 00:00 0 MAP: 7f0b39fff000-7f0b3a000000 ---p 00000000 00:00 0 MAP: 7f0b3a000000-7f0b3a800000 rw-p 00000000 00:00 0 [stack:32045] MAP: 7f0b3a800000-7f0b3aa00000 rw-p 00000000 00:00 0 MAP: 7f0b3abff000-7f0b3ac00000 ---p 00000000 00:00 0 MAP: 7f0b3ac00000-7f0b3b400000 rw-p 00000000 00:00 0 [stack:32042] MAP: 7f0b3b400000-7f0b3ea00000 rw-p 00000000 00:00 0 MAP: 7f0b3ebff000-7f0b3ec00000 ---p 00000000 00:00 0 MAP: 7f0b3ec00000-7f0b3ee00000 rw-p 00000000 00:00 0 [stack:32022] MAP: 7f0b3ee00000-7f0b40600000 rw-p 00000000 00:00 0 MAP: 7f0b407ff000-7f0b40800000 ---p 00000000 00:00 0 MAP: 7f0b40800000-7f0b40a00000 rw-p 00000000 00:00 0 MAP: 7f0b40a00000-7f0b41000000 rw-p 00000000 00:00 0 MAP: 7f0b411fe000-7f0b411ff000 ---p 00000000 00:00 0 MAP: 7f0b411ff000-7f0b413ff000 rw-p 00000000 00:00 0 [stack:32001] MAP: 7f0b413ff000-7f0b41400000 ---p 00000000 00:00 0 MAP: 7f0b41400000-7f0b41600000 rw-p 00000000 00:00 0 [stack:32000] MAP: 7f0b41600000-7f0b41800000 rw-p 00000000 00:00 0 MAP: 7f0b419ff000-7f0b41a00000 ---p 00000000 00:00 0 MAP: 7f0b41a00000-7f0b41c00000 rw-p 00000000 00:00 0 [stack:32434] MAP: 7f0b41c00000-7f0b42600000 rw-p 00000000 00:00 0 MAP: 7f0b427fe000-7f0b427ff000 ---p 00000000 00:00 0 MAP: 7f0b427ff000-7f0b429ff000 rw-p 00000000 00:00 0 [stack:31998] MAP: 7f0b429ff000-7f0b42a00000 ---p 00000000 00:00 0 MAP: 7f0b42a00000-7f0b42c00000 rw-p 00000000 00:00 0 [stack:31997] MAP: 7f0b42c00000-7f0b42e00000 rw-p 00000000 00:00 0 MAP: 7f0b42fff000-7f0b43000000 ---p 00000000 00:00 0 MAP: 7f0b43000000-7f0b43200000 rw-p 00000000 00:00 0 [stack:31996] MAP: 7f0b43200000-7f0b43400000 rw-p 00000000 00:00 0 MAP: 7f0b435ff000-7f0b43600000 ---p 00000000 00:00 0 MAP: 7f0b43600000-7f0b43800000 rw-p 00000000 00:00 0 [stack:31994] MAP: 7f0b43800000-7f0b43a00000 rw-p 00000000 00:00 0 MAP: 7f0b43bff000-7f0b43c00000 ---p 00000000 00:00 0 MAP: 7f0b43c00000-7f0b43e00000 rw-p 00000000 00:00 0 [stack:31992] MAP: 7f0b43e00000-7f0b44000000 rw-p 00000000 00:00 0 MAP: 7f0b441fe000-7f0b441ff000 ---p 00000000 00:00 0 MAP: 7f0b441ff000-7f0b443ff000 rw-p 00000000 00:00 0 [stack:31990] MAP: 7f0b443ff000-7f0b44400000 ---p 00000000 00:00 0 MAP: 7f0b44400000-7f0b44600000 rw-p 00000000 00:00 0 [stack:31995] MAP: 7f0b44600000-7f0b44800000 rw-p 00000000 00:00 0 MAP: 7f0b449ff000-7f0b44a00000 ---p 00000000 00:00 0 MAP: 7f0b44a00000-7f0b44c00000 rw-p 00000000 00:00 0 MAP: 7f0b44c00000-7f0b44e00000 rw-p 00000000 00:00 0 MAP: 7f0b44fff000-7f0b45000000 ---p 00000000 00:00 0 MAP: 7f0b45000000-7f0b45200000 rw-p 00000000 00:00 0 [stack:31988] MAP: 7f0b45200000-7f0b45800000 rw-p 00000000 00:00 0 MAP: 7f0b459ff000-7f0b45a00000 ---p 00000000 00:00 0 MAP: 7f0b45a00000-7f0b45c00000 rw-p 00000000 00:00 0 [stack:31941] MAP: 7f0b45c00000-7f0b45e00000 rw-p 00000000 00:00 0 MAP: 7f0b45fff000-7f0b46000000 ---p 00000000 00:00 0 MAP: 7f0b46000000-7f0b46200000 rw-p 00000000 00:00 0 [stack:31939] MAP: 7f0b46200000-7f0b46400000 rw-p 00000000 00:00 0 MAP: 7f0b465ff000-7f0b46600000 ---p 00000000 00:00 0 MAP: 7f0b46600000-7f0b46800000 rw-p 00000000 00:00 0 [stack:31942] MAP: 7f0b46800000-7f0b47000000 rw-p 00000000 00:00 0 MAP: 7f0b471ff000-7f0b47200000 ---p 00000000 00:00 0 MAP: 7f0b47200000-7f0b47400000 rw-p 00000000 00:00 0 [stack:31930] MAP: 7f0b47400000-7f0b47800000 rw-p 00000000 00:00 0 MAP: 7f0b479ff000-7f0b47a00000 ---p 00000000 00:00 0 MAP: 7f0b47a00000-7f0b47c00000 rw-p 00000000 00:00 0 [stack:31931] MAP: 7f0b47c00000-7f0b47e00000 rw-p 00000000 00:00 0 MAP: 7f0b47fff000-7f0b48000000 ---p 00000000 00:00 0 MAP: 7f0b48000000-7f0b48200000 rw-p 00000000 00:00 0 [stack:31927] MAP: 7f0b48200000-7f0b48400000 rw-p 00000000 00:00 0 MAP: 7f0b485ff000-7f0b48600000 ---p 00000000 00:00 0 MAP: 7f0b48600000-7f0b48800000 rw-p 00000000 00:00 0 [stack:31928] MAP: 7f0b48800000-7f0b48a00000 rw-p 00000000 00:00 0 MAP: 7f0b48bff000-7f0b48c00000 ---p 00000000 00:00 0 MAP: 7f0b48c00000-7f0b48e00000 rw-p 00000000 00:00 0 [stack:31924] MAP: 7f0b48e00000-7f0b49000000 rw-p 00000000 00:00 0 MAP: 7f0b491ff000-7f0b49200000 ---p 00000000 00:00 0 MAP: 7f0b49200000-7f0b49400000 rw-p 00000000 00:00 0 [stack:31925] MAP: 7f0b49400000-7f0b49800000 rw-p 00000000 00:00 0 MAP: 7f0b499fe000-7f0b499ff000 ---p 00000000 00:00 0 MAP: 7f0b499ff000-7f0b49bff000 rw-p 00000000 00:00 0 [stack:31922] MAP: 7f0b49bff000-7f0b49c00000 ---p 00000000 00:00 0 MAP: 7f0b49c00000-7f0b49e00000 rw-p 00000000 00:00 0 [stack:31921] MAP: 7f0b49e00000-7f0b4a000000 rw-p 00000000 00:00 0 MAP: 7f0b4a1ff000-7f0b4a200000 ---p 00000000 00:00 0 MAP: 7f0b4a200000-7f0b4a400000 rw-p 00000000 00:00 0 [stack:31919] MAP: 7f0b4a400000-7f0b4a600000 rw-p 00000000 00:00 0 MAP: 7f0b4a7ff000-7f0b4a800000 ---p 00000000 00:00 0 MAP: 7f0b4a800000-7f0b4aa00000 rw-p 00000000 00:00 0 [stack:31920] MAP: 7f0b4aa00000-7f0b4ac00000 rw-p 00000000 00:00 0 MAP: 7f0b4adff000-7f0b4ae00000 ---p 00000000 00:00 0 MAP: 7f0b4ae00000-7f0b4b000000 rw-p 00000000 00:00 0 [stack:31916] MAP: 7f0b4b000000-7f0b4b200000 rw-p 00000000 00:00 0 MAP: 7f0b4b3ff000-7f0b4b400000 ---p 00000000 00:00 0 MAP: 7f0b4b400000-7f0b4b600000 rw-p 00000000 00:00 0 [stack:31914] MAP: 7f0b4b600000-7f0b4b800000 rw-p 00000000 00:00 0 MAP: 7f0b4b9ff000-7f0b4ba00000 ---p 00000000 00:00 0 MAP: 7f0b4ba00000-7f0b4bc00000 rw-p 00000000 00:00 0 [stack:31917] MAP: 7f0b4bc00000-7f0b4be00000 rw-p 00000000 00:00 0 MAP: 7f0b4bffe000-7f0b4bfff000 ---p 00000000 00:00 0 MAP: 7f0b4bfff000-7f0b4c1ff000 rw-p 00000000 00:00 0 [stack:31909] MAP: 7f0b4c1ff000-7f0b4c200000 ---p 00000000 00:00 0 MAP: 7f0b4c200000-7f0b4c400000 rw-p 00000000 00:00 0 [stack:31912] MAP: 7f0b4c400000-7f0b4c800000 rw-p 00000000 00:00 0 MAP: 7f0b4c9ff000-7f0b4ca00000 ---p 00000000 00:00 0 MAP: 7f0b4ca00000-7f0b4cc00000 rw-p 00000000 00:00 0 [stack:31907] MAP: 7f0b4cc00000-7f0b4d600000 rw-p 00000000 00:00 0 MAP: 7f0b4d7fe000-7f0b4d7ff000 ---p 00000000 00:00 0 MAP: 7f0b4d7ff000-7f0b4d9ff000 rw-p 00000000 00:00 0 [stack:31905] MAP: 7f0b4d9ff000-7f0b4da00000 ---p 00000000 00:00 0 MAP: 7f0b4da00000-7f0b4dc00000 rw-p 00000000 00:00 0 [stack:31904] MAP: 7f0b4dc00000-7f0b4e000000 rw-p 00000000 00:00 0 MAP: 7f0b4e1fb000-7f0b4e1fc000 ---p 00000000 00:00 0 MAP: 7f0b4e1fc000-7f0b4e3fc000 rw-p 00000000 00:00 0 [stack:31903] MAP: 7f0b4e400000-7f0b4e600000 rw-p 00000000 00:00 0 MAP: 7f0b4e7fb000-7f0b4e7fc000 ---p 00000000 00:00 0 MAP: 7f0b4e7fc000-7f0b4e9fc000 rw-p 00000000 00:00 0 [stack:31902] MAP: 7f0b4e9fc000-7f0b4e9fd000 ---p 00000000 00:00 0 MAP: 7f0b4e9fd000-7f0b4ebfd000 rw-p 00000000 00:00 0 [stack:31901] MAP: 7f0b4ebfd000-7f0b4ebfe000 ---p 00000000 00:00 0 MAP: 7f0b4ebfe000-7f0b4edfe000 rw-p 00000000 00:00 0 [stack:31900] MAP: 7f0b4edfe000-7f0b4edff000 ---p 00000000 00:00 0 MAP: 7f0b4edff000-7f0b4efff000 rw-p 00000000 00:00 0 [stack:31899] MAP: 7f0b4efff000-7f0b4f000000 ---p 00000000 00:00 0 MAP: 7f0b4f000000-7f0b4f200000 rw-p 00000000 00:00 0 [stack:31898] MAP: 7f0b4f200000-7f0b4f400000 rw-p 00000000 00:00 0 MAP: 7f0b4f5ff000-7f0b4f600000 ---p 00000000 00:00 0 MAP: 7f0b4f600000-7f0b4f800000 rw-p 00000000 00:00 0 [stack:31897] MAP: 7f0b4f800000-7f0b4fa00000 rw-p 00000000 00:00 0 MAP: 7f0b4fbfe000-7f0b4fbff000 ---p 00000000 00:00 0 MAP: 7f0b4fbff000-7f0b4fdff000 rw-p 00000000 00:00 0 [stack:31896] MAP: 7f0b4fdff000-7f0b4fe00000 ---p 00000000 00:00 0 MAP: 7f0b4fe00000-7f0b50000000 rw-p 00000000 00:00 0 [stack:37276] MAP: 7f0b50000000-7f0b50400000 rw-p 00000000 00:00 0 MAP: 7f0b505fe000-7f0b505ff000 ---p 00000000 00:00 0 MAP: 7f0b505ff000-7f0b507ff000 rw-p 00000000 00:00 0 [stack:31894] MAP: 7f0b507ff000-7f0b50800000 ---p 00000000 00:00 0 MAP: 7f0b50800000-7f0b50a00000 rw-p 00000000 00:00 0 [stack:31893] MAP: 7f0b50a00000-7f0b50c00000 rw-p 00000000 00:00 0 MAP: 7f0b50dff000-7f0b50e00000 ---p 00000000 00:00 0 MAP: 7f0b50e00000-7f0b51000000 rw-p 00000000 00:00 0 [stack:31892] MAP: 7f0b51000000-7f0b51200000 rw-p 00000000 00:00 0 MAP: 7f0b513ff000-7f0b51400000 ---p 00000000 00:00 0 MAP: 7f0b51400000-7f0b51600000 rw-p 00000000 00:00 0 [stack:31910] MAP: 7f0b51600000-7f0b51800000 rw-p 00000000 00:00 0 MAP: 7f0b519ff000-7f0b51a00000 ---p 00000000 00:00 0 MAP: 7f0b51a00000-7f0b51c00000 rw-p 00000000 00:00 0 [stack:31889] MAP: 7f0b51c00000-7f0b51e00000 rw-p 00000000 00:00 0 MAP: 7f0b51fff000-7f0b52000000 ---p 00000000 00:00 0 MAP: 7f0b52000000-7f0b52200000 rw-p 00000000 00:00 0 [stack:31888] MAP: 7f0b52200000-7f0b52800000 rw-p 00000000 00:00 0 MAP: 7f0b529fd000-7f0b529fe000 ---p 00000000 00:00 0 MAP: 7f0b529fe000-7f0b52bfe000 rw-p 00000000 00:00 0 [stack:31887] MAP: 7f0b52bfe000-7f0b52bff000 ---p 00000000 00:00 0 MAP: 7f0b52bff000-7f0b52dff000 rw-p 00000000 00:00 0 [stack:31886] MAP: 7f0b52dff000-7f0b52e00000 ---p 00000000 00:00 0 MAP: 7f0b52e00000-7f0b53000000 rw-p 00000000 00:00 0 [stack:31885] MAP: 7f0b53000000-7f0b53200000 rw-p 00000000 00:00 0 MAP: 7f0b532ff000-7f0b533ff000 rwxp 00000000 00:00 0 MAP: 7f0b533ff000-7f0b53400000 ---p 00000000 00:00 0 MAP: 7f0b53400000-7f0b53600000 rw-p 00000000 00:00 0 [stack:31884] MAP: 7f0b53600000-7f0b54600000 rw-p 00000000 00:00 0 MAP: 7f0b5461f000-7f0b547ff000 rwxp 00000000 00:00 0 MAP: 7f0b547ff000-7f0b54800000 ---p 00000000 00:00 0 MAP: 7f0b54800000-7f0b54a00000 rw-p 00000000 00:00 0 [stack:31883] MAP: 7f0b54a00000-7f0b54c00000 rw-p 00000000 00:00 0 MAP: 7f0b54c0f000-7f0b54dff000 rwxp 00000000 00:00 0 MAP: 7f0b54dff000-7f0b54e00000 ---p 00000000 00:00 0 MAP: 7f0b54e00000-7f0b55000000 rw-p 00000000 00:00 0 [stack:31882] MAP: 7f0b55000000-7f0b55400000 rw-p 00000000 00:00 0 MAP: 7f0b5540f000-7f0b555ff000 rwxp 00000000 00:00 0 MAP: 7f0b555ff000-7f0b55600000 ---p 00000000 00:00 0 MAP: 7f0b55600000-7f0b55800000 rw-p 00000000 00:00 0 [stack:31881] MAP: 7f0b55800000-7f0b55a00000 rw-p 00000000 00:00 0 MAP: 7f0b55a00000-7f0b55a20000 rwxp 00000000 00:00 0 MAP: 7f0b55a20000-7f0b55c00000 rwxp 00000000 00:00 0 MAP: 7f0b55c00000-7f0b56000000 rw-p 00000000 00:00 0 MAP: 7f0b5600c000-7f0b560cc000 rwxp 00000000 00:00 0 MAP: 7f0b560cc000-7f0b56287000 r-xp 00000000 08:03 3276969 /lib/x86_64-linux-gnu/libc-2.19.so MAP: 7f0b56287000-7f0b56486000 ---p 001bb000 08:03 3276969 /lib/x86_64-linux-gnu/libc-2.19.so MAP: 7f0b56486000-7f0b5648a000 r--p 001ba000 08:03 3276969 /lib/x86_64-linux-gnu/libc-2.19.so MAP: 7f0b5648a000-7f0b5648c000 rw-p 001be000 08:03 3276969 /lib/x86_64-linux-gnu/libc-2.19.so MAP: 7f0b5648c000-7f0b56491000 rw-p 00000000 00:00 0 MAP: 7f0b56491000-7f0b564aa000 r-xp 00000000 08:03 3277059 /lib/x86_64-linux-gnu/libpthread-2.19.so MAP: 7f0b564aa000-7f0b566a9000 ---p 00019000 08:03 3277059 /lib/x86_64-linux-gnu/libpthread-2.19.so MAP: 7f0b566a9000-7f0b566aa000 r--p 00018000 08:03 3277059 /lib/x86_64-linux-gnu/libpthread-2.19.so MAP: 7f0b566aa000-7f0b566ab000 rw-p 00019000 08:03 3277059 /lib/x86_64-linux-gnu/libpthread-2.19.so MAP: 7f0b566ab000-7f0b566af000 rw-p 00000000 00:00 0 MAP: 7f0b566af000-7f0b567b4000 r-xp 00000000 08:03 3277007 /lib/x86_64-linux-gnu/libm-2.19.so MAP: 7f0b567b4000-7f0b569b3000 ---p 00105000 08:03 3277007 /lib/x86_64-linux-gnu/libm-2.19.so MAP: 7f0b569b3000-7f0b569b4000 r--p 00104000 08:03 3277007 /lib/x86_64-linux-gnu/libm-2.19.so MAP: 7f0b569b4000-7f0b569b5000 rw-p 00105000 08:03 3277007 /lib/x86_64-linux-gnu/libm-2.19.so MAP: 7f0b569b5000-7f0b569e1000 r-xp 00000000 08:11 6558030 /home/splunk/lib/libbson-1.0.so.0.0.0 MAP: 7f0b569e1000-7f0b569e4000 rw-p 0002c000 08:11 6558030 /home/splunk/lib/libbson-1.0.so.0.0.0 MAP: 7f0b569e4000-7f0b569ea000 rw-p 00000000 00:00 0 MAP: 7f0b569ea000-7f0b56a3c000 r-xp 00000000 08:11 6558008 /home/splunk/lib/libmongoc-1.0.so.0.0.0 MAP: 7f0b56a3c000-7f0b56a3e000 rw-p 00051000 08:11 6558008 /home/splunk/lib/libmongoc-1.0.so.0.0.0 MAP: 7f0b56a3e000-7f0b56b35000 r-xp 00000000 08:11 6558015 /home/splunk/lib/libsqlite3.so.0.8.6 MAP: 7f0b56b35000-7f0b56b39000 rw-p 000f6000 08:11 6558015 /home/splunk/lib/libsqlite3.so.0.8.6 MAP: 7f0b56b39000-7f0b56b3a000 rw-p 00000000 00:00 0 MAP: 7f0b56b3a000-7f0b56bdb000 r-xp 00000000 08:11 6558027 /home/splunk/lib/libarchive.so.13.3.1 MAP: 7f0b56bdb000-7f0b56bdf000 rw-p 000a1000 08:11 6558027 /home/splunk/lib/libarchive.so.13.3.1 MAP: 7f0b56bdf000-7f0b56be2000 r-xp 00000000 08:03 3276985 /lib/x86_64-linux-gnu/libdl-2.19.so MAP: 7f0b56be2000-7f0b56de1000 ---p 00003000 08:03 3276985 /lib/x86_64-linux-gnu/libdl-2.19.so MAP: 7f0b56de1000-7f0b56de2000 r--p 00002000 08:03 3276985 /lib/x86_64-linux-gnu/libdl-2.19.so MAP: 7f0b56de2000-7f0b56de3000 rw-p 00003000 08:03 3276985 /lib/x86_64-linux-gnu/libdl-2.19.so MAP: 7f0b56de3000-7f0b5708d000 r-xp 00000000 08:11 6558010 /home/splunk/lib/libcrypto.so.1.0.0 MAP: 7f0b5708d000-7f0b570b9000 rw-p 002aa000 08:11 6558010 /home/splunk/lib/libcrypto.so.1.0.0 MAP: 7f0b570b9000-7f0b570bd000 rw-p 00000000 00:00 0 MAP: 7f0b570bd000-7f0b5710b000 r-xp 00000000 08:11 6558028 /home/splunk/lib/libxmlsec1-openssl.so.1.2.20 MAP: 7f0b5710b000-7f0b5710f000 rw-p 0004e000 08:11 6558028 /home/splunk/lib/libxmlsec1-openssl.so.1.2.20 MAP: 7f0b5710f000-7f0b57110000 rw-p 00000000 00:00 0 MAP: 7f0b57110000-7f0b57186000 r-xp 00000000 08:11 6558024 /home/splunk/lib/libxmlsec1.so.1.2.20 MAP: 7f0b57186000-7f0b5718a000 rw-p 00076000 08:11 6558024 /home/splunk/lib/libxmlsec1.so.1.2.20 MAP: 7f0b5718a000-7f0b57346000 r-xp 00000000 08:11 6558026 /home/splunk/lib/libxml2.so.2.9.4 MAP: 7f0b57346000-7f0b57350000 rw-p 001bb000 08:11 6558026 /home/splunk/lib/libxml2.so.2.9.4 MAP: 7f0b57350000-7f0b57351000 rw-p 00000000 00:00 0 MAP: 7f0b57351000-7f0b57358000 r-xp 00000000 08:03 3277065 /lib/x86_64-linux-gnu/librt-2.19.so MAP: 7f0b57358000-7f0b57557000 ---p 00007000 08:03 3277065 /lib/x86_64-linux-gnu/librt-2.19.so MAP: 7f0b57557000-7f0b57558000 r--p 00006000 08:03 3277065 /lib/x86_64-linux-gnu/librt-2.19.so MAP: 7f0b57558000-7f0b57559000 rw-p 00007000 08:03 3277065 /lib/x86_64-linux-gnu/librt-2.19.so MAP: 7f0b57559000-7f0b5757c000 r-xp 00000000 08:03 3276949 /lib/x86_64-linux-gnu/ld-2.19.so MAP: 7f0b5757e000-7f0b5757f000 ---p 00000000 00:00 0 MAP: 7f0b5757f000-7f0b57588000 rw-p 00000000 00:00 0 MAP: 7f0b57588000-7f0b57589000 ---p 00000000 00:00 0 MAP: 7f0b57589000-7f0b5758f000 rw-p 00000000 00:00 0 MAP: 7f0b5758f000-7f0b575a9000 r-xp 00000000 08:11 6557997 /home/splunk/lib/libz.so.1.2.8 MAP: 7f0b575a9000-7f0b575aa000 rw-p 00019000 08:11 6557997 /home/splunk/lib/libz.so.1.2.8 MAP: 7f0b575aa000-7f0b575bb000 r-xp 00000000 08:11 6558014 /home/splunk/lib/libbz2.so.1.0.3 MAP: 7f0b575bb000-7f0b575bd000 rw-p 00010000 08:11 6558014 /home/splunk/lib/libbz2.so.1.0.3 MAP: 7f0b575bd000-7f0b575bf000 rw-p 00000000 00:00 0 MAP: 7f0b575bf000-7f0b5762a000 r-xp 00000000 08:11 6558017 /home/splunk/lib/libssl.so.1.0.0 MAP: 7f0b5762a000-7f0b57634000 rw-p 0006b000 08:11 6558017 /home/splunk/lib/libssl.so.1.0.0 MAP: 7f0b57634000-7f0b57635000 rw-p 00000000 00:00 0 MAP: 7f0b57635000-7f0b57688000 r-xp 00000000 08:11 6558009 /home/splunk/lib/libxslt.so.1.1.29 MAP: 7f0b57688000-7f0b5768a000 rw-p 00052000 08:11 6558009 /home/splunk/lib/libxslt.so.1.1.29 MAP: 7f0b5768a000-7f0b5771d000 r-xp 00000000 08:11 6558029 /home/splunk/lib/libpcre2-8.so MAP: 7f0b5771d000-7f0b5771e000 rw-p 00093000 08:11 6558029 /home/splunk/lib/libpcre2-8.so MAP: 7f0b5771e000-7f0b5771f000 rw-p 00000000 00:00 0 MAP: 7f0b57727000-7f0b57728000 rw-p 00000000 00:00 0 MAP: 7f0b57728000-7f0b57775000 r-xp 00000000 08:11 6558001 /home/splunk/lib/libjemalloc.so.2 MAP: 7f0b57775000-7f0b57778000 rw-p 0004c000 08:11 6558001 /home/splunk/lib/libjemalloc.so.2 MAP: 7f0b57778000-7f0b5777b000 rw-p 00000000 00:00 0 MAP: 7f0b5777b000-7f0b5777c000 r--p 00022000 08:03 3276949 /lib/x86_64-linux-gnu/ld-2.19.so MAP: 7f0b5777c000-7f0b5777d000 rw-p 00023000 08:03 3276949 /lib/x86_64-linux-gnu/ld-2.19.so MAP: 7f0b5777d000-7f0b5777e000 rw-p 00000000 00:00 0 MAP: 7f0b5777e000-7f0b59c63000 r-xp 00000000 08:11 6687922 /home/splunk/bin/splunkd MAP: 7f0b59c63000-7f0b59d0c000 rw-p 024e5000 08:11 6687922 /home/splunk/bin/splunkd MAP: 7f0b59d0c000-7f0b59d87000 rw-p 00000000 00:00 0 MAP: 7ffc68d8e000-7ffc68daf000 rw-p 00000000 00:00 0 [stack] MAP: 7ffc68de7000-7ffc68de9000 r--p 00000000 00:00 0 [vvar] MAP: 7ffc68de9000-7ffc68deb000 r-xp 00000000 00:00 0 [vdso] MAP: ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Last errno: 2 Threads running: 61 Runtime: 226985.984811s argv: [splunkd -p 8089 start] Regex JIT enabled using CLOCK_MONOTONIC Thread: "TcpChannelThread", did_join=0, ready_to_run=Y, main_thread=N First 8 bytes of Thread token @0x7f0b41c7e910: 00000000 00 f7 5f 35 0b 7f 00 00 |.._5....| 00000008 commandForThread=0, nextIdle=(nil), requestAfterThread=0, _tpfd=0x7f0b42010000, writeCorkCount=0, terminateCallback=(nil), ioError=No error, lastError=No error, terminateError=No error giveCmd @0x7f0b41c7ea68: _queuedOn=(nil), ran=N, wantWake=N, wantFailIfLoopDone=N, cmd=0, ok=Y, chan=0x7f0b42012800 writeDataAvail @0x7f0b41c7eac8: _queuedOn=(nil), ran=N, wantWake=N, wantFailIfLoopDone=N, chan=0x7f0b42012800 wbuf: ptr=0x7f0b41c7eb68, size=0x8000, rptr=0x0, wptr=0x0 HttpListeningConnection: _transactionActive=Y, _haveHadTransaction=Y, _alreadyLoggedTimeout=N HttpTcpConnection: peer=127.0.0.1, _desiredCompressionLevel=0 RestHttpServerTransaction: _restPath="deployment/server/config/_reload", namespaced=N, context=-/-, session=[user=admin, refcnt=2, touched=1505667699, removed=N, id=e1d96fffde96ccca8dc60e41814a88cd, created=1505667699, createdBy=51AE738F-A015-477C-B126-BB7EF84092A8, ip=127.0.0.1] HttpServerTransaction: _state=6, _shouldLog=Y, _startTime=1505667699.192578 REQUEST: POST /services/deployment/server/config/_reload HTTP/1.0 Host: 127.0.0.1:8089 content-length: 32 user-agent: Python-httplib2/0.9.2 (gzip) content-type: application/x-www-form-urlencoded accept-encoding: gzip, deflate Authorization: Splunk {value elided from dump} _bytesReceived=32, _maximumRequestDataSize=2147483648, _totalBytesExpectedOfRequestData=32 _bytesLeftInRequestDataChunk=0, _requestTransferEncodingIsChunked=N, _receivingRequestDataForever=N _needToSetupRequestGunzip=N, _owedConsume=0, _wantSavedRequestData=N _100continue=0, _expectDisconnect=N, _overrideSourceState=0 POST arguments: {["serverclass"] = "configuration_manage"} REPLY: 200 admin_handler="deploymentserver" MConfigHandler: name=deploymentserver, _atomFormat=1, _customAction= caller args: id="_reload": { serverclass -> { _dataType=string _isMultiValue=Y, _values: ["configuration_manage"] } } _docShowEntry=Y, _didFilter=N, _didPaginate=N _maxCount=30, posOffset=0, _requestedAction=32 _shouldFilter=N, _shouldReload=N, _shouldAutoList=Y, _sortSpecified=N _strict_mode=N, _list_new=N, _force_stanza_overwite=N, _force_app_context_on_write=Y sort keys: ["name"] sort modes: ["auto"] supported args: ["serverclass" type=0, "validate-only" type=0] Paginator: offset=0, count=30 _customStatusCode=0, _supportedActions=0x1A6, hasSession=Y _forceBoolNormalization=N, _contextMode=0, _didCapCheck=Y _ranSetup=Y, _restartRequired=N, _listingOne=N _userName=admin, _appName=search ServicesEndpointReplyDataProvider: _setupState=0, _outputMode=1, _explicitOutputMode=N GET args: {} _allowedMethods={GET,POST,PUT,DELETE,HEAD,OPTIONS}, _preconditionState=0 _wantsSeparateThread=N, _alreadyBuiltHeaders=N, _needToSendBody=Y _bodyBytesWritten=0, _chunkedState=0, _isLastTransaction=Y _varyBy=0x10, _redirectUrl="", _downloadFilename="", _totalScheduledLength=0 _willSendDataLater=N, _toSendState=0, _toSendSafe=Y _knowCompleteLength=N, _desiredCompressionLevel=0 _replyIsGzipCompressed=N, _cacheControl=0x10, _maxCacheSeconds=4294967295, _dontIncludeFrameOptions=N In TcpChannel 0x7f0b42010000, _tcloop=0x7f0b55c5bc90, no async write data, _data._shouldKill=N, r/w_timeouts=5.000/300.000, timeout_count=0 SSL: version="TLSv1.2", state="SSL negotiation finished successfully", cipher="ECDHE-RSA-AES256-GCM-SHA384", compression="zlib compression" rbuf: ptr=0x7f0b420100a0, size=0x2000, rptr=0x0, wptr=0x0 TcpChannelAcceptor: , tcloop=0x7f0b55c5bc90, _disabledReasons=0, _activeCount=4, _inflightSubordinateAccepts=0 HttpListener: ssl=Y, _maxActiveConnections=1365, _wellBelowConnectionLimit=Y, _maxThreads=1365 SplunkdHttpListener: PORT: _allowGzip=Y, bind=https://:8089 conf: _sslopt={rootCAPath="", caCertFile="/home/splunk/etc/auth/cacert.pem", certFile="/home/splunk/etc/auth/server.pem", privateKeyFile="/home/splunk/etc/auth/server.pem", privateKeyPassword_set=Y, commonNameToCheck="", altNameToCheck="", allowSslRenegotiation=Y, sslVersions="TLS1.2", cipherSuite="ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256", ecdhCurves="prime256v1, secp384r1, secp521r1", useCompression=Y, quietShutdown=NdhFile="", shouldVerifyClientCert=N}, _allowSslRenegotiation=Y, _frameOptionsSameOrigin=Y, _strictTransportSecurityHeader=N, _allowBasicAuth=Y, _allowCookieAuth=Y, _cookieAuthHttpOnly=Y, _cookieAuthSecure=Y conf: _streamInWriteTimeout=5.000, _maxContentLength=2147483648, _maxThreads=1365, _maxSockets=1365, _forceHttp10=0 _thread=0x7f0b41c7e900: commandForThread=0, nextIdle=(nil), requestAfterThread=0, _tpfd=0x7f0b42010000, writeCorkCount=0, terminateCallback=(nil), ioError=No error, lastError=No error, terminateError=No error giveCmd @0x7f0b41c7ea68: _queuedOn=(nil), ran=N, wantWake=N, wantFailIfLoopDone=N, cmd=0, ok=Y, chan=0x7f0b42012800 writeDataAvail @0x7f0b41c7eac8: _queuedOn=(nil), ran=N, wantWake=N, wantFailIfLoopDone=N, chan=0x7f0b42012800 wbuf: ptr=0x7f0b41c7eb68, size=0x8000, rptr=0x0, wptr=0x0 x86 CPUID registers: 0: 0000000F 756E6547 6C65746E 49656E69 1: 000306F2 32200800 7FFEFBFF BFEBFBFF 2: 76036301 00F0B5FF 00000000 00C10000 3: 00000000 00000000 00000000 00000000 4: 00000000 00000000 00000000 00000000 5: 00000040 00000040 00000003 00002120 6: 00000077 00000002 00000009 00000000 7: 00000000 00000000 00000000 00000000 8: 00000000 00000000 00000000 00000000 9: 00000001 00000000 00000000 00000000 A: 07300403 00000000 00000000 00000603 B: 00000000 00000000 0000005D 00000032 C: 00000000 00000000 00000000 00000000 D: 00000000 00000000 00000000 00000000 E: 00000000 00000000 00000000 00000000 F: 00000000 00000000 00000000 00000000 80000000: 80000008 00000000 00000000 00000000 80000001: 00000000 00000000 00000021 2C100800 80000002: 65746E49 2952286C 6F655820 2952286E 80000003: 55504320 2D354520 37393632 20337620 80000004: 2E322040 48473036 0000007A 00000000 80000005: 00000000 00000000 00000000 00000000 80000006: 00000000 00000000 01006040 00000000 80000007: 00000000 00000000 00000000 00000100 80000008: 0000302E 00000000 00000000 00000000 terminating...
Search

Timechart with success and failure and failure/success percentage, grouped by Server

September 22, 2017, 2:15 am
$
0
0
I've two patterns, say like this - "successPattern" and "failurePattern". I want to make a timechart comparing success vs failure and failure percentage, server wise. I've attached the expected output. Here host1, host2 are the servers, available with field name "host" Could someone please help ?

Parse Get-GPOReport

September 22, 2017, 4:40 am
$
0
0
I am attempting to ingest the output of the Microsoft Powershell GPO Report Export (i.e. Get-GPOReport -All -ReportType XML -Path c:\report.xml). The following props.conf splits the output into the separate individual GPO sections into Events (...). [xml_source] DATETIME_CONFIG = CURRENT KV_MODE = xml LINE_BREAKER = ([\r\n]*)(?=\s*\Default Domain Policy true 2002-09-17T07:41:34 2017-09-02T01:59:14 2017-09-19T12:34:59.5821172Z

Can we schedule same alert at two times a day

September 22, 2017, 4:41 am
$
0
0
Hi. May I know whether we can we schedule same alert two times everyday. Ex: can we schedule an Alert at 1:00 PM and 4:00PM everyday using single alert

Error when pushing bundle to shcluster. Error = "No target specified"

September 22, 2017, 5:15 am
$
0
0
We are using a stand-alone deployer to deploy apps to a cluster of 5 search heads. Currently, when trying to push a shcluster bundle from the deployer, we get the error "no target specified". We're using the following command to push: ./splunk apply shcluster-bundle --answer-yes -target https://[sh-ip]:8089 -preserve-lookups true We've also tried sequentially: ./splunk apply shcluster-bundle -action stage #no error ./splunk apply shcluster-bundle -action send #same "no target specified" error Furthermore: - We've tried to push to all 5 searchheads using ip and hostname alternatively. All resulting in the same error. - The shcluster has all machines online with an active captain. - We can also telnet to 8089 from the deployer to the SH's, on both sides the port is active under splunkd. - We cannot find any log messages on the deployer that indicate what the problem is, even when running with 'splunk start --debug'. - All folders in ./shcluster/apps/* are owned by splunk. - We've refreshed the SHClustering pass4SymKey. Does anyone have an idea, as to why this error is popping up? It's not possible to deploy changes to our cluster at the moment. Misc info: - Machines are running RHEL 6.9 - Splunk is running 6.5.5.

Funnel App not installing.

September 22, 2017, 5:34 am
$
0
0
I am getting the attached error when i try to load the Funnel App. For the UI purpose is there anyother App i can use to show a process flow. Please suggest.![alt text][1] [1]: /storage/temp/217617-error1.png

Does splunk support running a stanalone search head next to a search head cluster?

September 22, 2017, 6:36 am
$
0
0
While reading the guide for upgrading stand alone search heads to a cluster, I noticed that you cannot add an existing search head. It must be a new instance, or cleaned using `splunk clean all`, Because our one instance had many custom scripts and settings, I don't want to wipe and upgrade this cluster yet, could this existing instance be used alongside (but separate from) the search head cluster?

How do I sum values over time and show it as a graph that I can predict from?

September 22, 2017, 6:38 am
$
0
0
How do I sum values over time and show it as a graph that I can predict from? This is something that I’ve tried to achieve on my own but with limited success. It seems that it should be straightforward too. I have this type of data going back five years, e.g. 52 months, that I’ve concatenated into one file. TimeStamp Type Size 4/1/2013:12:01:03 ORD 5 4/1/2013:12:04:11 INV 8 4/1/2013:12:05:21 ORD 5 4/1/2013:12:05:33 INV 34 4/1/2013:12:06:30 ORD 20 4/1/2013:12:06:54 INV 13 4/1/2013:12:07:00 ORD 7 4/1/2013:12:34:44 INV 1 4/1/2013:12:39:32 ORD 1 4/1/2013:12:44:28 ORD 5 4/1/2013:12:49:22 INV 4 4/1/2013:12:50:32 ORD 6 4/1/2013:12:55:30 INV 9 4/1/2013:12:59:29 ORD 12...etc I want to produce a timechart for the sum of the ‘Size’ for each ‘Type’ over the amount of time I have data for. We only need it by month so I edit the ‘TimeStamp’, in advance, to be ‘M/1/201Y::12:00:00’. I’d then like to use this histogram to ‘predict’ the next few months. If someone can provide the ‘code’ for doing just one ‘Type’, I’d be most grateful. I have almost 20 ‘Types’. I can manage the predicting part.
Search

Permission about Addon

September 22, 2017, 6:57 am
$
0
0
Our customer installed our Addon using an admin account. Now the admin wants to give a power user permission to modify/use this addon. How can this be done please? The admin already granted Read/Write permission of this Addon to everyone. But still for a power user, this Addon is not shown in the available Trigger Actions selections of an Alert. Everything works fine with the admin account. But customer wants to use the power user account to control it. Thanks!

Regex for values between comma's

September 22, 2017, 6:58 am
$
0
0
Hi, I need a Regex to use within the search query to pick up individual values separated by comma's within a set of speech marks. The number of values varies, but is started and broken by those speech marks. For example within the _raw I have; db_values="value1, value2, value3, value4" I tried the following but not sure how I separate out value 1 and value 2 etc into separate entities; rex field=db_value"(?P\w+\_\w+)\-" Thanks.

Parse JSON nested inside a Windows Event

September 22, 2017, 7:49 am
$
0
0
Hello, I am looking for a way to parse the JSON data that exists in the "Message" body of a set of Windows Events. Ideally I would like it such that my team only has to put in search terms for the sourcetype and the fields will be extracted and formatted appropriately. However, I would settle for simply creating a bunch of saved searches\reports and instructing my team to use those. Here is an example record: 09/19/2017 11:42:20 AM LogName=PowerShell-Endpoint-IMS-APISession SourceName=PowerShell-Endpoint-IMS-APISession-Source EventCode=1000 EventType=4 Type=Information ComputerName=SOME_MACHINE.some.domain.tld TaskCategory=None OpCode=Info RecordNumber=2275 Keywords=Classic Message={ "Message": "User, jdoe, is already Lync-enabled.", "CorrelationId": "38d97480-08a0-4e81-971c-8ab3f68747bc", "SessionInfo": { "SessionConfigurationName": "IMS-APISession", "SessionConnectionString": "http://some_machine:5985/wsman?PSVersion=5.1.14393.1715", "RunspaceID": "044d7c40-1de2-4c20-ad74-3745c3d99ac3", "ProcessID": 2412, "ClientIP": "169.68.128.128", "SessionUser": "DOMAIN\\sessionuser", "RunAsUser": "DOMAIN\\runasuser" }, "CmdInvocationInfo": { "InvocationName": "Enable-CCILyncUser", "BoundParameters": { "Username": "jdoe" }, "UnboundArguments": [ ], "ScriptLineNumber": 0, "OffsetInLine": 0, "HistoryId": 5, "ScriptName": "", "Line": "", "PositionMessage": "", "PSScriptRoot": "", "PSCommandPath": null, "PipelineLength": 2, "PipelinePosition": 1, "ExpectingInput": false, "CommandOrigin": 0, "DisplayScriptPosition": null }, "LogInvocationInfo": { "InvocationName": "Add-EndpointLogEntry", "ScriptLineNumber": 294, "OffsetInLine": 25, "HistoryId": 5, "ScriptName": "C:\\some_path\\Functions\\Lync.ps1", "Line": " Add-EndpointLogEntry -WriteDebug -Message \"User, $Username, is already Lync-enabled.\"\r\n", "PositionMessage": "At C:\\some_path\\Functions\\Lync.ps1:294 char:25\r\n+ ... Add-EndpointLogEntry -WriteDebug -Message \"User, $Usernam ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", "PSScriptRoot": "C:\\some_path\\Functions", "PSCommandPath": "C:\\some_path\\Functions\\Lync.ps1", "PipelineLength": 1, "PipelinePosition": 1, "ExpectingInput": false, "CommandOrigin": 1, "DisplayScriptPosition": null } } As you can see this is a standard windows event but the Message body is all JSON. Automatic Field Discovery is capable of pulling out many of these fields automatically but the values for the fields typically include the quotes and commas that are a part of the JSON syntax (i.e. ClientIP = **"169.68.128.128",**). I am able to successfully create search time field extractions using regex but as I understand it the only way you can see those is if you are using Smart/Verbose mode which will in turn cause automatic field discovery to occur which means I will get duplicate values, one formatted correctly and one incorrectly. If I use the same ClientIP field name, those two values both show up under ClientIP which is just as confusing as using a different name for the field as I will then have a incorrectly formatted ClientIP and a correctly formatted ClientIPAddress. So as I see it I need to figure out how to do one of two things. Either I need to find a way to do search time field extractions while preventing automatic field discovery displaying the fields I have custom extractions for or I need to find a way to get automatic field discovery to properly parse the nested JSON. (Or just figure out how to manipulate the data in a search and save the searches, again though that is not ideal.) I would also be interested in a solution that involves index time field extractions but that of course is only recommended as a last resort due to the performance impact. That said, I don't know that this system would generate enough logs for that performance impact to be noticeable in any way. Please note that I do not have Splunk admin access, but I do have admin access to the machine the forwarder is on and can modify the .conf files if needed. Also, I'm a bit of a noob to Splunk. All I've really done is take Power Users course and have been given access to Splunk accordingly. So apologies if I am missing something basic here. Thanks for you time,

I was not able to get the index or sourcetype in the search. In the logs its throwing Not writing this event because it is already indexed

September 22, 2017, 7:52 am
$
0
0
I have configured the bamboo addon and In the logs its connecting to the bamboo server via http connection and generating the api url. But at the end Its throwing "Not writing this event because it is already indexed". Also i was not able to get the index or sourcetype in the search. I am just doing a POC, Both splunk enterprise and bamboo are installed in my local system.

Could I install Telegram Alert Action on an 6.5.1 environment?

September 22, 2017, 7:55 am
$
0
0
Hi folks, We've Splunk Enterprise 6.5.1, running in a cluster of three SH and three IN. Could we install Telegram Alert Action on this environment? Regards Pedro
Viewing all 47296 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>