Search Results

Search found 38 results on 2 pages for 'splunk'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/2 | 1 2  | Next Page >

  • Running a reverse proxy in front of Splunk 4.x

    - by sgerrand
    So, I have previously installed Splunk 3.x behind a reverse proxy and downloaded the latest version (4.0.6 at time of typing) expecting it to be as easy to use as before. Sadly this was not the case. There appears to be some elements which are not being translated correctly through the reverse proxy, causing Splunk to fail. I have used the following configuration in Apache2 to no avail: ServerName monitoringbox.com DocumentRoot /path/to/nowhere ProxyRequests off ProxyPass /splunk http://127.0.0.1:8000/splunk ProxyPassReverse /splunk http://127.0.0.1:8000/splunk Order allow,deny Allow from all Has anyone else had more luck than me in setting up Splunk 4.x behind a reverse proxy?

    Read the article

  • Splunk is fantastically expensive: What are the alternatives?

    - by samsmith
    This has been discussed, but it has been several months, so it may be time to revisit it: Earlier discussion RE Splunk alternatives For the record, Splunk rocks. But the pricing is simply beyond what we can consider (When I spoke with Splunk today, the cost for a system to index 5gb/day of data is over $30,000.) That is more than we spend on SQL Server (by a large multiple), more than we spend on a rack of servers (by a multiple), etc. etc. The splunk sales team is correct (that for $30K we get more value and functionality than if we spend the same building our own system), but it doesn't matter. The splunk cost is simply too high (by a multiple). Soooooo, we are looking around! Is anyone out there building a splunk like system? Our basic need: Able to listen for syslog messages on multiple udp ports Able to index the incoming data in an async way Some kind of search engine Some kind of UI An API to the search engine (to embed in our console) We currently need to index 3-5gb/day, but need to be able to scale to 10gb/day or more. We do not need a lot of history (30 days is fine). We use Windows 2008 and 2003 servers. Thanks for your thoughts!

    Read the article

  • Thoughts on Free Splunk

    - by dan_vitch
    I am considering implementing Splunk at my company but am leery about the financial investment. I noticed there is a free version of Splunk that seem to be good enough. Can anyone tell me if you are using the free version at your company? Do you find the free version to be adequate, or just a springboard for the eventual purchase?

    Read the article

  • Alternatives to Splunk?

    - by MichaelGG
    I'm pretty impressed with Splunk, especially version 4. Pretty graphs, alerting (Enterprise only), and fast, accurate, searching. It's a great product. However, the cost just way too high to consider for full production use for our company. All we really need is to be able to index different logs in a central place, and have reasonable searching on that. Having alerts based on a saved search is also really nice. We don't really go beyond that. In fact, our biggest usage has been in deploying new applications. Everything gets logged via log4net to either the Event log on Windows or a text file on Linux. Splunk makes it pretty easy to quickly search across those to make sure all the parts of the app are working ok -- that's saved us tons of time versus hunting down individual logging sources. What alternatives exist in this market? I have a sinking feeling Splunk's pricing is so high because they have the best product by far, and they know it. We want the server to run on Windows. I'd be open to a split model, using one product for general logs (collect via syslog/Snare), and a dedicated product for our custom apps (like Log4Net Dashboard). Would using a simple syslog server such as Kiwi, sent to SQL Server (perhaps with fulltext enabled) work? I'd hope the cost should be well under 5 figures, USD. (And yes, I know, we're cheap. We're a startup with little money, and BizSpark takes care of all our MS licensing.) Edit: I should add, we have about 10 physical servers, 20 VMs, and a couple firewalls and switches. 90% is Windows.

    Read the article

  • Setting up Splunk/IronPort WSA

    - by Ciddan
    Hello everyone! I recently stumbled across Splunk 4 (by way of an advert on this very site...) and found that it had an "App" that's designed to work with Cisco IronPort WebSecurity and E-Mail Appliances! That's really awesome, because good IronPort reporting is something our IT-dept. is looking for. Anyways - I'm totally lost on how to configure this thing. I've googled like a mad-man to find a guide or such like - but I haven't found anything. Has anyone here set up IP / Splunk? Any tips/pointers? Regards, Mikael Selander

    Read the article

  • Setting up Splunk/IronPort WSA

    - by Ciddan
    I recently stumbled across Splunk 4 (by way of an advert on this very site...) and found that it had an "App" that's designed to work with Cisco IronPort WebSecurity and E-Mail Appliances! That's really awesome, because good IronPort reporting is something our IT-dept. is looking for. Anyways - I'm totally lost on how to configure this thing. I've googled like a mad-man to find a guide or such like - but I haven't found anything. Has anyone here set up IP / Splunk? Any tips/pointers?

    Read the article

  • How do I show a log analysis in Splunk?

    - by Vinod K
    I have made my ubuntu server a centralized log server...I have splunk installed in the /opt directory of the ubuntu server. I have one of the another machines sending logs to this ubuntu server..In the splunk interface i have added in the network ports as UDP port 514...and also have added in the "file and directory" /var/log. The client has also been configured properly...How do I show analysis of the logs??

    Read the article

  • Splunk is fantastically expensive: What are the alternatives? [closed]

    - by samsmith
    Possible Duplicate: Alternatives to Splunk? This has been discussed, but it has been several months, so it may be time to revisit it: Earlier discussion RE Splunk alternatives For the record, Splunk rocks. But the pricing is simply beyond what we can consider (When I spoke with Splunk today, the cost for a system to index 5gb/day of data is over $30,000.) That is more than we spend on SQL Server (by a large multiple), more than we spend on a rack of servers (by a multiple), etc. etc. The splunk sales team is correct (that for $30K we get more value and functionality than if we spend the same building our own system), but it doesn't matter. The splunk cost is simply too high (by a multiple). Soooooo, we are looking around! Is anyone out there building a splunk like system? Our basic need: Able to listen for syslog messages on multiple udp ports Able to index the incoming data in an async way Some kind of search engine Some kind of UI An API to the search engine (to embed in our console) We currently need to index 3-5gb/day, but need to be able to scale to 10gb/day or more. We do not need a lot of history (30 days is fine). We use Windows 2008 and 2003 servers. Thanks for your thoughts! UPDATE: We spent two weeks researching commercial and open source options. Our conclusion: Write our own (we are a software company... we know how to write things). We built a great system built on mongodb and .NET that gives us the functions we needed from MongoDB in about one engineering week. We have now completed our implementation. We use two Mongodb servers (master and slave), and are able to log and index any amount of log data (5gb/day, 15gb/day, etc), limited only by disk space. OBSERVATIONS: This space needs a solid solution that is $1000-3000 flat rate. The licensing models used by the commercial firms are based on a "milk the data center ops guys" models. That is their right (of course!), but it leaves a HUGE space open for someone to come in underneath them. My guess is that in another year or two there will be a good open source solution that will be really usable. Thank you all for your input (even if it was self promotion).

    Read the article

  • Splunk configuration

    - by user1696748
    is there a proper procedure to have real-time data in my application? Or I can add in any way so long as I added correctly? Firstly I created my application, then add new index. Next, I added the data scripts then added those logs that I want Splunk to monitor. Currently I cannot have real-time data. Perhaps due to my scripted inputs. Current situation is that Splunk did run my .bat in bin folder(logs were updated). However, my chart always shows "waiting for data" ...

    Read the article

  • Is anybody using Splunk in a large-scale production environment?

    - by Nano Taboada
    I've been watching the videos at splunk.com and really it's hard to believe that one can get all those features for free, there's still that "where's the catch?" in the back of my head. So it'd be great if anybody that is actually using it Splunk on production would like to share their experiences, perhaps highlighting its benefits over, say, Nagios? Thanks much in advance.

    Read the article

  • Nagios vs Splunk

    - by dan_vitch
    I am looking to implement log tracking at my current company. After some research it seems Nagios and Splunk are the two best options. I was wondering if there is a consensus with which is better. I understand that Splunk can be quite pricey if the non-free version is used. That being said I can imagine the answer to my question will be "If you have the money use Splunk, if not use Nagios"

    Read the article

  • SYSLOG-NG - Having trouble with a destination

    - by Samuurai
    Hi, I'm trying to set up a seperate log file for all windows messages. I've set up a match for MSWinEventLog, but it's completely ignoring my configuration Here's my config, which is straight after the src object filter f_windows { match("MSWinEventLog"); }; destination winFIFO { file("/var/log/splunk/syslog-ng/winFIFO"); }; log { source(src); filter(f_windows); destination(winFIFO); flags(final); }; It all ends up in this one instead: filter f_messages { not facility(news, mail) and not filter(f_iptables); }; destination messages { file("/var/log/messages"); }; log { source(src); filter(f_messages); destination(messages); }; Can anyone see what i'm doing wrong?

    Read the article

  • thought on real time web analytics

    - by Linus
    we have a few web servers and am planning to create a dashboard to show the real time stats ip address,geo-location and other custom data based on database lookups. Splunk sort of fits perfectly but wondering if there are any open source alternative . i have looked at logstash and graylog2, but to my knowledge they are more of a log analysis tools. Piwik is sort of interesting except that i cannot put any javascript on the webpages. All i have access to is apache web log. Any recommendations please..

    Read the article

  • Tool for parsing smtp logs that finds bounces

    - by Željko Filipin
    Our web application sends e-mails. We have lots of users, and we get lots of bounces. For example, user changes company and his company e-mail is no longer valid. To find bounces, I parse smtp log file with log parser. Some bounces are great, like 550+#[email protected]. There is [email protected] in bounce. But some do not have e-mail in error message, like 550+No+such+recipient. I have created simple ruby script that parses logs (uses log parser) to find which mail caused something like 550+No+such+recipient. I am just surprised that I could not find a tool that does it. I have found tools like zabbix and splunk for log analysis, but they look like overkill for such simple task. Anybody knows a tool that would parse smtp logs, find bounces and e-mails that cause them? Edit: smtp server is microsoft smtp server.

    Read the article

  • Delay init from starting a service for a period of time?

    - by Matthew
    I am trying to get a rudimentary NFS server up and running. Right now the server is configured as an NFS server due to a workaround for a vendor issue not supporting direct attached clustered storage, which we are trying to get them to resolve. The vendor software is Splunk. The splunk feature we are using requires files be located on shared storage (which for us is /mnt/nfs until they support a real clustered filesystem). Currently the server has a GFS2 filesystem mounted at bootup (it is the only server with the filesystem actively mounted so there should be no problems with locking). We went with GFS2 so switching over to a clustered filesystem is easy should the vendor begin supporting it. NFS is configured to mount that filesystem at /mnt/nfs, which the splunk installation than sees. Splunk is configured to find it's configuration files in /mnt/nfs. However, I am running into a problem where the splunk daemon starts before nfs is finished loading, and because it sees nothing at /mnt/nfs it starts creating files there, and then when the files disappear (nfs finishes mounting the share), splunk craps out. Splunk is set to run at runlevel 3, S90. NFS is set at runlevels 2-5, S60. Is there any way to delay the startup of the splunk process further?

    Read the article

  • Puppet exported resource naming

    - by Tim Brigham
    I am working on setting up a collection of Splunk nodes to be deployed by Puppet. One of the steps in this process is importing the trusts to allow these nodes to automatically find each other. I've looked over several options and it appears that exported resources are the only ready way to go for this to work. The files I need to create are under /opt/splunk/etc/auth/distServerKeys//trusted.pem. The source for each of these files should be /opt/splunk/etc/auth/distServerKeys/trusted.pem, one per node. What syntax do I need to make this work? The samples I've looked at all appear to have the same source and destination file name.

    Read the article

  • Log Aggregation solutions

    - by pdaddy
    Hello, We are currently evaluating log aggregation solutions at my company. I understand that Splunk is one of the best solutions, but what are some of the "negatives" with using Splunk? Is there anything else out there that maybe does a better job of log aggregation?

    Read the article

  • Data from 6 ArrayLists into a single JTable - Java Swing

    - by Splunk
    I have created a JTable which is populated by various arraylists which get their data from a text list using a "~" to split. The issue I am having is that the table is displaying all data from the list on a single row. For example: Column1 Column2 Column2 Column2 Column3 Column4 1,2,3,4,5 1,2,3,4,5 1,2,3,4,5 1,2,3,4,5 1,2,3,4,5 1,2,3,4,5 When I want it to display Column1 Column2 Column2 Column2 Column3 Column4 1 1 1 1 1 1 2 2 2 2 2 2 3 3 3 3 3 3 You get the idea. From previous advice, I think the issue may be looping, but I am not sure. Any advice would be great. The code is below: private void table(){ String[] colName = { "Course", "Examiner", "Moderator", "Semester Available ", "Associated Programs", "Associated Majors"}; DefaultTableModel model = new DefaultTableModel(colName,0); for(Object item : courseList){ Object[] row = new Object[6]; // String[] row = new String[6]; row[0] = fileManage.getCourseList(); row[1] = fileManage.getNameList(); row[2] = fileManage.getModeratorList(); row[3] = fileManage.getSemesterList(); row[4] = fileManage.getProgramList(); row[5] = fileManage.getMajorList(); model.addRow(row); textArea = new JTable(model); } This is the class that has the arraylists: import java.io.File; import java.io.FileNotFoundException; import java.util.ArrayList; import java.util.Collections; import java.util.HashSet; import java.util.Scanner; public class FileIOManagement { private ArrayList<String> nameList = new ArrayList<String>(); private ArrayList<String> courseList = new ArrayList<String>(); private ArrayList<String> semesterList = new ArrayList<String>(); private ArrayList<String> moderatorList = new ArrayList<String>(); private ArrayList<String> programList = new ArrayList<String>(); private ArrayList<String> majorList = new ArrayList<String>(); public ArrayList<String> getNameList(){ return this.nameList; } public ArrayList<String> getCourseList(){ return this.courseList; } public ArrayList<String> getSemesterList(){ return this.semesterList; } public ArrayList<String> getModeratorList(){ return this.moderatorList; } public ArrayList<String> getProgramList(){ return this.programList; } public ArrayList<String> getMajorList(){ return this.majorList; } public void setNameList(ArrayList<String> nameList){ this.nameList = nameList; } public void setCourseList(ArrayList<String> courseList){ this.courseList = courseList; } public void setSemesterList(ArrayList<String> semesterList){ this.semesterList = semesterList; } public void setModeratorList(ArrayList<String> moderatorList){ this.moderatorList = moderatorList; } public void setProgramList(ArrayList<String> programList){ this.programList = programList; } public void setMajorList(ArrayList<String> majorList){ this.majorList = majorList; } public FileIOManagement(){ setNameList(new ArrayList<String>()); setCourseList(new ArrayList<String>()); setSemesterList(new ArrayList<String>()); setModeratorList(new ArrayList<String>()); setProgramList(new ArrayList<String>()); setMajorList(new ArrayList<String>()); readTextFile(); getNameList(); getCourseList(); } private void readTextFile(){ try{ Scanner scan = new Scanner(new File("Course.txt")); while(scan.hasNextLine()){ String line = scan.nextLine(); String[] tokens = line.split("~"); String course = tokens[0].trim(); String examiner = tokens[1].trim(); String moderator = tokens[2].trim(); String semester = tokens[3].trim(); String program = tokens[4].trim(); String major = tokens[5].trim(); courseList.add(course); semesterList.add(semester); nameList.add(examiner); moderatorList.add(moderator); programList.add(program); majorList.add(major); HashSet hs = new HashSet(); hs.addAll(nameList); nameList.clear(); nameList.addAll(hs); Collections.sort(nameList); } scan.close(); } catch (FileNotFoundException e){ e.printStackTrace(); } } } This is the class where I need to have the JTable: import java.awt.*; import javax.swing.*; import java.io.*; import javax.swing.border.EmptyBorder; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; import java.util.ArrayList; import javax.swing.table.DefaultTableModel; public class AllDataGUI extends JFrame{ private JButton saveCloseBtn = new JButton("Save Changes and Close"); private JButton closeButton = new JButton("Exit Without Saving"); private JFrame frame=new JFrame("Viewing All Program Details"); private final FileIOManagement fileManage = new FileIOManagement(); private ArrayList<String> nameList = new ArrayList(); private ArrayList<String> courseList = new ArrayList(); private ArrayList<String> semesterList = new ArrayList(); private ArrayList<String> moderatorList = new ArrayList(); private ArrayList<String> majorList = new ArrayList(); private ArrayList<String> programList = new ArrayList(); private JTable textArea; public ArrayList<String> getNameList(){ return this.nameList; } public ArrayList<String> getCourseList(){ return this.courseList; } public ArrayList<String> getSemesterList(){ return this.semesterList; } public ArrayList<String> getModeratorList(){ return this.moderatorList; } public ArrayList<String> getProgramList(){ return this.programList; } public ArrayList<String> getMajorList(){ return this.majorList; } public void setNameList(ArrayList<String> nameList){ this.nameList = nameList; } public void setCourseList(ArrayList<String> courseList){ this.courseList = courseList; } public void setSemesterList(ArrayList<String> semesterList){ this.semesterList = semesterList; } public void setModeratorList(ArrayList<String> moderatorList){ this.moderatorList = moderatorList; } public void setProgramList(ArrayList<String> programList){ this.programList = programList; } public void setMajorList(ArrayList<String> majorList){ this.majorList = majorList; } public AllDataGUI(){ getData(); table(); panels(); } public Object getValueAt(int rowIndex, int columnIndex) { String[] token = nameList.get(rowIndex).split(","); return token[columnIndex]; } private void table(){ String[] colName = { "Course", "Examiner", "Moderator", "Semester Available ", "Associated Programs", "Associated Majors"}; DefaultTableModel model = new DefaultTableModel(colName,0); for(Object item : courseList){ Object[] row = new Object[6]; // String[] row = new String[6]; row[0] = fileManage.getCourseList(); row[1] = fileManage.getNameList(); row[2] = fileManage.getModeratorList(); row[3] = fileManage.getSemesterList(); row[4] = fileManage.getProgramList(); row[5] = fileManage.getMajorList(); model.addRow(row); textArea = new JTable(model); // String END_OF_LINE = ","; // // String[] colName = { "Course", "Examiner", "Moderator", "Semester Available ", "Associated Programs", "Associated Majors"}; //// textArea.getTableHeader().setBackground(Color.WHITE); //// textArea.getTableHeader().setForeground(Color.BLUE); // // Font Tablefont = new Font("Details", Font.BOLD, 12); // // textArea.getTableHeader().setFont(Tablefont); // Object[][] object = new Object[100][100]; // int i = 0; // if (fileManage.size() != 0) { // for (fileManage book : fileManage) { // object[i][0] = fileManage.getCourseList(); // object[i][1] = fileManage.getNameList(); // object[i][2] = fileManage.getModeratorList(); // object[i][3] = fileManage.getSemesterList(); // object[i][4] = fileManage.getProgramList(); // object[i][5] = fileManage.getMajorList(); // // textArea = new JTable(object, colName); // } // } } } public void getData(){ nameList = fileManage.getNameList(); courseList = fileManage.getCourseList(); semesterList = fileManage.getSemesterList(); moderatorList = fileManage.getModeratorList(); majorList = fileManage.getMajorList(); programList = fileManage.getProgramList(); // textArea.(write()); } private JButton getCloseButton(){ return closeButton; } private void panels(){ JPanel panel = new JPanel(new GridLayout(1,1)); panel.setBorder(new EmptyBorder(5, 5, 5, 5)); JPanel rightPanel = new JPanel(new GridLayout(15,0,10,10)); rightPanel.setBorder(new EmptyBorder(15, 5, 5, 10)); JScrollPane scrollBarForTextArea=new JScrollPane(textArea,JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED,JScrollPane.HORIZONTAL_SCROLLBAR_AS_NEEDED); panel.add(scrollBarForTextArea); frame.add(panel); frame.getContentPane().add(rightPanel,BorderLayout.EAST); rightPanel.add(saveCloseBtn); rightPanel.add(closeButton); closeButton.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { frame.dispose(); } }); saveCloseBtn.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { //saveBtn(); frame.dispose(); } }); frame.setSize(1000, 700); frame.setVisible(true); frame.setLocationRelativeTo(null); } // private void saveBtn(){ // File file = null; // FileWriter out=null; // try { // file = new File("Course.txt"); // out = new FileWriter(file); // out.write(textArea.getText()); // out.close(); // } catch (FileNotFoundException e) { // e.printStackTrace(); // } catch (IOException e) { // e.printStackTrace(); // } // JOptionPane.showMessageDialog(this, "File Successfully Updated"); // // } }

    Read the article

  • Slower/cached Linux file system required

    - by Chopper3
    I know it sounds odd but I need a slower or cached filesystem. I have a lot of firewalls that are syslog'ing their data to a pair of Linux VMs which write these files to their 'local' (actually FC SAN attached) ext3-formatted disks and also forward the messages to our Splunk servers. The problem is that the syslog server is writing these syslog messages as hundreds, sometimes thousands, of tiny ~4k writes per second back to our FC SAN - which can handle this workload right now but our FW traffic's going to be growing by at least a factor of 5000% (really) in coming months and that'll be a pain for the SAN, I want to fix the root cause before it's a problem. So I need some help figuring out a way of getting these writes cached or held-off in some way from the 'physical' disks so that the VMs fire off larger, but less frequent, writes - there's no way of avoiding these writes but there's no need for it to do so many tiny ones. I've looked at the various ext3 options, setting noatime and nodiratime but that's not made much of a dent in the problem. Obviously I'm investigating other file systems but thought I'd throw this out in case others have the same problem in the future. Oh and I can't just forward these messages to Splunk, our firewall team insist they're in their original format for diag purposes.

    Read the article

  • WatchGuard 'Internal Policy' intermittently blocking outbound web traffic

    - by vfilby
    I have a lot of legitimate outbound traffic intermittently being denied by WatchGuard's "Internal Policy." Today I tried to go to Splunk's homepage and my traffic was denied by my watchguard XTM 22 with Pro upgrade. What is the "Internal Policy" and what can I do to control it? Example of Traffic being blocked Type Date Action Source IP Port Interface Destination IP Port Policy Traffic 2011-09-21T18:24:43 Deny 10.0.0.90 49627 3-Primary LAN 64.127.105.40 80 Firebox Internal Policy http/tcp Top three firewall policies:

    Read the article

  • Real-time log parsing and reporting

    - by Alienfluid
    We have a small project we are working on part-time that runs on Nginx/MongoDB on Ubuntu 10.04 LTS Server. We'd like to be able to see reports on things like server load, requests/sec, response time, DB load, DB response time, etc. Is there an open source or free (as in beer) tool that can parse such logs and provide a real-time report? I looked into Splunk briefly, but I wanted to see if there are any others that are highly recommended.

    Read the article

  • Best tools for "ssh tail -f" style log file monitoring and analysis

    - by dougnukem
    I'm looking for a tool to monitor custom PHP Error logs/Apache and possibly Java logs on remote development servers. I'm not looking for a full production log system like Splunk, but something that's a little more flexible than an ssh terminal doing a "tail -f". Perhaps something that will: * Monitor multiple log files to my local machine for searching/analysis later * Allow "alerts" when certain strings appear in the log * Provide some kind of tabbed/dashboard view of the multiple logs being monitored (in total less than 10 logs).

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2  | Next Page >