Lamaxu Source Types
The following source type need to be added to your SPLUNK props.conf file in order to correctly recognise the timestamp fields in the log file. Alternatively you could manually create the source types using the red highlight values as a guide to defining the timestamps.
| Info |
|---|
| NOTE: You'll need to adjust the TimeZone TZ value to reflect your region in the props.conf file. Valid values can be found here, https://en.wikipedia.org/wiki/List_of_tz_database_time_zones |
{SPLUNK_HOME}/etc/apps/search/local/inputs.conf
...
[monitor:///app/lamaxu/logs/statsData.log]
disabled = false
sourcetype = qmResetQStats_json
...
[qmResetQStats_json]
INDEXED_EXTRACTIONS = json
KV_MODE = none
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = createDate
TIME_FORMAT = %d/%m/%Y %OI:%M:%S %p
TZ = Australia/Sydney
category = Structured
description = Queuemetrix ResetQStats, JavaScript Object Notation format. For more information, visit http://json.org/
disabled = false
pulldown_type = true
| Include Page |
|---|
| Lamaxu Source Types |
|---|
| Lamaxu Source Types |
|---|
|
Log File Data Formats
| Include Page |
|---|
| Logging Data Processor | Logging Data ProcessorLOG Files |
|---|
| LOG Files |
|---|
|
Using SPLUNK
Once you have added the Lamaxu logs data to SPLUNK the MQ metrics can be queried using SPLUNK search syntax.