You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Current »

Lamaxu Source Types

The following source type need to be added to your SPLUNK props.conf file in order to correctly recognise the timestamp fields in the log file. Alternatively you could manually create the source types using the red highlight values as a guide to defining the timestamps.
NOTE: You'll need to adjust the TimeZone TZ value to reflect your region in the props.conf file. Valid values can be found here, https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

{SPLUNK_HOME}/etc/apps/search/local/inputs.conf

inputs.conf

[monitor:///opt/queuemetrix/lamaxu-x.x.x.x/logs/statusData.log]
disabled = false
sourcetype = qmStatus_json

[monitor:///opt/queuemetrix/lamaxu-x.x.x.x/logs/statsData.log]
disabled = false
sourcetype = qmStats_json

[monitor:///opt/queuemetrix/lamaxu-x.x.x.x/logs/eventData.log]
disabled = false
sourcetype = qmEvents_json

[monitor:///opt/queuemetrix/lamaxu-x.x.x.x/logs/traceData.log]
disabled = false
sourcetype = qmTrace_json

[monitor:///opt/queuemetrix/lamaxu-x.x.x.x/logs/resetQstats.log]
disabled = false
sourcetype = qmResetQStats_json

{SPLUNK_HOME}/etc/system/local/props.conf

props.conf

[qmStats_json]
DATETIME_CONFIG = 
INDEXED_EXTRACTIONS = json
KV_MODE = none
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = attributes.endDate,attributes.endTime
TIME_FORMAT = %Y-%m-%d %H.%M.%S
TZ = Australia/ACT
category = Structured
description = Queuemetrix Stats, JSON
disabled = false
pulldown_type = true

[qmTrace_json]
DATETIME_CONFIG = 
INDEXED_EXTRACTIONS = json
KV_MODE = none
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = attributes.endDate,attributes.endTime
TIME_FORMAT = %Y-%m-%d %H:%M:%S
TZ = Australia/ACT
category = Structured
description = Queuemetrix Activity Trace,JSON
disabled = false
pulldown_type = true

[qmStatus_json]
DATETIME_CONFIG = 
INDEXED_EXTRACTIONS = json
KV_MODE = none
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = createDate
TIME_FORMAT = %d/%m/%Y %OI:%M:%S %p
TZ = Australia/Sydney
category = Structured
description = Queuemetrix Status, JSON
disabled = false
pulldown_type = true

[qmEvents_json]
DATETIME_CONFIG = 
INDEXED_EXTRACTIONS = json
KV_MODE = none
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = createDate
TIME_FORMAT = %b %d, %Y %OI:%M:%S %p
category = Structured
description = Queuemetrix Events, JSON
disabled = false
pulldown_type = true

[qmResetQStats_json]
INDEXED_EXTRACTIONS = json
KV_MODE = none
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = createDate
TIME_FORMAT = %d/%m/%Y %OI:%M:%S %p
TZ = Australia/Sydney
category = Structured
description = Queuemetrix ResetQStats, JSON
disabled = false
pulldown_type = true

Log File Data Formats

Unable to render {include} The included page could not be found.

Using SPLUNK

Once you have added the Lamaxu logs data to SPLUNK the MQ metrics can be queried using SPLUNK search syntax.

Unable to render {include} The included page could not be found.

  • No labels