You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Lamaxu Source Types

The following source type need to be added to your SPLUNK props.conf file in order to correctly recognise the timestamp fields in the log file. Alternatively you could manually create the source types using the red highlight values as a guide to defining the timestamps.

NOTE: You'll need to adjust the TimeZone TZ value to reflect your region in the props.conf file. Valid values can be found here, https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

{SPLUNK_HOME}/etc/apps/search/local/inputs.conf

[monitor:///app/lamaxu/logs/statusData.log]
disabled = false
sourcetype = qmStatus_json

[monitor:///app/lamaxu/logs/statsData.log]
disabled = false
sourcetype = qmStats_json

[monitor:///app/lamaxu/logs/eventData.log]
disabled = false
sourcetype = qmEvents_json

[monitor:///app/lamaxu/logs/traceData.log]
disabled = false
sourcetype = qmTrace_json

[monitor:///app/lamaxu/logs/statsData.log]
disabled = false
sourcetype = qmResetQStats_json


{SPLUNK_HOME}/etc/system/local/props.conf

[qmStats_json]
DATETIME_CONFIG =
INDEXED_EXTRACTIONS = json
KV_MODE = none
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = attributes.endDate,attributes.endTime
TIME_FORMAT = %Y-%m-%d %H.%M.%S
TZ = Australia/ACT
category = Structured
description = Queuemetrix Stats, JavaScript Object Notation format. For more information, visit http://json.org/
disabled = false
pulldown_type = true

[qmTrace_json]
DATETIME_CONFIG =
INDEXED_EXTRACTIONS = json
KV_MODE = none
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = attributes.endDate,attributes.endTime
TIME_FORMAT = %Y-%m-%d %H:%M:%S
TZ = Australia/ACT
category = Structured
description = Queuemetrix Activity Trace, JavaScript Object Notation format. For more information, visit http://json.org/
disabled = false
pulldown_type = true

[qmStatus_json]
DATETIME_CONFIG =
INDEXED_EXTRACTIONS = json
KV_MODE = none
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = createDate
TIME_FORMAT = %d/%m/%Y %OI:%M:%S %p
TZ = Australia/Sydney
category = Structured
description = Queuemetrix Status, JavaScript Object Notation format. For more information, visit http://json.org/
disabled = false
pulldown_type = true

[qmEvents_json]
DATETIME_CONFIG =
INDEXED_EXTRACTIONS = json
KV_MODE = none
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = createDate
TIME_FORMAT = %b %d, %Y %OI:%M:%S %p
category = Structured
description = Queuemetrix Events, JavaScript Object Notation format. For more information, visit http://json.org/
disabled = false
pulldown_type = true

[qmResetQStats_json]
INDEXED_EXTRACTIONS = json
KV_MODE = none
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = createDate
TIME_FORMAT = %d/%m/%Y %OI:%M:%S %p
TZ = Australia/Sydney
category = Structured
description = Queuemetrix ResetQStats, JavaScript Object Notation format. For more information, visit http://json.org/
disabled = false
pulldown_type = true

Log File Data Formats

Please refer to APENDIX B – LOGGING DATA PROCESSOR for more information.

Using SPLUNK

Once you have added the Lamaxu logs data to SPLUNK the MQ metrics can be queried using SPLUNK search syntax.

  • No labels