Splunk - GPP Splunk

最新推荐文章于 2020-07-13 22:20:00 发布
最新推荐文章于 2020-07-13 22:20:00 发布
阅读量214 收藏
点赞数 1
原文链接:http://www.cnblogs.com/flysun0311/archive/2012/09/20/2694774.html
版权


============================================================================================================================================================
============================================================================================================================================================

Collection Team Team - Request Batch 1

============================================================================================================================================================
============================================================================================================================================================

Search Name: PF_LodeRunner_SI_GetDownloadedFileCount

ORIGINAL QUERY:

index=applog_pf "Process the element with index" | stats count as DownloadedFileCount | eval Title="ProcessTheElement" | table Title, DownloadedFileCount
| append [ search index=applog_pf "finish extract data" | stats count as DownloadedFileCount | eval Title="FinishExtractData" | table Title, DownloadedFileCount ]
| append [ search index=applog_pf "finish extract master data" | stats count as DownloadedFileCount | eval Title="FinishExtractMasterData" | table Title, DownloadedFileCount ]
| append [ search index=applog_pf "Save file" | stats count as DownloadedFileCount | eval Title="SaveFile" | table Title, DownloadedFileCount ]

UPDATED QUERY:

index=applog_pf "Process the element with index" | stats count as DownloadedFileCount | eval Title="ProcessTheElement"
| append [ search index=applog_pf "finish extract data" | stats count as DownloadedFileCount | eval Title="FinishExtractData" ]
| append [ search index=applog_pf "finish extract master data" | stats count as DownloadedFileCount | eval Title="FinishExtractMasterData" ]
| append [ search index=applog_pf "Save file" | stats count as DownloadedFileCount | eval Title="SaveFile" ]
| table Title, DownloadedFileCount

UPDATED QUERY FOR SUMMARY INDEXING:

index=applog_pf "Process the element with index" | sistats count as DownloadedFileCount | eval Title="ProcessTheElement"
| append [ search index=applog_pf "finish extract data" | sistats count as DownloadedFileCount | eval Title="FinishExtractData" ]
| append [ search index=applog_pf "finish extract master data" | sistats count as DownloadedFileCount | eval Title="FinishExtractMasterData" ]
| append [ search index=applog_pf "Save file" | sistats count as DownloadedFileCount | eval Title="SaveFile" ]

QUERY AGAINST SUMMARY INDEX:

index=applog_gpp_summary search_name=PF_LodeRunner_SI_GetDownloadedFileCount | stats count as DownloadedFileCount by Title

 

Search Name: PF_LodeRunner_SI_GetVisitWebPageCount

ORIGINAL QUERY:

index=applog_pf "click completed!" | stats count as VisitFileCount | eval Title="ClickCompleted" | table Title, VisitFileCount
| append [ search index=applog_pf "Change Combo box completed!" | stats count as VisitFileCount | eval Title="ChangeComboBoxCompleted" | table Title, VisitFileCount ]
| append [ search index=applog_pf "navigate completed!" | stats count as VisitFileCount | eval Title="NavigateCompleted" | table Title, VisitFileCount ]
| append [ search index=applog_pf "Save file" | stats count as VisitFileCount | eval Title="SaveFile" | table Title, VisitFileCount ]
| append [ search index=applog_pf "Process the element with index" | stats count as VisitFileCount | eval Title="ProcessTheElement" | table Title, VisitFileCount ]

UPDATED QUERY:

index=applog_pf "click completed!" | stats count as VisitFileCount | eval Title="ClickCompleted"
| append [ search index=applog_pf "Change Combo box completed!" | stats count as VisitFileCount | eval Title="ChangeComboBoxCompleted" ]
| append [ search index=applog_pf "navigate completed!" | stats count as VisitFileCount | eval Title="NavigateCompleted" ]
| append [ search index=applog_pf "Save file" | stats count as VisitFileCount | eval Title="SaveFile" ]
| append [ search index=applog_pf "Process the element with index" | stats count as VisitFileCount | eval Title="ProcessTheElement" ]
| table Title, VisitFileCount

UPDATED QUERY FOR SUMMARY INDEXING:

index=applog_pf "click completed!" | sistats count as VisitFileCount | eval Title="ClickCompleted"
| append [ search index=applog_pf "Change Combo box completed!" | sistats count as VisitFileCount | eval Title="ChangeComboBoxCompleted" ]
| append [ search index=applog_pf "navigate completed!" | sistats count as VisitFileCount | eval Title="NavigateCompleted" ]
| append [ search index=applog_pf "Save file" | sistats count as VisitFileCount | eval Title="SaveFile" ]
| append [ search index=applog_pf "Process the element with index" | sistats count as VisitFileCount | eval Title="ProcessTheElement" ]

QUERY AGAINST SUMMARY INDEX:

index=applog_gpp_summary search_name=PF_LodeRunner_SI_GetVisitWebPageCount | stats count as VisitFileCount by Title


============================================================================================================================================================
============================================================================================================================================================

Collection Team Team - Request Batch 2

============================================================================================================================================================
============================================================================================================================================================

Search Name: Downloader_SI_GetSuccessfulDownloadedFileCount

ORIGINAL QUERY:

index=gpp "processname=downloader" "File Downloaded Successfully" | stats count(FileId) as FileCountOfSuccessfulDownload by ProcessName | table ProcessName, FileCountOfSuccessfulDownload
| append [ search index=gpp "processname=downloader" "File Downloaded Successfully" | stats count(FileId) as FileCountOfSuccessfulDownload | table ProcessName, FileCountOfSuccessfulDownload ]

UPDATED QUERY:

index=gpp ProcessName=downloader* "File Downloaded Successfully" | stats count(FileId) as FileCountOfSuccessfulDownload by ProcessName | table ProcessName, FileCountOfSuccessfulDownload | addcoltotals labelfield=ProcessName label=ALL

UPDATED QUERY FOR SUMMARY INDEXING:

index=gpp ProcessName=downloader* "File Downloaded Successfully" | sistats count(FileId) as FileCountOfSuccessfulDownload by ProcessName

QUERY AGAINST SUMMARY INDEX:

index=applog_gpp_summary search_name=Downloader_SI_GetSuccessfulDownloadedFileCount | stats count(FileId) as FileCountOfSuccessfulDownload by ProcessName | table ProcessName, FileCountOfSuccessfulDownload | addcoltotals labelfield=ProcessName label=ALL

 

Search Name: GPP_Downloader_SI_GetFailedDownloadedFileCount

ORIGINAL QUERY:

index=gpp "processname=downloader" "Download file unsuccessfully" | stats count as FileCountOfFailedDownload BY ProcessName | table ProcessName, FileCountOfFailedDownload
| append [ search index=gpp "processname=downloader" "Download file unsuccessfully" | stats count as FileCountOfFailedDownload | table ProcessName, FileCountOfFailedDownload ]

UPDATED QUERY:

index=gpp ProcessName=downloader* "Download file unsuccessfully" | stats count as FileCountOfFailedDownload BY ProcessName | table ProcessName, FileCountOfFailedDownload | addcoltotals labelfield=ProcessName label=ALL

UPDATED QUERY FOR SUMMARY INDEXING:

index=gpp ProcessName=downloader* "Download file unsuccessfully" | sistats count as FileCountOfFailedDownload BY ProcessName

QUERY AGAINST SUMMARY INDEX:

index=applog_gpp_summary search_name=GPP_Downloader_SI_GetFailedDownloadedFileCount | stats count as FileCountOfFailedDownload BY ProcessName | table ProcessName, FileCountOfFailedDownload | addcoltotals labelfield=ProcessName label=ALL

 

Search Name: GPP_Downloader_SW_GetFailedFileSourceTrackingCount

ORIGINAL QUERY:

index=gpp "processname=downloader" "Error occurs when AddFileSourceTracking" | stats count(FileId) as ErrorCountOfFailedAddFileSourceTracking by ProcessName | table ProcessName, ErrorCountOfFailedAddFileSourceTracking
| append [ search index=gpp "processname=downloader" "Error occurs when AddFileSourceTracking" | stats count(FileId) as ErrorCountOfFailedAddFileSourceTracking | table ProcessName, ErrorCountOfFailedAddFileSourceTracking ]

UPDATED QUERY:

index=gpp ProcessName=downloader* "Error occurs when AddFileSourceTracking" | stats count(FileId) as ErrorCountOfFailedAddFileSourceTracking by ProcessName | table ProcessName, ErrorCountOfFailedAddFileSourceTracking | addcoltotals labelfield=ProcessName label=ALL

UPDATED QUERY FOR SUMMARY INDEXING:

index=gpp ProcessName=downloader* "Error occurs when AddFileSourceTracking" | sistats count(FileId) as ErrorCountOfFailedAddFileSourceTracking by ProcessName

QUERY AGAINST SUMMARY INDEX:

index=applog_gpp_summary search_name=GPP_Downloader_SW_GetFailedFileSourceTrackingCount | stats count(FileId) as ErrorCountOfFailedAddFileSourceTracking by ProcessName | table ProcessName, ErrorCountOfFailedAddFileSourceTracking | addcoltotals labelfield=ProcessName label=ALL

 


Search Name: GPP_Downloader_SW_GetFailedMatchedFileNameListCount

ORIGINAL QUERY:

index=gpp "processname=downloader" "Error occurs when GetMatchedFileNameList" | stats count as ErrorCountOfGetMatchedFileFailed by ProcessName | table ProcessName, ErrorCountOfGetMatchedFileFailed
| append [ search index=gpp "processname=downloader" "Error occurs when GetMatchedFileNameList" | stats count as ErrorCountOfGetMatchedFileFailed | table ProcessName, ErrorCountOfGetMatchedFileFailed ]

UPDATED QUERY:

index=gpp ProcessName=downloader* "Error occurs when GetMatchedFileNameList" | stats count as ErrorCountOfGetMatchedFileFailed by ProcessName | table ProcessName, ErrorCountOfGetMatchedFileFailed | addcoltotals labelfield=ProcessName label=ALL

UPDATED QUERY FOR SUMMARY INDEXING:

index=gpp ProcessName=downloader* "Error occurs when GetMatchedFileNameList" | sistats count as ErrorCountOfGetMatchedFileFailed by ProcessName

QUERY AGAINST SUMMARY INDEX:

index=applog_gpp_summary search_name=GPP_Downloader_SW_GetFailedMatchedFileNameListCount | stats count as ErrorCountOfGetMatchedFileFailed by ProcessName | table ProcessName, ErrorCountOfGetMatchedFileFailed | addcoltotals labelfield=ProcessName label=ALL

 

转载于:https://www.cnblogs.com/flysun0311/archive/2012/09/20/2694774.html

weixin_34241036
关注
HTB HARD 靶机 Cerberus WriteUp
qq_58869808的博客
03-26 8285
HTB Cerberus hard!!!靶机writeUp
TCP、UDP常用端口(转自wiki)
果子
05-26 1万+
List of TCP and UDP port numbers From Wikipedia, the free encyclopedia     This is a list of Internet socket port numbers used by protocols of the Transport Layer of the Internet Protocol Sui...
splunk搜索手册(中文)
09-01
splunk搜索手册(中文): 该手册介绍 Splunk 搜索以及如何使用 Splunk 搜索处理语言。 如果您之前未使用过 Splunk Enterprise 和搜索,可以从“搜索教程”开始。搜索教程介绍搜索和报表应用,逐步指导您 添加数据、搜索数据、构建简单报表和仪表板。
Splunk 数据库App和Add-on整理总结
ffjl1985的专栏
11-24 3591
Splunk数据库 App和Add-on Oracle Add-on: https://splunkbase.splunk.com/app/1910 Splunk用于Oracle数据库的插件允许Splunk软件管理员从Oracle数据库服务器收集和提取数据。 该附加组件可以通过监视安装了Oracle数据库服务器的操作系统上的标准和精细审计跟踪,跟踪文件,事件,警报,侦听器和其他日志来直接导
#计算机网络#学习笔记-常用端口详解
热门推荐
宅书技
11-04 5万+
服务 端口 协议 注释 FTP 21 tcp 文件传输协议 SSH 22 tcp 安全登录、文件传送(SCP)和端口重定向 Telnet 23 tcp 不安全的文本传送 SMTP 25 tcp 用于发送邮件Simple Mail Transfer Protocol (E-mail) HTTP 80 tcp 超文本传送协议 (WWW) POP3 110 tcp 用...
「脑机接口」技术将在下月重磅更新;3GPP系标准成为唯一被认可的5G标准
京东科技开发者
07-13 362
行 业 要 闻Industry News▲▲▲伊隆·马斯克在社交媒体上宣布将于8 月28 日更新「智能脑机接口设备」Neuralink 的进度,这次更新进度将会有让人震惊的消息...
Metasploit的攻击实例讲解----辅助扫描工具
weixin_30340745的博客
05-19 415
  不多说,直接上干货!   怎么弹出来这个呢,连续按两次tab。 msf > use auxiliary/scanner/ Display all 485 possibilities? (y or n) use auxiliary/scanner/acpp/login use auxilia...
Kali linux 2016.2(Rolling)中的auxiliary模块详解
weixin_33858336的博客
11-15 1507
root@kali:~# msfconsole ______________________________________________________________________________ | ...
TCP和UDP端口号使用
u013273161的博客
03-12 3万+
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers This is an incomplete list of notable ports. See the Service Name and Transport Protocol Port Number Registry of IANA for the complet...
关于metasploit的一些架构目录
悟世之路
10-08 2万+
metasploit的框架目录,位置在 /usr/share/
splunk-8.2.0-Windows&Linux.rar
05-31
这个“splunk-8.2.0-Windows&Linux.rar”压缩包包含了适用于Windows和Linux系统的版本,让用户能够跨平台地利用Splunk的强大功能。 **1. Splunk核心功能** - **数据收集**:Splunk可以从各种来源接收数据,包括...
Splunk-8.0.0-搜索手册中文版.pdf
09-09
Splunk 8.0.0 搜索手册中文版》是针对Splunk Enterprise 8.0.0版本的全面搜索指南,旨在帮助用户理解和掌握Splunk的搜索语法、搜索优化技巧,以及各种高级搜索功能。这份手册包含了丰富的知识点,下面对其进行详细...
splunk最新版windows安装包,splunk-8.2.3.2-5281ae34c90c-x64-release.msi
01-06
splunk最新版windows安装包,下载后,一直点击下一步即可安装成功!
splunk-library-javalogging:适用于流行Java日志记录框架的Splunk日志记录附加程序
05-14
Java Splunk日志记录 版本1.9.0 Java的Splunk日志记录使您能够将事件记录到Java应用程序内Splunk Enterprise实例上的HTTP事件收集器或TCP输入中。 您可以使用三种主要的Java日志记录框架: , 和 。 Java的Splunk...
Splunk-7.3.0-SearchReference_zh-CN.pdf
09-10
Splunk 7.3.0 搜索参考》是一份详细介绍了 Splunk 搜索处理语言(SPL)的文档,适用于 SIEM 和 Splunk 用户。这份文档旨在帮助用户理解和运用 SPL 进行日志分析和数据挖掘。以下是该文档中的关键知识点: 1. **...
智慧建造总体策划方案(76页).pptx
11-02
智慧建造总体策划方案(76页)
基于 Python2.7 和 PyQT4 开发的 modbus 通信采集软件
11-02
基于 Python2.7 和 PyQT4 开发的 modbus 通信采集软件,已在 windows、deepin linux 和树莓派上测试!
LLC simulink仿真《slx模型文件》
11-02
LLC simulink仿真《slx模型文件》 LLC谐振转换器是一种高效的直流-直流(DC-DC)电源转换器,因其独特的谐振特性而得名。在电力电子领域,LLC仿真对于理解和优化这种转换器的性能至关重要。Simulink是MATLAB环境下的一个强大工具,用于建立和仿真复杂系统,包括电力电子系统。 标题“LLC simulink仿真”指的是使用Simulink进行LLC谐振转换器的建模和仿真。通过Simulink,工程师可以模拟LLC转换器在不同工作条件下的行为,如负载变化、输入电压变动以及控制策略的影响。 **LLC电路的基本原理:** LLC谐振转换器结合了升压(Boost)、降压(Buck)和串联谐振(Series Resonant)三种拓扑结构的特点。它由主开关、副开关、电感、电容和二极管组成。谐振电容和电感形成谐振回路,使得开关器件能在零电压或零电流条件下切换,从而降低开关损耗并提高效率。 **仿真过程:** 在Simulink中,首先需要建立LLC转换器的模型,包括各个元件的参数设定。这包括主开关和副开关的开关频率、谐振电容和电感的值、二极管的反向恢复特性等。然后,设
krb5-devel-1.15.1-55.el7_9.i686.rpm
最新发布
11-02
Centos7 el7.x86_64 官方离线安装包,安装指令为 sudo rpm -ivh krb5-devel-1.15.1-55.el7_9.i686.rpm
K8S如何安装splunk-operator
10-22
在 Kubernetes (K8S) 上安装 Splunk Operator 需要几个步骤,通常涉及以下操作: 1. **添加外部仓库**: - 如果Splunk Operator不在官方仓库中,首先你需要添加Splunk的私有或社区维护的Docker Hub仓库到你的K8S集群。这通常通过更新`kubectl`的镜像仓库配置来完成。 2. **安装CRDs**: - 使用Kubernetes的`customresourcedefinitions` (CRDs)来启用Operator的功能。你可以在Splunk Operator的GitHub仓库找到CRDs的yaml文件,然后使用`kubectl apply - 下载Splunk Operator的Deployment或StatefulSet yaml文件,这通常包含Operator的实例和所需的依赖资源(如ServiceAccount,Role和RoleBinding)。应用它到K8S集群,例如: ``` kubectl apply -f splunk-operator-deployment.yaml ``` 4. **验证安装**: - 使用`kubectl get pods`检查Operator是否成功部署并处于Running状态。同时,确认CRDs也被正确创建了。 5. **配置和服务连接**: - 创建必要的Secret,用于存储Splunk的认证凭据和其他配置信息,例如: ``` kubectl create secret generic splunk-config \ --from-literal=splunk-url=https://your-splunk-url \ --from-literal=token=your-access-token ``` - 根据需要,创建Splunk Custom Resource (CR),比如ClusterRoleBinding来授权Operator访问你的Splunk集群。 6. **初始化**: - 一旦Operator部署好并且配置了连接,可能还需要运行一个初始化操作,让Operator开始管理你的 Splunk 实例。 7. **监控和更新**: - 持续监控Operator的状态和日志,以确保一切正常。定期检查和更新Operator以获得新功能和修复。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值