Month: June 2017

Splunk calculating JBOSS session time statistics

by Steve • June 29, 2017 • 0 Comments

We used this to produce a distribution of how long our sessions last. We print the median, average, and maximum session length based on the first and last occurrence of a given JSESSIONID. We also filter out those sessions less…

Splunk – Query to print distribution of requests by device type

by Steve • June 23, 2017 • 0 Comments

We had a need to understand what type of devices our customers were using; specifically, Apple or Android. We came up with what is below… host=cmhlpecomweb* sourcetype=access* (“iphone” OR “ipad” OR “android”) | rex mode=sed field=_raw “s/\t/~/g” | eval tmp=split(_raw,”~”)…

awk statistical functions

by Steve • June 15, 2017 • 0 Comments

We had already written an awk script to pull durations for a particularly slow web service call. We wanted to understand the distribution of the response times. Often, the average is high, but it is skewed by a number of…

Splunk regular expression count by day

by Steve • June 9, 2017 • 0 Comments

This one tripped me up. The rex command is not a filter, it merely extracts the value where it exists. As such, you can’t simply say… rex field “(?mysearch)” | timechart span=1d count as total …as this will result in…

Interesting way to get domain associated with Amazon IP

by Steve • June 7, 2017 • 0 Comments

While looking for timeouts in splunk for an unrelated reason… I noticed the Amazon IP’s above. We normally don’t know the service they represent. I connected to the IP in my browser on port 443, and noticed that of course…

Setting up a simple linux DNS server

by Steve • June 6, 2017 • 0 Comments

yum install bind service named start sample zone file is shown below. This must be located in /etc/named $TTL 3600 ; 1 hour default TTL mydomain.com. IN SOA ns1.mydomain.com. admin.mydomain.com. ( 2006051501 ; Serial 10800 ; Refresh 600 ; Retry…

Finding client side port in Oracle

by Steve • June 1, 2017 • 0 Comments

select machine||’:’||port from gv\$active_session_history where machine like ‘%app01%’ and inst_id = 1″ | sort -u ———————————————————— MACHINE||’:’||PORT hostname.domain:34218 MACHINE||’:’||PORT hostname.domain:34252 MACHINE||’:’||PORT hostname.domain:34312 MACHINE||’:’||PORT hostname.domain:34313 MACHINE||’:’||PORT hostname.domain:34314 MACHINE||’:’||PORT hostname.domain:34317 MACHINE||’:’||PORT hostname.domain:34319 MACHINE||’:’||PORT hostname.domain:34326 MACHINE||’:’||PORT hostname.domain:34328 MACHINE||’:’||PORT hostname.domain:34331 MACHINE||’:’||PORT hostname.domain:34332 MACHINE||’:’||PORT hostname.domain:34334…