As you can see below, 95% of our sessions are less than five minutes in length. This is very useful in sizing the session timeout variable in your context.xml file. host=cmhlpecomweb* sourcetype=access* | rex mode=sed field=_raw “s/\t/~/g” | eval tmp=split(_raw,”~”)…
Author: Steve
Splunk calculating JBOSS session time statistics
We used this to produce a distribution of how long our sessions last. We print the median, average, and maximum session length based on the first and last occurrence of a given JSESSIONID. We also filter out those sessions less…
Splunk – Query to print distribution of requests by device type
We had a need to understand what type of devices our customers were using; specifically, Apple or Android. We came up with what is below… host=cmhlpecomweb* sourcetype=access* (“iphone” OR “ipad” OR “android”) | rex mode=sed field=_raw “s/\t/~/g” | eval tmp=split(_raw,”~”)…
awk statistical functions
We had already written an awk script to pull durations for a particularly slow web service call. We wanted to understand the distribution of the response times. Often, the average is high, but it is skewed by a number of…
Splunk regular expression count by day
This one tripped me up. The rex command is not a filter, it merely extracts the value where it exists. As such, you can’t simply say… rex field “(?mysearch)” | timechart span=1d count as total …as this will result in…
Interesting way to get domain associated with Amazon IP
While looking for timeouts in splunk for an unrelated reason… I noticed the Amazon IP’s above. We normally don’t know the service they represent. I connected to the IP in my browser on port 443, and noticed that of course…
Setting up a simple linux DNS server
yum install bind service named start sample zone file is shown below. This must be located in /etc/named $TTL 3600 ; 1 hour default TTL mydomain.com. IN SOA ns1.mydomain.com. admin.mydomain.com. ( 2006051501 ; Serial 10800 ; Refresh 600 ; Retry…
Finding client side port in Oracle
select machine||’:’||port from gv\$active_session_history where machine like ‘%app01%’ and inst_id = 1″ | sort -u ———————————————————— MACHINE||’:’||PORT hostname.domain:34218 MACHINE||’:’||PORT hostname.domain:34252 MACHINE||’:’||PORT hostname.domain:34312 MACHINE||’:’||PORT hostname.domain:34313 MACHINE||’:’||PORT hostname.domain:34314 MACHINE||’:’||PORT hostname.domain:34317 MACHINE||’:’||PORT hostname.domain:34319 MACHINE||’:’||PORT hostname.domain:34326 MACHINE||’:’||PORT hostname.domain:34328 MACHINE||’:’||PORT hostname.domain:34331 MACHINE||’:’||PORT hostname.domain:34332 MACHINE||’:’||PORT hostname.domain:34334…
NodeJS, MySQL beacon app
A future post will detail the Android app we built for testing this POC. As always, our goal is to use kinetic learning to drive conversation. In other words, none of this is production ready, it’s simply tools to allow…
DNS server address cached in java?
We found that an old DNS address was used until we restarted the JVM. I need to review the class used to perform this activity.. Test this with a simple class. import java.net.*; public class test { static { java.security.Security.setProperty…