c:\Users\adm-showard>powershell Windows PowerShell Copyright (C) 2009 Microsoft Corporation. All rights reserved. PS C:\Users\adm-showard> $sqlConn = New-Object System.Data.SqlClient.SqlConnection PS C:\Users\adm-showard> $sqlConn.ConnectionString = “Server=CMHWPSWSQL1201;Integrated Security=true;Initial Catalog=SWNetPerfMon” PS C:\Users\adm-showard> $sqlConn.Open() PS C:\Users\adm-showard> $sqlcmd = $sqlConn.CreateCommand() PS C:\Users\adm-showard> $sqlcmd = New-Object System.Data.SqlClient.SqlCommand PS C:\Users\adm-showard>…
Category: Database
Splunk query to extract JSP from stack trace in error log
We used what is below to parse through stack traces that had been logged in JBOSS. We were looking for the page most frequently impacted by a persistent transaction blocking issue. host=cmhlpecomecm* (ORA-00060 OR ORA-02049) AND org.apache.jsp | rex field=_raw…
Splunk – Histogram/distribution of JBOSS session length
As you can see below, 95% of our sessions are less than five minutes in length. This is very useful in sizing the session timeout variable in your context.xml file. host=cmhlpecomweb* sourcetype=access* | rex mode=sed field=_raw “s/\t/~/g” | eval tmp=split(_raw,”~”)…
Splunk calculating JBOSS session time statistics
We used this to produce a distribution of how long our sessions last. We print the median, average, and maximum session length based on the first and last occurrence of a given JSESSIONID. We also filter out those sessions less…
Splunk – Query to print distribution of requests by device type
We had a need to understand what type of devices our customers were using; specifically, Apple or Android. We came up with what is below… host=cmhlpecomweb* sourcetype=access* (“iphone” OR “ipad” OR “android”) | rex mode=sed field=_raw “s/\t/~/g” | eval tmp=split(_raw,”~”)…
Splunk regular expression count by day
This one tripped me up. The rex command is not a filter, it merely extracts the value where it exists. As such, you can’t simply say… rex field “(?mysearch)” | timechart span=1d count as total …as this will result in…
Interesting way to get domain associated with Amazon IP
While looking for timeouts in splunk for an unrelated reason… I noticed the Amazon IP’s above. We normally don’t know the service they represent. I connected to the IP in my browser on port 443, and noticed that of course…
Finding client side port in Oracle
select machine||’:’||port from gv\$active_session_history where machine like ‘%app01%’ and inst_id = 1″ | sort -u ———————————————————— MACHINE||’:’||PORT hostname.domain:34218 MACHINE||’:’||PORT hostname.domain:34252 MACHINE||’:’||PORT hostname.domain:34312 MACHINE||’:’||PORT hostname.domain:34313 MACHINE||’:’||PORT hostname.domain:34314 MACHINE||’:’||PORT hostname.domain:34317 MACHINE||’:’||PORT hostname.domain:34319 MACHINE||’:’||PORT hostname.domain:34326 MACHINE||’:’||PORT hostname.domain:34328 MACHINE||’:’||PORT hostname.domain:34331 MACHINE||’:’||PORT hostname.domain:34332 MACHINE||’:’||PORT hostname.domain:34334…
NodeJS, MySQL beacon app
A future post will detail the Android app we built for testing this POC. As always, our goal is to use kinetic learning to drive conversation. In other words, none of this is production ready, it’s simply tools to allow…
Splunk query to group Apache sessions by minute
The 15th field of our Apache log is the application server session ID. We truncate the _time field to minute, and get a distinct count of sessions in each minute. The number is 14 below because the source array is…