Splunk Usage Statistic Searches

Just for reference… here are some searches extracted from the Deployment Monitor application (only slightly modified) and other useful ones. I know there are apps for this, obviously DM that I extracted some searches from. But who knows, sometimes these apps may not work.

The great ppl @ Splunk have also documented these searches and more:

http://www.splunk.com/wiki/Community:TroubleshootingIndexedDataVolume

http://www.splunk.com/wiki/Deploy:Splunk_Metric_Reports

Usage by source:

More info for Splunk’ing HDS USP metrics

So after figuring out the greatness of Splunk’ing the statistical data from a USP I thought I’d go on to share more of what I’ve come across.

First off to shorten the time frame in which you pull your data so that it’s nearest to real-time as possible. Within your command.txt file, define the longrange value to only be one hour like so:

longrange -000100:

This will definitely help with the amount of time it takes to pull the data.

Now depending on the number of group’s you have defined to export, you can set a lower shortrange value like so:

shortrange -0010:

This will export the data for the last 10 minutes.

Getting Hitachi Performance Data into Splunk

I’ve been Splunk’ing A LOT recently and one of the most recent accomplishments was getting Hitachi Performance Data out of a USP (Universal Storage Platform) and in to Splunk. So I thought I’d write quickly on how it can be done.

Hitachi has a tool called “Export Tool” which basically connects to the SVP of your Hitachi USP as a given user, collects all of the data you tell it to (Port stats, LUN/LDEV stats, etc…) and output’s it into numerous CSV files. All of the options (SVP IP, user/pass, data to collect, etc…) can be configured within the Export Tool command file. This tool comes on the software package with your USP or if your microcode has been upgraded then you’ll need to obtain the correct copy from your Hitachi CE.

Resetting a JIRA Project’s Ticket Counter

Here are a few simple steps to resetting the ticket counter in a JIRA project.

1. Stop the JIRA instance from running by executing the shutdown.sh script found in $JIRA_HOME/bin

2. Log into the local mysql instance that is running and change the working database to ‘jira’

3. Execute the command:

select * from project where pkey=’PROJECTKEY’

…For example if your Project Key is ‘HELPDESK’ then you would execute the command:

select * from project where pkey=’HELPDESK’

…The output of this command gives you the the project ID as it’s stored in the database.

4. Now using the project ID we obtained in the previous step, execute the following command:

Getting Confluence to work with SELinux

If you’ve ever administered the enterprise collaboration software/wiki known as “Confluence” then you have most likely encountered it’s issues with having SELinux enabled on the same machine. Any documentation on the confluence website points to completely disabling SELinux when installing Confluence and offers no remedies otherwise.

Well for some of us, this just simply is not an option. After much debugging, log monitoring, tinkering, etc… last night I found the method to get SELinux to play nice with Confluence. So I thought I would share to steps for all those out there looking to do the same:

ASSUMPTIONS (This is based on the configuration I was working with, yours may differ):

Barracuda Web Filter 310 – The hidden options

Many months ago when configuring a Barracuda Web Filter 310 I came across a “hidden” expert menu which provides extended options (some of which are not advertised by Barracuda Networks) which may be useful within your environment.

To access this hidden menu you simply load up the admin interface on your Web Filter then click on the “Advanced” tab. Once the Advanced page displays, click in your location bar of your web browser and at the end of the URL listed add &expert=1 .. So for example your URL would look something like:

http://ipaddress:8000/cgi-mod/index.cgi?&user=admin&password=hash&et=1265483069&auth_type=Local&locale=en_US&primary_tab=ADVANCED&expert=1

How To Configure Cisco’s Syslog Logging

In this blog entry I will outline the steps you need to take on your Cisco Router or Catalyst device to configure syslog logging.

If you are configuring a Cisco Router for syslog logging then please follow the steps below:

1. In order to ensure that logging is enabled, issue the logging on command.

Router(config)# logging on

2. In order to specify the Essentials server that is to receive the router syslog messages, issue the logging ip_address command. ip_address is the address of the server that collects the syslog messages.

Router(config)# logging 1.1.1.1

Backing Up Your HPUX System

This blog entry Im writing with the intention of being short and to the point on how to backup your HPUX system. For additional information or more in depth options and so on, please consult the URLs listed at the bottom of this entry.

If you have root access to the machine then you can use the fbackup utility to backup your data. It is best to first boot the machine in single user mode so that no services are running and the bare minimum of processes are active because the fbackup utility will not back up files that are open or locked by any process.

So now make sure the device which you are backing your data up to is properly connected and turned on. Then use the fbackup command like so:

fbackup –f /dev/mymedia –i /

Easy Understanding of Cisco’s Extended ACL’s

Extended Access Control Lists (ACL) control traffic by comparing the source and destination address of the IP packets to whichever addresses you have configured within the ACL.

A standard ACL only compares the source address of the IP packet to whichever address is configured in the ACL and allows or denies it based on the ACL, the destination of the packet and the ports involved do not matter. A standard ACL also does not have the ability to filter based on the protocol type, whereas with an extended ACL you can filter IP, ICMP, TCP and UDP packets individually and specify specific ports.

Posted in Uncategorized