![]() That indicates to you that the database team should be contacted to help you troubleshoot further. For example, if every error in the webserver is correlated to a stacktrace error in the java code, you can expand the stacktrack event to see that it indicates that the call to the database failed. Look through the data on the auth servers to locate trends or correlations that reveal root cause.Your search should look like this:Ĭrash OR error OR fail* OR critical host="auth-x*" You'll notice that Splunk automatically adds a field/value filter to the search, and from there you can then add a wildcard character to look across all auth servers. You can do this by clicking on the first auth server displayed within sourcetype. Focus your investigation. Since users were complaining about inability to authenticate, you could focus the investigation down to the authentication servers.Click sourcetype to check the status of every piece of technology in the environment, for example, web servers, database servers, or the network.Click hosts to find out which hosts are currently reporting errors and appear to be affected.Page You have two problems with your use of eval: You cant use wildcard. ![]() Some fields you might want to investigate include: REGEX not working- Filter the Splunk results. Clicking on each field helps to answer additional questions you might ask during an investigation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |