Re: Splunk Apps?

From: Karth Panchan <keyantech_at_gmail.com>
Date: Mon, 18 Nov 2013 14:26:22 -0500
Message-Id: <701558D7-65A2-45C1-BE3C-46070D24DFDE_at_gmail.com>

In my current place we use Splunk enterprise which comes with Web interface. We search our logs based on session id on this web application.

From Oracle database using Java program we write to Splunk.

HTH
Karth

> On Nov 18, 2013, at 1:13 PM, Wolfson Larry - lwolfs <lawrence.wolfson_at_acxiom.com> wrote:
>
> Hi list!
>
> I was wondering if anyone found particulaly useful Apps from the Splunk website that we may have overlooked?
> We’ve been using it for about a year and have been using it for multiple applications on multiple types of databases, not just Oracle.
> There’s also a new 6.0 release if you haven’t seen that. Check http://www.splunk.com/
>
> Splunk has a limited command line history, but you can get all the search commands from the _audit index
> A search something like
> index=_audit action=search search="*" NOT maintain | table _time search
> Should work for you. Just keep adding NOT ? statements to weed out want you don’t want to see.
> Might save you rewriting what one of your other DBAs already developed.
>
> Some references.
> http://pmdba.files.wordpress.com/2013/05/real-time-oracle-11g-log-file-analysis.pdf By Peter Magge
> http://itdavid.blogspot.ca/2011/02/manage-oracle-11gr2-asm-and-rdbms-audit.html By David Robillard
>
> BTW auditors generally like Splunk because it doesn’t throw anything away.
>
> Larry
>
>
>
>
> ***************************************************************************
> The information contained in this communication is confidential, is
> intended only for the use of the recipient named above, and may be legally
> privileged.
>
> If the reader of this message is not the intended recipient, you are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited.
>
> If you have received this communication in error, please resend this
> communication to the sender and delete the original message or any copy
> of it from your computer system.
>
> Thank You.
> ****************************************************************************

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Nov 18 2013 - 20:26:22 CET

This message: [ Message body ]
Next message: Scott Canaan: "EM 12c"
Previous message: Wolfson Larry - lwolfs: "Splunk Apps?"
In reply to: Wolfson Larry - lwolfs: "Splunk Apps?"
Next in thread: Nathan Owen: "Re: Splunk Apps?"
Reply: Nathan Owen: "Re: Splunk Apps?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message