Splunk Version bauen holen bf0ff7c2ab8bJenkins Jobs Konsole Ausgabe/überwacht durch Splunk gehen - Wie diese Daten mit CURL/Rest-API für letzte N Minuten/Stunden/Tage etc</strong> 6.5.3.1</p> <p><strong>Splunk
Jenkins Version 1.642.3 oder 2.32.3
Auf jedem Jenkins Master gibt es einen splunk Prozess läuft.
$ ps -eAf|grep splunk
splunk 58877 1 20 Feb16 ? 42-23:27:37 splunkd -p 8089 restart
splunk 58878 58877 0 Feb16 ? 00:00:00 [splunkd pid=58877] splunkd -p 8089 restart [process-runner]
asangal 91197 91175 0 12:38 pts/2 00:00:00 grep --color=auto splunk
Splunk Prozessmonitore/Scans für die log
Datei für alle Jenkins Jobs, die wir in unserem Beispiel haben das heißt unter $JENKINS_HOME/jobs/<JOB_NAME>/builds/<BUILD_NUMBER>/log
Datei.
$ pwd
/opt/splunkforwarder/etc/system/local
$ cat inputs.conf
[default]
host = jenkins-master-project-prod-1-609
[monitor:///var/log/jenkins]
index = some-jenkins-prod-index-in-splunk
disabled = False
recursive = True
[monitor:///home/jenkins/jobs/.../builds/.../log]
index = some-jenkins-prod-index-in-splunk
disabled = False
recursive = True
crcSalt = <SOURCE>
...
.....
... more config code here ...
....
..
In Splunk GUI, wenn ich eine einfache Abfrage ausführen, um etwas zu suchen, die Splunk für die gleichen index
erfaßt und die von jeder source
(Datei) kommt, ich gültig outupt sehen. Hinweis: Tatsächliche Zeilenausgabe wird abgeschnitten. Wie Sie im Balkendiagramm sehen können, sind Daten vorhanden und die Tabelle ist ausgefüllt.
In meinem Jenkins Job, ich habe manchmal einige Warnungen, INFO, Fehler enthalten (für die ich bereits Log Parser Plugin
bei Jenkins Ebene verwendet wird) und ich versuche, ein Skript zu schreiben, die diese LOG Ausgang eines holen wird Jenkins-Job von Splunk für die letzten 15, 30 Minuten oder die letzten 1-7 Stunden oder 1-30 Tage und finde heraus, wie viele Warnungen, Fehler usw. (basierend auf einigen Keywords, Regex) für diesen bestimmten Zeitraum gefunden wurden. HINWEIS: Es gibt verschiedene Jenkins-Master, bei denen Splunk läuft und mein Ziel ist, mit Splunk zu sprechen und die Daten zu bekommen, was ich brauche (anstatt mit 500 Jenkins-Meistern zu sprechen).
Ich versuchte die folgenden CURL
Befehle, die mir eine SEARCH ID zurückgibt, aber es tut nichts.
Im folgenden CURL-Befehl übergebe ich eine verfeinerte Abfrage zum Abrufen von Daten. Ich sagen, holen alle Infos Splunk hat (Felder können gemäß der GUI hinzugefügt werden) innerhalb der letzten 30 Minuten und wo index
ist some-jenkins-prod-index-in-splunk
und wo die source
des Stammes ist: /home/jenkins/jobs/*/builds/*/log
(erste *
für Jobnamen, die zweite *
für Build-Nummer) und dann sage ich, suche das LOG in splunk, wo das Protokoll eine der Linien/Schlüsselwörter/Regex enthält (wie unten unter Verwendung der OR
Bedingung aufgeführt) und zeige die Ausgabe im JSON Format an.
➜ ~ p=$(cat ~/AKS/rOnly/od.p.txt)
➜ ~ curl --connect-time 10 --max-time 900 -ks https://splunk.server.mycompany.com:8089/services/search -umy_splunk_user:$p --data search='search earliest=-30m index=some-jenkins-prod-index-in-splunk source=/home/jenkins/jobs/*/builds/*/log ("WARNING: " OR "npm WARN retry" OR "svn: E200033: " OR ": binary operator expected" OR ": too many arguments" OR ": No such file or directory" OR "rsync: failed to set times on")' -d output_mode=json
{"messages":[{"type":"ERROR","text":"Method Not Allowed"}]}% ➜ ~
Wie Sie sehen können, gibt es mir Methode nicht erlaubt.
Wenn ich die folgende Abfrage mit /jobs
im URL-Teil gab, bekam ich eine gültige SEARCH ID.
Mit dieser SEARCH ID versuche ich, zu den Hauptlogs zu gelangen, aber es funktioniert nicht. Ich verwende jq
, um die JSON-Ausgabe zu filtern, um sie in einem schönen Layout anzuzeigen.
➜ ~ curl --connect-time 10 --max-time 900 -ks https://splunk.server.mycompany.com:8089/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A -umy_splunk_user:$p --data search='search earliest=-30m index=some-jenkins-prod-index-in-splunk source=/home/jenkins/jobs/*/builds/*/log ("WARNING: " OR "npm WARN retry" OR "svn: E200033: " OR ": binary operator expected" OR ": too many arguments" OR ": No such file or directory" OR "rsync: failed to set times on")' -d output_mode=json|jq .
{
"links": {},
"origin": "http://splunk.server.mycompany.com/services/search/jobs",
"updated": "2017-09-15T09:44:33-07:00",
"generator": {
"build": "bf0ff7c2ab8b",
"version": "6.5.3.1"
},
"entry": [
{
"name": "search earliest=-30m index=some-jenkins-prod-index-in-splunk source=/home/jenkins/jobs/*/builds/*/log (\"WARNING: \" OR \"npm WARN retry\" OR \"svn: E200033: \" OR \": binary operator expected\" OR \": too many arguments\" OR \": No such file or directory\" OR \"rsync: failed to set times on\") | regex source=\".*/[0-9][0-9]*/log\" | table host, source, _raw",
"id": "http://splunk.server.mycompany.com/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A",
"updated": "2017-09-15T09:44:33.942-07:00",
"links": {
"alternate": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A",
"search.log": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/search.log",
"events": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/events",
"results": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/results",
"results_preview": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/results_preview",
"timeline": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/timeline",
"summary": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/summary",
"control": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/control"
},
"published": "2017-09-15T09:43:59.000-07:00",
"author": "my_splunk_user",
"content": {
"bundleVersion": "17557160226808436058",
"canSummarize": false,
"cursorTime": "1969-12-31T16:00:00.000-08:00",
"defaultSaveTTL": "2592000",
"defaultTTL": "600",
"delegate": "",
"diskUsage": 561152,
"dispatchState": "DONE",
"doneProgress": 1,
"dropCount": 0,
"earliestTime": "2017-09-15T09:13:58.000-07:00",
"eventAvailableCount": 0,
"eventCount": 30,
"eventFieldCount": 0,
"eventIsStreaming": true,
"eventIsTruncated": true,
"eventSearch": "search (earliest=-30m index=some-jenkins-prod-index-in-splunk source=/home/jenkins/jobs/*/builds/*/log (\"WARNING: \" OR \"npm WARN retry\" OR \"svn: E200033: \" OR \": binary operator expected\" OR \": too many arguments\" OR \": No such file or directory\" OR \"rsync: failed to set times on\")) | regex source=\".*/[0-9][0-9]*/log\" ",
"eventSorting": "none",
"isBatchModeSearch": true,
"isDone": true,
"isEventsPreviewEnabled": false,
"isFailed": false,
"isFinalized": false,
"isPaused": false,
"isPreviewEnabled": false,
"isRealTimeSearch": false,
"isRemoteTimeline": false,
"isSaved": false,
"isSavedSearch": false,
"isTimeCursored": true,
"isZombie": false,
"keywords": "\"*: binary operator expected*\" \"*: no such file or directory*\" \"*: too many arguments*\" \"*npm warn retry*\" \"*rsync: failed to set times on*\" \"*svn: e200033: *\" \"*warning: *\" earliest::-30m index::some-jenkins-prod-index-in-splunk source::/home/jenkins/jobs/*/builds/*/log",
"label": "",
"latestTime": "2017-09-15T09:43:59.561-07:00",
"normalizedSearch": "litsearch (index=some-jenkins-prod-index-in-splunk source=/home/jenkins/jobs/*/builds/*/log (\"WARNING: \" OR \"npm WARN retry\" OR \"svn: E200033: \" OR \": binary operator expected\" OR \": too many arguments\" OR \": No such file or directory\" OR \"rsync: failed to set times on\") _time>=1505492038.000) | regex source=\".*/[0-9][0-9]*/log\" | fields keepcolorder=t \"_raw\" \"host\" \"source\"",
"numPreviews": 0,
"optimizedSearch": "| search (earliest=-30m index=some-jenkins-prod-index-in-splunk source=/home/jenkins/jobs/*/builds/*/log (\"WARNING: \" OR \"npm WARN retry\" OR \"svn: E200033: \" OR \": binary operator expected\" OR \": too many arguments\" OR \": No such file or directory\" OR \"rsync: failed to set times on\")) | regex source=\".*/[0-9][0-9]*/log\" | table host, source, _raw",
"pid": "2174",
"priority": 5,
"remoteSearch": "litsearch (index=some-jenkins-prod-index-in-splunk source=/home/jenkins/jobs/*/builds/*/log (\"WARNING: \" OR \"npm WARN retry\" OR \"svn: E200033: \" OR \": binary operator expected\" OR \": too many arguments\" OR \": No such file or directory\" OR \"rsync: failed to set times on\") _time>=1505492038.000) | regex source=\".*/[0-9][0-9]*/log\" | fields keepcolorder=t \"_raw\" \"host\" \"source\"",
"reportSearch": "table host, source, _raw",
"resultCount": 30,
"resultIsStreaming": false,
"resultPreviewCount": 30,
"runDuration": 0.579,
"sampleRatio": "1",
"sampleSeed": "0",
"scanCount": 301,
"searchCanBeEventType": false,
"searchEarliestTime": 1505492038,
"searchLatestTime": 1505493839.21872,
"searchTotalBucketsCount": 37,
"searchTotalEliminatedBucketsCount": 0,
"sid": "1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A",
"statusBuckets": 0,
"ttl": 600,
"performance": {
"command.fields": {
"duration_secs": 0.035,
"invocations": 48,
"input_count": 30,
"output_count": 30
},
"command.regex": {
"duration_secs": 0.048,
"invocations": 48,
"input_count": 30,
"output_count": 30
},
"command.search": {
"duration_secs": 1.05,
"invocations": 48,
"input_count": 0,
"output_count": 30
},
"command.search.calcfields": {
"duration_secs": 0.013,
"invocations": 16,
"input_count": 301,
"output_count": 301
},
"dispatch.optimize.reparse": {
"duration_secs": 0.001,
"invocations": 1
},
"dispatch.optimize.toJson": {
"duration_secs": 0.001,
"invocations": 1
},
"dispatch.optimize.toSpl": {
"duration_secs": 0.001,
"invocations": 1
},
"dispatch.parserThread": {
"duration_secs": 0.048,
"invocations": 48
},
"dispatch.reduce": {
"duration_secs": 0.001,
"invocations": 1
},
"dispatch.stream.remote": {
"duration_secs": 1.05,
"invocations": 48,
"input_count": 0,
"output_count": 332320
},
"dispatch.stream.remote.mr11p01if-ztbv02090901.mr.if.mycompany.com-8081": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr11p01if-ztbv02090901.mr.if.mycompany.com-8082": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr11p01if-ztbv11204201.mr.if.mycompany.com-8081": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr11p01if-ztbv11204201.mr.if.mycompany.com-8082": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr11p01if-ztbv11204401.mr.if.mycompany.com-8081": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr11p01if-ztbv11204401.mr.if.mycompany.com-8082": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr11p01if-ztbv16142101.mr.if.mycompany.com-8081": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr11p01if-ztbv16142101.mr.if.mycompany.com-8082": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr11p01if-ztbv16142301.mr.if.mycompany.com-8081": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr11p01if-ztbv16142301.mr.if.mycompany.com-8082": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr21p01if-ztbv14080101.mr.if.mycompany.com-8081": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr21p01if-ztbv14080101.mr.if.mycompany.com-8082": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr22p01if-ztbv1.mr.if.mycompany.com-8081": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr22p01if-ztbv1.mr.if.mycompany.com-8082": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr22p01if-ztbv09013201.mr.if.mycompany.com-8081": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr22p01if-ztbv09013201.mr.if.mycompany.com-8082": {
"duration_secs": 0.001,
"invocations": 1,
"input_count": 0,
"output_count": 5422
},
"dispatch.stream.remote.mr90p01if-ztep02103701.mr.if.mycompany.com-8081": {
"duration_secs": 0.058,
"invocations": 2,
"input_count": 0,
"output_count": 16948
},
"dispatch.stream.remote.mr90p01if-ztep02103701.mr.if.mycompany.com-8082": {
"duration_secs": 0.066,
"invocations": 2,
"input_count": 0,
"output_count": 14415
},
"dispatch.stream.remote.mr90p01if-ztep04044101.mr.if.mycompany.com-8081": {
"duration_secs": 0.059,
"invocations": 2,
"input_count": 0,
"output_count": 15858
},
"dispatch.stream.remote.mr90p01if-ztep04044101.mr.if.mycompany.com-8082": {
"duration_secs": 0.065,
"invocations": 2,
"input_count": 0,
"output_count": 11867
},
"dispatch.stream.remote.mr90p01if-ztep06024101.mr.if.mycompany.com-8081": {
"duration_secs": 0.061,
"invocations": 2,
"input_count": 0,
"output_count": 20695
},
"dispatch.stream.remote.mr90p01if-ztep06024101.mr.if.mycompany.com-8082": {
"duration_secs": 0.06,
"invocations": 2,
"input_count": 0,
"output_count": 15193
},
"dispatch.stream.remote.mr90p01if-ztep12023601.mr.if.mycompany.com-8081": {
"duration_secs": 0.063,
"invocations": 2,
"input_count": 0,
"output_count": 15932
},
"dispatch.stream.remote.mr90p01if-ztep12023601.mr.if.mycompany.com-8082": {
"duration_secs": 0.064,
"invocations": 2,
"input_count": 0,
"output_count": 14415
},
"dispatch.stream.remote.mr90p01if-ztep12043901.mr.if.mycompany.com-8081": {
"duration_secs": 0.061,
"invocations": 2,
"input_count": 0,
"output_count": 15418
},
"dispatch.stream.remote.mr90p01if-ztep12043901.mr.if.mycompany.com-8082": {
"duration_secs": 0.058,
"invocations": 2,
"input_count": 0,
"output_count": 11866
},
"dispatch.stream.remote.pv31p01if-ztbv08050801.pv.if.mycompany.com-8081": {
"duration_secs": 0.075,
"invocations": 2,
"input_count": 0,
"output_count": 15661
},
"dispatch.stream.remote.pv31p01if-ztbv08050801.pv.if.mycompany.com-8082": {
"duration_secs": 0.071,
"invocations": 2,
"input_count": 0,
"output_count": 15845
},
"dispatch.stream.remote.pv31p01if-ztbv08051001.pv.if.mycompany.com-8081": {
"duration_secs": 0.066,
"invocations": 2,
"input_count": 0,
"output_count": 14406
},
"dispatch.stream.remote.pv31p01if-ztbv08051001.pv.if.mycompany.com-8082": {
"duration_secs": 0.072,
"invocations": 2,
"input_count": 0,
"output_count": 15524
},
"dispatch.stream.remote.pv31p01if-ztbv08051201.pv.if.mycompany.com-8081": {
"duration_secs": 0.067,
"invocations": 2,
"input_count": 0,
"output_count": 16009
},
"dispatch.stream.remote.pv31p01if-ztbv08051201.pv.if.mycompany.com-8082": {
"duration_secs": 0.068,
"invocations": 2,
"input_count": 0,
"output_count": 15516
},
"dispatch.writeStatus": {
"duration_secs": 0.012,
"invocations": 7
},
"startup.configuration": {
"duration_secs": 2.045,
"invocations": 33
},
"startup.handoff": {
"duration_secs": 14.595,
"invocations": 33
}
},
"messages": [
{
"type": "INFO",
"text": "Your timerange was substituted based on your search string"
},
{
"type": "WARN",
"text": "Unable to distribute to peer named pv31p01if-ztbv08050601.pv.if.mycompany.com:8081 at uri=pv31p01if-ztbv08050601.pv.if.mycompany.com:8081 using the uri-scheme=http because peer has status=\"Down\". Please verify uri-scheme, connectivity to the search peer, that the search peer is up, and an adequate level of system resources are available. See the Troubleshooting Manual for more information."
},
{
"type": "WARN",
"text": "Unable to distribute to peer named pv31p01if-ztbv08050601.pv.if.mycompany.com:8082 at uri=pv31p01if-ztbv08050601.pv.if.mycompany.com:8082 using the uri-scheme=http because peer has status=\"Down\". Please verify uri-scheme, connectivity to the search peer, that the search peer is up, and an adequate level of system resources are available. See the Troubleshooting Manual for more information."
}
],
"request": {
"search": "search earliest=-30m index=some-jenkins-prod-index-in-splunk source=/home/jenkins/jobs/*/builds/*/log (\"WARNING: \" OR \"npm WARN retry\" OR \"svn: E200033: \" OR \": binary operator expected\" OR \": too many arguments\" OR \": No such file or directory\" OR \"rsync: failed to set times on\") | regex source=\".*/[0-9][0-9]*/log\" | table host, source, _raw"
},
"runtime": {
"auto_cancel": "0",
"auto_pause": "0"
},
"searchProviders": [
"mr11p01if-ztbv02090901.mr.if.mycompany.com-8081",
"mr11p01if-ztbv16142101.mr.if.mycompany.com-8082",
"mr11p01if-ztbv16142301.mr.if.mycompany.com-8081",
"mr11p01if-ztbv16142301.mr.if.mycompany.com-8082",
"mr21p01if-ztbv14080101.mr.if.mycompany.com-8081",
"mr21p01if-ztbv14080101.mr.if.mycompany.com-8082",
"mr22p01if-ztbv1.mr.if.mycompany.com-8081",
"mr22p01if-ztbv1.mr.if.mycompany.com-8082",
"mr22p01if-ztbv09013201.mr.if.mycompany.com-8081",
"mr22p01if-ztbv09013201.mr.if.mycompany.com-8082",
"mr90p01if-ztep02103701.mr.if.mycompany.com-8081",
"mr90p01if-ztep02103701.mr.if.mycompany.com-8082",
"mr90p01if-ztep04044101.mr.if.mycompany.com-8081",
"mr90p01if-ztep04044101.mr.if.mycompany.com-8082",
"mr90p01if-ztep06024101.mr.if.mycompany.com-8081",
"mr90p01if-ztep06024101.mr.if.mycompany.com-8082",
"mr90p01if-ztep12023601.mr.if.mycompany.com-8081",
"mr90p01if-ztep12023601.mr.if.mycompany.com-8082",
"mr90p01if-ztep12043901.mr.if.mycompany.com-8081",
"mr90p01if-ztep12043901.mr.if.mycompany.com-8082",
"pv31p01if-ztbv08050801.pv.if.mycompany.com-8081",
"pv31p01if-ztbv08050801.pv.if.mycompany.com-8082",
"pv31p01if-ztbv08051001.pv.if.mycompany.com-8081",
"pv31p01if-ztbv08051001.pv.if.mycompany.com-8082",
"pv31p01if-ztbv08051201.pv.if.mycompany.com-8081",
"pv31p01if-ztbv08051201.pv.if.mycompany.com-8082"
]
},
"acl": {
"perms": {
"read": [
"my_splunk_user"
],
"write": [
"my_splunk_user"
]
},
"owner": "my_splunk_user",
"modifiable": true,
"sharing": "global",
"app": "search",
"can_write": true,
"ttl": "600"
}
}
],
"paging": {
"total": 1,
"perPage": 0,
"offset": 0
}
}
➜ ~
➜ ~
Aber, wie Sie keinen Nutzen sehen können, ist die erzeugte JSON ausgegeben, wie es nicht ist zeigt oder eine der Ausgabe des Jenkins Job enthält, die ich verwenden kann.
Wenn ich im CURL-Befehl für die Splunk-URL versuche, einen der folgenden URLs Endpunkte, es gibt mir einen Fehler.
"search.log": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/search.log",
"events": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/events",
"results": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/results",
"results_preview": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/results_preview",
"timeline": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/timeline",
"summary": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/summary",
"control": "/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/control"
Für Ex: wenn ich versuche, URL.../<SEARCH_ID>/events
oder URL/.../<SEARCH_ID>/results
, etc, erhalte ich die folgende Fehlermeldung.
curl --connect-time 10 --max-time 900 -ks https://splunk.server.mycompany.com:8089/services/search/jobs/1505493838.3723_ACEB82F4-AA21-4AE2-95A3-566F6BCAA05A/events -umy_splunk_user:$p --data search='search earliest=-30m index=some-jenkins-prod-index-in-splunk source=/home/jenkins/jobs/*/builds/*/log ("WARNING: " OR "npm WARN retry" OR "svn: E200033: " OR ": binary operator expected" OR ": too many arguments" OR ": No such file or directory" OR "rsync: failed to set times on")' -d output_mode=json|jq .
{
"messages": [
{
"type": "FATAL",
"text": "Method Not Allowed"
}
]
}
Ich versuche, die Hostnamen zu finden, die Quelle (Jenkins Joblog Pfad), die Konsolenausgabe des eigentlichen Jobs (die wir lesen und analysieren können meaniningful Informationen zu erzeugen) etwa in der letzten N Zeitperiode, wie Viele, Fehler, Warnungen, seltsame Zeilen wurden angezeigt und abhängig von einigen Schwellenwerten, wenn die Zahlen diese Schwellenwerte überschreiten, muss ich eine E-Mail-Benachrichtigung senden.
Ich kann das alles codieren, aber ich komme nicht zum allerersten Teil des Puzzles hier, das Splunk dazu bringt, die CONSOLE OUTPUT von Jenkins Job auszuspucken, die Splunk auf dem Dateisystem überwacht.
Das Endziel ist es, die aussagekräftigen Daten in eine Textdatei in Form oder JSON oder CSV und wandelt diese Daten in einige sinnvollen Bar/Tortendiagramme usw.
Für die Ex-Dump: wenn data.csv enthält:
age,population
<5,2704659
5-13,4499890
14-17,2159981
18-24,3853788
25-44,14106543
45-64,8819342
65-85,312463
≥85,81312463
dann die folgende Datei verwenden, kann ich diese Rohdaten in einem Kreisdiagramm umwandeln, die wie wie das Bild Schnappschuss unten aussehen wird.
<!DOCTYPE html>
<meta charset="utf-8">
<style>
.arc text {
font: 10px sans-serif;
text-anchor: middle;
}
.arc path {
stroke: #fff;
}
</style>
<svg width="960" height="500"></svg>
<script src="https://d3js.org/d3.v4.min.js"></script>
<script>
var svg = d3.select("svg"),
width = +svg.attr("width"),
height = +svg.attr("height"),
radius = Math.min(width, height)/2,
g = svg.append("g").attr("transform", "translate(" + width/2 + "," + height/2 + ")");
var color = d3.scaleOrdinal(["#98abc5", "#8a89a6", "#7b6888", "#6b486b", "#a05d56", "#d0743c", "#ff8c00"]);
var pie = d3.pie()
.sort(null)
.value(function(d) { return d.population; });
var path = d3.arc()
.outerRadius(radius - 10)
.innerRadius(0);
var label = d3.arc()
.outerRadius(radius - 40)
.innerRadius(radius - 40);
d3.csv("data.csv", function(d) {
d.population = +d.population;
return d;
}, function(error, data) {
if (error) throw error;
var arc = g.selectAll(".arc")
.data(pie(data))
.enter().append("g")
.attr("class", "arc");
arc.append("path")
.attr("d", path)
.attr("fill", function(d) { return color(d.data.age); });
arc.append("text")
.attr("transform", function(d) { return "translate(" + label.centroid(d) + ")"; })
.attr("dy", "0.35em")
.text(function(d) { return d.data.age; });
});
</script>
Erzeugen Kreisdiagramm (aufgrund CSV-Datei und die HTML-Datei):