What Command Do You Use to Check if Splunk is Installed?

Problem scenario
You want to find out what version of Splunk you are using. What command do you run?

Solution
Run this command: sudo /opt/splunk/bin/splunk version

If it does not work, run this command: sudo find / -name splunk -type f
Then run sudo /path/found/above/splunk/ version

 » Read more..

How Do You Generate a 100 GB Log File?

Problem scenario
You want to generate a large log file to use later on (e.g., for the Elastic Stack or Splunk). How do you create a 100 GB log file?

Solution
Find an example log to base the generation off. Run these commands to find a log that you would want to copy its format:

cd /var/log
ls -lh –sort=size
sudo tail foobar # where foobar is the name of the log file you want to sample

2.

 » Read more..

What is ChatOps?

Question
What is ChatOps?

Answer
ChatOps is the integration of a chatroom (e.g., Slack, HipChat, etc.) with the controls of an API (e.g., a REST API) to invoke DevOps or systems administration tasks. ChatOps chatrooms allow for text communication in real-time. In a ChatOps chatroom there is a syntax for messages to reboot a server or deploy code. Issuing such commands allows for centralized logging and close communication with many people.

 » Read more..

What Are the Recommended Practices of Logging?

Problem scenario
The primary purposes of logging include troubleshooting (root cause analysis of poor performance, debugging unintended behavior, or resolving catastrophic failures). In some cases logging is used for monitoring of resource utilization and planning of changes. What patterns or characteristics of a good logging system?

Solution
Here are 11 traits of good logging.

1. Use appropriate file systems and tune them based on your needs.

 » Read more..

How Do You Install Splunk in a Docker Container?

Problem scenario
You want to run Splunk from a Docker container. What do you do?

Solution
Prerequisites
Install Docker. If you need assistance, see this posting.

Procedures
1. Run this command: docker pull splunk/splunk:latest

2. Run this command, but replace “simpleword” with the password that you want the administrator account for the web UI to have:

docker run -d -p 8000:8000 -e ‘SPLUNK_START_ARGS=–accept-license’ -e ‘SPLUNK_PASSWORD=simpleword’ splunk/splunk:latest

3.

 » Read more..

Which Log File Shows a Record of Web Traffic on an Nginx Web Server Running on a Linux?

Problem scenario
You configured Nginx on a Linux server. You want to see if there has been activity on the website (e.g., via a web browser). What log file, visible on the back-end, has records of web browsing activity?

Solution
It is often here: /var/log/nginx/access.log

For general Nginx purposes, the nginx.conf file specifies the location of the Nginx logs and the names of the log files themselves.

 » Read more..

How Do You Quickly Add a New Event to the Windows Logs Using PowerShell?

Problem scenario
You like adding logging messages manually in Linux/Unix. You do it from the command prompt with “# write a cool message here”. You review the messages with a “history” command. You also append messages to log files in /var/log/foorbar.d with ‘echo “note this” ‘. How do you introduce your own messages into Windows event log?

Solution
Run a command like this but change “Application” to “Security” or whichever log category you want:

Write-EventLog -LogName Application -EventId 3 -Message “Continual Integration helps!” -Source “Windows Error Reporting”

# Note that “Windows Error Reporting” is just one of several valid sources.  » Read more..

How Do You Get the Kibana Web UI to Work?

Problem scenario
You want to try out he Kibana web UI. You are using Linux. How do you get Kibana to work?

Solution
Prerequisites

Install the ElasticStack. If you need assistance, see “How Do You Install the Elastic Stack on Any Type of Linux?

Procedures

1. Install nginx. If you need assistance,

 » Read more..

How Do You Install the Elastic Stack on Any Type of Linux?

Updated on 9/24/19

Problem scenario
You want to install Elastic Stack on different distributions of Linux with the same exact script.  What should you do?

Solution
Prerequisites
i. You should have at least 3 GB of total memory (a combination of virtual memory and RAM) allocated to the server. If you need to add memory,

 » Read more..

How Do You Troubleshoot the Logstash (or Elastic Stack) Error “logging.log4j.core.appender.RollingFileAppender”?

Problem scenario
You try to start Logstash but you get this error: “main ERROR Could not create plugin of type class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile: “

What should you do?

Solution
Do one of the two options below.

#1  Solution (rather simple, for a one-time fix)
Do not start the process with the root or some other regular user. 

 » Read more..