API tools faq
paste
Guest User

Untitled

a guest
Aug 4th, 2016
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.26 KB | None | 0 0
raw download clone embed print report
  1. 08-04-2016 12:11:01.047 INFO dispatchRunner - Search process mode: freestanding
  2. 08-04-2016 12:11:01.047 INFO dispatchRunner - initing LicenseMgr in search process: nonPro=1
  3. 08-04-2016 12:11:01.048 INFO LicenseMgr - Initing LicenseMgr
  4. 08-04-2016 12:11:01.049 INFO ServerConfig - Found no hostname options in server.conf. Will attempt to use default for now.
  5. 08-04-2016 12:11:01.049 INFO ServerConfig - Host name option is "".
  6. 08-04-2016 12:11:01.059 INFO LMConfig - serverName=S970192 guid=0C5AEA67-3A76-4935-BE4B-484107FFFB9A
  7. 08-04-2016 12:11:01.059 INFO LMConfig - connection_timeout=30
  8. 08-04-2016 12:11:01.059 INFO LMConfig - send_timeout=30
  9. 08-04-2016 12:11:01.059 INFO LMConfig - receive_timeout=30
  10. 08-04-2016 12:11:01.059 INFO LMConfig - squash_threshold=2000
  11. 08-04-2016 12:11:01.059 INFO LMConfig - strict_pool_quota=1
  12. 08-04-2016 12:11:01.059 INFO LMConfig - key=pool_suggestion not found in licenser stanza of server.conf, defaulting=''
  13. 08-04-2016 12:11:01.059 INFO LicenseMgr - Initing LicenseMgr runContext_splunkd=false
  14. 08-04-2016 12:11:01.059 INFO LMStackMgr - closing stack mgr
  15. 08-04-2016 12:11:01.059 INFO LMSlaveInfo - all slaves cleared
  16. 08-04-2016 12:11:01.060 INFO LMStack - Added type=download-trial license, from file=enttrial.lic, to stack=download-trial of group=Trial
  17. 08-04-2016 12:11:01.060 INFO LMStackMgr - created stack='download-trial'
  18. 08-04-2016 12:11:01.060 INFO LMStackMgr - added pool auto_generated_pool_download-trial to stack download-trial
  19. 08-04-2016 12:11:01.060 INFO LMStackMgr - added pool auto_generated_pool_forwarder to stack forwarder
  20. 08-04-2016 12:11:01.060 INFO LMStackMgr - added pool auto_generated_pool_free to stack free
  21. 08-04-2016 12:11:01.060 INFO LMStackMgr - init completed [0C5AEA67-3A76-4935-BE4B-484107FFFB9A,Free,runContext_splunkd=false]
  22. 08-04-2016 12:11:01.060 INFO LicenseMgr - StackMgr init complete...
  23. 08-04-2016 12:11:01.060 INFO LMTracker - Setting default product type='enterprise'
  24. 08-04-2016 12:11:01.060 INFO LMTracker - this is not splunkd, will perform partial init
  25. 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=FwdData state=ENABLED (featureStatus=1)
  26. 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=KVStore state=ENABLED (featureStatus=1)
  27. 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=LocalSearch state=ENABLED (featureStatus=1)
  28. 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=RcvData state=ENABLED (featureStatus=1)
  29. 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=ScheduledSearch state=ENABLED (featureStatus=1)
  30. 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=SigningProcessor state=ENABLED (featureStatus=1)
  31. 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=SplunkWeb state=ENABLED (featureStatus=1)
  32. 08-04-2016 12:11:01.060 INFO LicenseMgr - Tracker init complete...
  33. 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'licenses'
  34. 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'pools'
  35. 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'stacks'
  36. 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'groups'
  37. 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'slaves'
  38. 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'localslave'
  39. 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'licensermessages'
  40. 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'scriptedwarning'
  41. 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'licenseusage'
  42. 08-04-2016 12:11:01.064 INFO dispatchRunner - Per-process handle limit is 512
  43. 08-04-2016 12:11:01.064 INFO dispatchRunner - Increasing per-process handle limit from '512' to '2048'
  44. 08-04-2016 12:11:01.064 INFO dispatchRunner - Successfully increased per-process handle limit from '512' to '2048'
  45. 08-04-2016 12:11:01.065 INFO dispatchRunner - registering build time modules, count=1
  46. 08-04-2016 12:11:01.066 INFO dispatchRunner - registering search time components of build time module name=vix
  47. 08-04-2016 12:11:01.066 INFO dispatchRunner - Splunkd starting (build debde650d26e).
  48. 08-04-2016 12:11:01.066 INFO dispatchRunner - System info: Windows, S970192, 1, 6, x64.
  49. 08-04-2016 12:11:01.066 INFO dispatchRunner - Detected 8 (virtual) CPUs, 4 CPU cores, and 20419MB RAM
  50. 08-04-2016 12:11:01.066 INFO dispatchRunner - Maximum number of threads (approximate): 10209
  51. 08-04-2016 12:11:01.066 INFO dispatchRunner - Arguments are: "search" "--id=1470334260.139" "--maxbuckets=300" "--ttl=600" "--maxout=500000" "--maxtime=0" "--lookups=1" "--reduce_freq=10" "--rf=*"
  52. 08-04-2016 12:11:01.066 INFO dispatchRunner - Getting search configuration data from: C:\Program Files\Splunk\etc\modules\parsing\config.xml
  53. 08-04-2016 12:11:01.068 INFO BundlesSetup - Setup stats for C:\Program Files\Splunk\etc: wallclock_elapsed_msec=29, cpu_time_used=0.0156001, shared_services_generation=1, shared_services_population=1
  54. 08-04-2016 12:11:01.069 INFO SessionManager - auth tokens will be generated with shpooling shared secret
  55. 08-04-2016 12:11:01.069 INFO UserManager - Setting user context: splunk-system-user
  56. 08-04-2016 12:11:01.069 INFO UserManager - Free version does not have user services
  57. 08-04-2016 12:11:01.069 INFO UserManager - Done setting user context: NULL -> NULL
  58. 08-04-2016 12:11:01.069 INFO UserManager - Unwound user context: NULL -> NULL
  59. 08-04-2016 12:11:01.069 INFO UserManager - Setting user context: admin
  60. 08-04-2016 12:11:01.069 INFO UserManager - Free version does not have user services
  61. 08-04-2016 12:11:01.069 INFO UserManager - Done setting user context: NULL -> NULL
  62. 08-04-2016 12:11:01.069 INFO dispatchRunner - search context: user="admin", app="search", bs-pathname="C:\Program Files\Splunk\etc"
  63. 08-04-2016 12:11:01.073 INFO SearchParser - PARSING: search index=testing sourcetype=kvmi_newproc NOT "mscorsvw.exe" NOT "SearchFilterHost.exe" NOT "SearchProtocol" NOT "LogonUI.exe" NOT "smss.exe" NOT "winlogon.exe" NOT "dwm.exe" NOT "taskhost.exe" NOT "googlecrashhan" NOT "googleupdate"
  64. 08-04-2016 12:11:01.080 INFO ISplunkDispatch - Not running in splunkd. Bundle replication not triggered.
  65. 08-04-2016 12:11:01.087 INFO UserManager - Setting user context: admin
  66. 08-04-2016 12:11:01.087 INFO UserManager - Free version does not have user services
  67. 08-04-2016 12:11:01.087 INFO UserManager - Done setting user context: NULL -> NULL
  68. 08-04-2016 12:11:01.099 INFO SearchProcessor - Final search filter=
  69. 08-04-2016 12:11:01.102 INFO StringSearchExpander - calculated_field="index" not expanded in comparison_expression="index=testing". calc_field_processor!=null, negated=false (negation depth=0)
  70. 08-04-2016 12:11:01.102 INFO StringSearchExpander - calculated_field="sourcetype" not expanded in comparison_expression="sourcetype=kvmi_newproc". calc_field_processor!=null, negated=false (negation depth=0)
  71. 08-04-2016 12:11:01.103 INFO SearchOperator:kv - name=EXTRACT-GUID, can_use_re2=0, regex: (?i)(?!=\w)(?:objectguid|guid)\s*=\s*(?<guid_lookup>[\w\-]+)
  72. 08-04-2016 12:11:01.103 INFO SearchOperator:kv - name=EXTRACT-SID, can_use_re2=0, regex: objectSid\s*=\s*(?<sid_lookup>\S+)
  73. 08-04-2016 12:11:01.104 INFO SearchOperator:kv - name=ad-kv, can_use_re2=0, regex: (?<_KEY_1>[\w-]+)=(?<_VAL_1>[^\r\n]*)
  74. 08-04-2016 12:11:01.105 INFO SearchOperator:kv - name=access-extractions, can_use_re2=0, regex: ^(?P<clientip>\S+)\s++(?P<ident>\S+)\s++(?P<user>\S+)\s++\[(?<req_time>[^\]]*+)\]\s++"\s*+(?P<method>[^\s"]++)?(?:\s++(?<uri>(?:(?<uri_domain>\w++://[^/\s"]++))?+(?<uri_path>(?:/++(?<root>(?:\\"|[^\s\?/"])++)/++)?(?:(?:\\"|[^\s\?/"])*+/++)*(?<file>[^\s\?/]+)?)(?:\?(?<uri_query>[^\s]*))?)(?:\s++(?P<version>[^\s"]++))*)?\s*+"\s++(?P<status>\S+)\s++(?P<bytes>\S+)(?:\s++"(?<referer>(?:(?<referer_domain>\w++://[^/\s"]++))?+[^"]*+)"(?:\s++"(?<useragent>[^"]*+)"(?:\s++"(?<cookie>[^"]*+)")?+)?+)?(?P<other>.*)
  75. 08-04-2016 12:11:01.105 INFO SearchOperator:kv - name=syslog-extractions, can_use_re2=0, regex: \s([^\s\[]+)(?:\[(\d+)\])?:\s
  76. 08-04-2016 12:11:01.106 INFO SearchOperator:kv - name=db2, can_use_re2=0, regex: ([A-Z]+) *: (.*?)(?=\n|$| +[A-Z]+ *:)
  77. 08-04-2016 12:11:01.106 INFO SearchOperator:kv - name=EXTRACT-extract_spent, can_use_re2=0, regex: (?<spent>\d+)ms$
  78. 08-04-2016 12:11:01.106 INFO SearchOperator:kv - name=EXTRACT-1, can_use_re2=0, regex: (?<_KEY_1>\S+)::(?<_VAL_1>\S+)
  79. 08-04-2016 12:11:01.107 INFO SearchOperator:kv - name=bracket-space, can_use_re2=0, regex: \[(\S+) (.*?)\]
  80. 08-04-2016 12:11:01.107 INFO SearchOperator:kv - name=EXTRACT-fields, can_use_re2=0, regex: (?i)^(?:[^ ]* ){2}(?:[+\-]\d+ )?(?P<log_level>[^ ]*)\s+(?P<component>[^ ]+) - (?P<message>.+)
  81. 08-04-2016 12:11:01.107 INFO SearchOperator:kv - name=sendmail-extractions, can_use_re2=0, regex: sendmail\[(\d+)\]: (\w+):
  82. 08-04-2016 12:11:01.107 INFO SearchOperator:kv - name=tcpdump-endpoints, can_use_re2=0, regex: (\d+\.\d+\.\d+\.\d+):(\d+) -> (\d+\.\d+\.\d+\.\d+):(\d+)
  83. 08-04-2016 12:11:01.107 INFO SearchOperator:kv - name=colon-kv, can_use_re2=0, regex: (?<= )([A-Za-z]+): ?((0x[A-F\d]+)|\d+)(?= |\n|$)
  84. 08-04-2016 12:11:01.113 INFO SearchOperator:kv - name=EXTRACT-collection,category,object, can_use_re2=0, regex: collection=\"?(?P<collection>[^\"\n]+)\"?\ncategory=\"?(?P<category>[^\"\n]+)\"?\nobject=\"?(?P<object>[^\"\n]+)\"?\n
  85. 08-04-2016 12:11:01.113 INFO SearchOperator:kv - name=wel-message, can_use_re2=0, regex: (?sm)^(?<_pre_msg>.+)\nMessage=(?<Message>.+)$
  86. 08-04-2016 12:11:01.113 INFO SearchOperator:kv - name=wel-col-kv, can_use_re2=0, regex: \n([^:\n\r]+):[ \t]++([^\n]*)
  87. 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=EXTRACT-useragent, can_use_re2=0, regex: userAgent=(?P<browser>[^ (]+)
  88. 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=splunk-service-extractions, can_use_re2=0, regex: (?i)^(?:[^ ]* ){2}(?P<log_level>[^\s]*)\s+\[(?P<requestid>\w+)]\s+(?P<component>[^ ]+):(?P<line>\d+) - (?P<message>.+)
  89. 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=extract_spent, can_use_re2=0, regex: (?P<spent>\d+)ms$
  90. 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=weblogic-code, can_use_re2=0, regex: <BEA-([0-9]+)>
  91. 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=colon-line, can_use_re2=0, regex: ^(\w+)\s*:[ \t]*(.*?)$
  92. 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=was-trlog-code, can_use_re2=0, regex: ] ([a-fA-F0-9]{8})
  93. 08-04-2016 12:11:01.117 INFO UnifiedSearch - base lispy: [ AND [ NOT googlecrashhan ] [ NOT googleupdate ] index::testing [ NOT searchprotocol ] sourcetype::kvmi_newproc ]
  94. 08-04-2016 12:11:01.118 INFO UnifiedSearch - Processed search targeting arguments
  95. 08-04-2016 12:11:01.118 INFO DispatchThread - BatchMode: allowBatchMode: 0, conf(1): 1, timeline/Status buckets(0):300, realtime(0):0, report pipe empty(0):1, reqTimeOrder(0):0, summarize(0):0, statefulStreaming(0):0
  96. 08-04-2016 12:11:01.118 INFO DispatchThread - Storing only 1000 events per timeline buckets due to limits.conf max_events_per_bucket setting.
  97. 08-04-2016 12:11:01.124 INFO DispatchThread - required fields list to add to remote search = *,_bkt,_cd,_si,host,index,linecount,source,sourcetype,splunk_server
  98. 08-04-2016 12:11:01.124 INFO SearchParser - PARSING: fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server"
  99. 08-04-2016 12:11:01.124 INFO UserManager - Setting user context: admin
  100. 08-04-2016 12:11:01.124 INFO UserManager - Free version does not have user services
  101. 08-04-2016 12:11:01.124 INFO UserManager - Done setting user context: NULL -> NULL
  102. 08-04-2016 12:11:01.125 INFO UserManager - Unwound user context: NULL -> NULL
  103. 08-04-2016 12:11:01.125 INFO DistributedSearchResultCollectionManager - Stream search: litsearch index=testing sourcetype=kvmi_newproc NOT "mscorsvw.exe" NOT "SearchFilterHost.exe" NOT "SearchProtocol" NOT "LogonUI.exe" NOT "smss.exe" NOT "winlogon.exe" NOT "dwm.exe" NOT "taskhost.exe" NOT "googlecrashhan" NOT "googleupdate" | fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server"
  104. 08-04-2016 12:11:01.125 INFO ExternalResultProvider - No external result providers are configured
  105. 08-04-2016 12:11:01.125 INFO DistributedSearchResultCollectionManager - ERP_FACTORY initialized, but zero external result provider, hence disabling _isERPCollectionEnabled
  106. 08-04-2016 12:11:01.125 INFO DistributedSearchResultCollectionManager - No default search group set.
  107. 08-04-2016 12:11:01.125 INFO DistributedSearchResultCollectionManager - Connecting to peer S970192 connectAll 0 connectToSpecificPeer 1
  108. 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
  109. 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
  110. 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
  111. 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
  112. 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
  113. 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
  114. 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
  115. 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
  116. 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
  117. 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
  118. 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
  119. 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
  120. 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
  121. 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
  122. 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
  123. 08-04-2016 12:11:01.125 INFO SearchParser - PARSING: litsearch index=testing sourcetype=kvmi_newproc NOT "mscorsvw.exe" NOT "SearchFilterHost.exe" NOT "SearchProtocol" NOT "LogonUI.exe" NOT "smss.exe" NOT "winlogon.exe" NOT "dwm.exe" NOT "taskhost.exe" NOT "googlecrashhan" NOT "googleupdate" | fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server"
  124. 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
  125. 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
  126. 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
  127. 08-04-2016 12:11:01.126 INFO DispatchThread - Disk quota = 0
  128. 08-04-2016 12:11:01.133 INFO SearchParser - PARSING: typer | tags
  129. 08-04-2016 12:11:01.135 INFO FastTyper - found nodes count: comparisons=6, unique_comparisons=5, terms=4, unique_terms=4, phrases=12, unique_phrases=12, total leaves=22
  130. 08-04-2016 12:11:01.136 INFO IndexScopedSearch - 00000000022441D0 LISPY for index=testing is lispy='[ AND [ NOT googlecrashhan ] [ NOT googleupdate ] [ NOT searchprotocol ] sourcetype::kvmi_newproc ]' ct=2147483647 et=0 lt=2147483647 dbsize=1
  131. 08-04-2016 12:11:01.136 INFO UnifiedSearch - Initialization of search data structures took 4 ms
  132. 08-04-2016 12:11:01.136 INFO UnifiedSearch - Processed search targeting arguments
  133. 08-04-2016 12:11:01.142 INFO LocalCollector - Final required fields list = *,Message,_bkt,_cd,_raw,_si,_subsecond,host,index,linecount,source,sourcetype,splunk_server
  134. 08-04-2016 12:11:01.142 INFO UserManager - Unwound user context: NULL -> NULL
  135. 08-04-2016 12:11:01.142 INFO UserManager - Setting user context: admin
  136. 08-04-2016 12:11:01.142 INFO UserManager - Free version does not have user services
  137. 08-04-2016 12:11:01.142 INFO UserManager - Done setting user context: NULL -> NULL
  138. 08-04-2016 12:11:01.142 INFO UnifiedSearch - snapped earliest=1464675240 based on index min times
  139. 08-04-2016 12:11:01.142 INFO DatabaseDirectoryManager::Bucket - use_bloomfilter = true
  140. 08-04-2016 12:11:01.150 INFO SearchOperator:kv - 1 field name was modified. The first 1 is (format 'old'='new'):'handshake-handle' = 'handshake_handle',
  141. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_hour is an indexed field, ignoring TOKENIZER
  142. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_mday is an indexed field, ignoring TOKENIZER
  143. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_minute is an indexed field, ignoring TOKENIZER
  144. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_month is an indexed field, ignoring TOKENIZER
  145. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_second is an indexed field, ignoring TOKENIZER
  146. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_wday is an indexed field, ignoring TOKENIZER
  147. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_year is an indexed field, ignoring TOKENIZER
  148. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_zone is an indexed field, ignoring TOKENIZER
  149. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - host is an indexed field, ignoring TOKENIZER
  150. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - index is an indexed field, ignoring TOKENIZER
  151. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - linecount is an indexed field, ignoring TOKENIZER
  152. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - punct is an indexed field, ignoring TOKENIZER
  153. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - source is an indexed field, ignoring TOKENIZER
  154. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - sourcetype is an indexed field, ignoring TOKENIZER
  155. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - splunk_server is an indexed field, ignoring TOKENIZER
  156. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - splunk_server_group is an indexed field, ignoring TOKENIZER
  157. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - timeendpos is an indexed field, ignoring TOKENIZER
  158. 08-04-2016 12:11:01.150 WARN SearchOperator:kv - timestartpos is an indexed field, ignoring TOKENIZER
  159. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - buildRegexList provided empty conf key, ignoring.
  160. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_hour is an indexed field, ignoring TOKENIZER
  161. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_mday is an indexed field, ignoring TOKENIZER
  162. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_minute is an indexed field, ignoring TOKENIZER
  163. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_month is an indexed field, ignoring TOKENIZER
  164. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_second is an indexed field, ignoring TOKENIZER
  165. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_wday is an indexed field, ignoring TOKENIZER
  166. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_year is an indexed field, ignoring TOKENIZER
  167. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_zone is an indexed field, ignoring TOKENIZER
  168. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - host is an indexed field, ignoring TOKENIZER
  169. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - index is an indexed field, ignoring TOKENIZER
  170. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - linecount is an indexed field, ignoring TOKENIZER
  171. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - punct is an indexed field, ignoring TOKENIZER
  172. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - source is an indexed field, ignoring TOKENIZER
  173. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - sourcetype is an indexed field, ignoring TOKENIZER
  174. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - splunk_server is an indexed field, ignoring TOKENIZER
  175. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - splunk_server_group is an indexed field, ignoring TOKENIZER
  176. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - timeendpos is an indexed field, ignoring TOKENIZER
  177. 08-04-2016 12:11:01.151 WARN SearchOperator:kv - timestartpos is an indexed field, ignoring TOKENIZER
  178. 08-04-2016 12:11:01.164 INFO SearchOperator:kv - 17 field names were modified. The first 10 are (format 'old'='new'):' MaxRequestThreads' = 'MaxRequestThreads', ' ServerDll' = 'ServerDll', '4 ProfileControl' = 'ProfileControl', '3 ServerDll' = 'ServerDll', '1 ServerDll' = 'ServerDll', 'plugin-path' = 'plugin_path', 'proxy-stub-channel' = 'proxy_stub_channel', 'toast-results-key' = 'toast_results_key', 'handshake-handle' = 'handshake_handle', ' SharedSection' = 'SharedSection', ....
  179. 08-04-2016 12:11:01.169 WARN SearchOperator:kv - buildRegexList provided empty conf key, ignoring.
  180. 08-04-2016 12:11:01.188 INFO SearchOperator:kv - 17 field names were modified. The first 10 are (format 'old'='new'):' MaxRequestThreads' = 'MaxRequestThreads', ' ServerDll' = 'ServerDll', '4 ProfileControl' = 'ProfileControl', '3 ServerDll' = 'ServerDll', '1 ServerDll' = 'ServerDll', 'plugin-path' = 'plugin_path', 'proxy-stub-channel' = 'proxy_stub_channel', 'toast-results-key' = 'toast_results_key', 'handshake-handle' = 'handshake_handle', ' SharedSection' = 'SharedSection', ....
  181. 08-04-2016 12:11:01.194 WARN SearchOperator:kv - buildRegexList provided empty conf key, ignoring.
  182. 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
  183. 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
  184. 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
  185. 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
  186. 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
  187. 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
  188. 08-04-2016 12:11:01.672 INFO UserManager - Unwound user context: NULL -> NULL
  189. 08-04-2016 12:11:01.689 INFO UserManager - Setting user context: admin
  190. 08-04-2016 12:11:01.689 INFO UserManager - Free version does not have user services
  191. 08-04-2016 12:11:01.689 INFO UserManager - Done setting user context: NULL -> NULL
  192. 08-04-2016 12:11:01.689 INFO UserManager - Unwound user context: NULL -> NULL
  193. 08-04-2016 12:11:01.689 INFO DispatchManager - DispatchManager::dispatchHasFinished(id='1470334260.139', username='admin')
  194. 08-04-2016 12:11:01.708 INFO ISearchOperator - 00000000022441D0 PREAD_HISTOGRAM: usec_1_8=493 usec_8_64=0 usec_64_512=0 usec_512_4096=1 usec_4096_32768=0 usec_32768_262144=0 usec_262144_INF=0
  195. 08-04-2016 12:11:01.709 INFO UserManager - Unwound user context: NULL -> NULL
  196. 08-04-2016 12:11:01.709 INFO ShutdownHandler - Shutting down splunkd
  197. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Begin"
  198. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_JustBeforeKVStore"
  199. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_KVStore"
  200. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Thruput"
  201. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpInput1"
  202. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpOutput"
  203. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_UdpInput"
  204. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_FifoInput"
  205. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_WinEventLogInput"
  206. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_HttpInput"
  207. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Scheduler"
  208. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_SyslogOutput"
  209. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_HTTPOutput"
  210. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_ArchiveAndOneshot"
  211. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_MainThread"
  212. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Tailing"
  213. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_PeerManager"
  214. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_AuditTrailManager"
  215. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_AuditTrailQueueServiceThread"
  216. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_FSChangeMonitor"
  217. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_FSChangeManagerProcessor"
  218. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_HttpClientPollingThread"
  219. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_AsyncQueuedMessageDispatcherThread"
  220. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_OfflineFlusher"
  221. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Slave"
  222. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_SlaveSearch"
  223. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Captain"
  224. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Select"
  225. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_IdataDO_Collector"
  226. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpOutput2"
  227. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_IndexerService"
  228. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Database1"
  229. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_LastIndexerLevel"
  230. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpInput2"
  231. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_SearchDispatch"
  232. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_LoadLDAPUsers"
  233. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_MetricsManager"
  234. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Pipeline"
  235. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Queue"
  236. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Exec"
  237. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_CallbackRunner"
  238. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_HttpClient"
  239. 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_DmcProxyHttpClient"
  240. 08-04-2016 12:11:01.709 INFO ShutdownHandler - Shutdown complete in 0 microseconds
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!