Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 08-04-2016 12:11:01.047 INFO dispatchRunner - Search process mode: freestanding
- 08-04-2016 12:11:01.047 INFO dispatchRunner - initing LicenseMgr in search process: nonPro=1
- 08-04-2016 12:11:01.048 INFO LicenseMgr - Initing LicenseMgr
- 08-04-2016 12:11:01.049 INFO ServerConfig - Found no hostname options in server.conf. Will attempt to use default for now.
- 08-04-2016 12:11:01.049 INFO ServerConfig - Host name option is "".
- 08-04-2016 12:11:01.059 INFO LMConfig - serverName=S970192 guid=0C5AEA67-3A76-4935-BE4B-484107FFFB9A
- 08-04-2016 12:11:01.059 INFO LMConfig - connection_timeout=30
- 08-04-2016 12:11:01.059 INFO LMConfig - send_timeout=30
- 08-04-2016 12:11:01.059 INFO LMConfig - receive_timeout=30
- 08-04-2016 12:11:01.059 INFO LMConfig - squash_threshold=2000
- 08-04-2016 12:11:01.059 INFO LMConfig - strict_pool_quota=1
- 08-04-2016 12:11:01.059 INFO LMConfig - key=pool_suggestion not found in licenser stanza of server.conf, defaulting=''
- 08-04-2016 12:11:01.059 INFO LicenseMgr - Initing LicenseMgr runContext_splunkd=false
- 08-04-2016 12:11:01.059 INFO LMStackMgr - closing stack mgr
- 08-04-2016 12:11:01.059 INFO LMSlaveInfo - all slaves cleared
- 08-04-2016 12:11:01.060 INFO LMStack - Added type=download-trial license, from file=enttrial.lic, to stack=download-trial of group=Trial
- 08-04-2016 12:11:01.060 INFO LMStackMgr - created stack='download-trial'
- 08-04-2016 12:11:01.060 INFO LMStackMgr - added pool auto_generated_pool_download-trial to stack download-trial
- 08-04-2016 12:11:01.060 INFO LMStackMgr - added pool auto_generated_pool_forwarder to stack forwarder
- 08-04-2016 12:11:01.060 INFO LMStackMgr - added pool auto_generated_pool_free to stack free
- 08-04-2016 12:11:01.060 INFO LMStackMgr - init completed [0C5AEA67-3A76-4935-BE4B-484107FFFB9A,Free,runContext_splunkd=false]
- 08-04-2016 12:11:01.060 INFO LicenseMgr - StackMgr init complete...
- 08-04-2016 12:11:01.060 INFO LMTracker - Setting default product type='enterprise'
- 08-04-2016 12:11:01.060 INFO LMTracker - this is not splunkd, will perform partial init
- 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=FwdData state=ENABLED (featureStatus=1)
- 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=KVStore state=ENABLED (featureStatus=1)
- 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=LocalSearch state=ENABLED (featureStatus=1)
- 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=RcvData state=ENABLED (featureStatus=1)
- 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=ScheduledSearch state=ENABLED (featureStatus=1)
- 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=SigningProcessor state=ENABLED (featureStatus=1)
- 08-04-2016 12:11:01.060 INFO LMTracker - Setting feature=SplunkWeb state=ENABLED (featureStatus=1)
- 08-04-2016 12:11:01.060 INFO LicenseMgr - Tracker init complete...
- 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'licenses'
- 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'pools'
- 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'stacks'
- 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'groups'
- 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'slaves'
- 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'localslave'
- 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'licensermessages'
- 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'scriptedwarning'
- 08-04-2016 12:11:01.064 INFO AdminManagerDispatch - added factory for admin handler: 'licenseusage'
- 08-04-2016 12:11:01.064 INFO dispatchRunner - Per-process handle limit is 512
- 08-04-2016 12:11:01.064 INFO dispatchRunner - Increasing per-process handle limit from '512' to '2048'
- 08-04-2016 12:11:01.064 INFO dispatchRunner - Successfully increased per-process handle limit from '512' to '2048'
- 08-04-2016 12:11:01.065 INFO dispatchRunner - registering build time modules, count=1
- 08-04-2016 12:11:01.066 INFO dispatchRunner - registering search time components of build time module name=vix
- 08-04-2016 12:11:01.066 INFO dispatchRunner - Splunkd starting (build debde650d26e).
- 08-04-2016 12:11:01.066 INFO dispatchRunner - System info: Windows, S970192, 1, 6, x64.
- 08-04-2016 12:11:01.066 INFO dispatchRunner - Detected 8 (virtual) CPUs, 4 CPU cores, and 20419MB RAM
- 08-04-2016 12:11:01.066 INFO dispatchRunner - Maximum number of threads (approximate): 10209
- 08-04-2016 12:11:01.066 INFO dispatchRunner - Arguments are: "search" "--id=1470334260.139" "--maxbuckets=300" "--ttl=600" "--maxout=500000" "--maxtime=0" "--lookups=1" "--reduce_freq=10" "--rf=*"
- 08-04-2016 12:11:01.066 INFO dispatchRunner - Getting search configuration data from: C:\Program Files\Splunk\etc\modules\parsing\config.xml
- 08-04-2016 12:11:01.068 INFO BundlesSetup - Setup stats for C:\Program Files\Splunk\etc: wallclock_elapsed_msec=29, cpu_time_used=0.0156001, shared_services_generation=1, shared_services_population=1
- 08-04-2016 12:11:01.069 INFO SessionManager - auth tokens will be generated with shpooling shared secret
- 08-04-2016 12:11:01.069 INFO UserManager - Setting user context: splunk-system-user
- 08-04-2016 12:11:01.069 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.069 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.069 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.069 INFO UserManager - Setting user context: admin
- 08-04-2016 12:11:01.069 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.069 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.069 INFO dispatchRunner - search context: user="admin", app="search", bs-pathname="C:\Program Files\Splunk\etc"
- 08-04-2016 12:11:01.073 INFO SearchParser - PARSING: search index=testing sourcetype=kvmi_newproc NOT "mscorsvw.exe" NOT "SearchFilterHost.exe" NOT "SearchProtocol" NOT "LogonUI.exe" NOT "smss.exe" NOT "winlogon.exe" NOT "dwm.exe" NOT "taskhost.exe" NOT "googlecrashhan" NOT "googleupdate"
- 08-04-2016 12:11:01.080 INFO ISplunkDispatch - Not running in splunkd. Bundle replication not triggered.
- 08-04-2016 12:11:01.087 INFO UserManager - Setting user context: admin
- 08-04-2016 12:11:01.087 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.087 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.099 INFO SearchProcessor - Final search filter=
- 08-04-2016 12:11:01.102 INFO StringSearchExpander - calculated_field="index" not expanded in comparison_expression="index=testing". calc_field_processor!=null, negated=false (negation depth=0)
- 08-04-2016 12:11:01.102 INFO StringSearchExpander - calculated_field="sourcetype" not expanded in comparison_expression="sourcetype=kvmi_newproc". calc_field_processor!=null, negated=false (negation depth=0)
- 08-04-2016 12:11:01.103 INFO SearchOperator:kv - name=EXTRACT-GUID, can_use_re2=0, regex: (?i)(?!=\w)(?:objectguid|guid)\s*=\s*(?<guid_lookup>[\w\-]+)
- 08-04-2016 12:11:01.103 INFO SearchOperator:kv - name=EXTRACT-SID, can_use_re2=0, regex: objectSid\s*=\s*(?<sid_lookup>\S+)
- 08-04-2016 12:11:01.104 INFO SearchOperator:kv - name=ad-kv, can_use_re2=0, regex: (?<_KEY_1>[\w-]+)=(?<_VAL_1>[^\r\n]*)
- 08-04-2016 12:11:01.105 INFO SearchOperator:kv - name=access-extractions, can_use_re2=0, regex: ^(?P<clientip>\S+)\s++(?P<ident>\S+)\s++(?P<user>\S+)\s++\[(?<req_time>[^\]]*+)\]\s++"\s*+(?P<method>[^\s"]++)?(?:\s++(?<uri>(?:(?<uri_domain>\w++://[^/\s"]++))?+(?<uri_path>(?:/++(?<root>(?:\\"|[^\s\?/"])++)/++)?(?:(?:\\"|[^\s\?/"])*+/++)*(?<file>[^\s\?/]+)?)(?:\?(?<uri_query>[^\s]*))?)(?:\s++(?P<version>[^\s"]++))*)?\s*+"\s++(?P<status>\S+)\s++(?P<bytes>\S+)(?:\s++"(?<referer>(?:(?<referer_domain>\w++://[^/\s"]++))?+[^"]*+)"(?:\s++"(?<useragent>[^"]*+)"(?:\s++"(?<cookie>[^"]*+)")?+)?+)?(?P<other>.*)
- 08-04-2016 12:11:01.105 INFO SearchOperator:kv - name=syslog-extractions, can_use_re2=0, regex: \s([^\s\[]+)(?:\[(\d+)\])?:\s
- 08-04-2016 12:11:01.106 INFO SearchOperator:kv - name=db2, can_use_re2=0, regex: ([A-Z]+) *: (.*?)(?=\n|$| +[A-Z]+ *:)
- 08-04-2016 12:11:01.106 INFO SearchOperator:kv - name=EXTRACT-extract_spent, can_use_re2=0, regex: (?<spent>\d+)ms$
- 08-04-2016 12:11:01.106 INFO SearchOperator:kv - name=EXTRACT-1, can_use_re2=0, regex: (?<_KEY_1>\S+)::(?<_VAL_1>\S+)
- 08-04-2016 12:11:01.107 INFO SearchOperator:kv - name=bracket-space, can_use_re2=0, regex: \[(\S+) (.*?)\]
- 08-04-2016 12:11:01.107 INFO SearchOperator:kv - name=EXTRACT-fields, can_use_re2=0, regex: (?i)^(?:[^ ]* ){2}(?:[+\-]\d+ )?(?P<log_level>[^ ]*)\s+(?P<component>[^ ]+) - (?P<message>.+)
- 08-04-2016 12:11:01.107 INFO SearchOperator:kv - name=sendmail-extractions, can_use_re2=0, regex: sendmail\[(\d+)\]: (\w+):
- 08-04-2016 12:11:01.107 INFO SearchOperator:kv - name=tcpdump-endpoints, can_use_re2=0, regex: (\d+\.\d+\.\d+\.\d+):(\d+) -> (\d+\.\d+\.\d+\.\d+):(\d+)
- 08-04-2016 12:11:01.107 INFO SearchOperator:kv - name=colon-kv, can_use_re2=0, regex: (?<= )([A-Za-z]+): ?((0x[A-F\d]+)|\d+)(?= |\n|$)
- 08-04-2016 12:11:01.113 INFO SearchOperator:kv - name=EXTRACT-collection,category,object, can_use_re2=0, regex: collection=\"?(?P<collection>[^\"\n]+)\"?\ncategory=\"?(?P<category>[^\"\n]+)\"?\nobject=\"?(?P<object>[^\"\n]+)\"?\n
- 08-04-2016 12:11:01.113 INFO SearchOperator:kv - name=wel-message, can_use_re2=0, regex: (?sm)^(?<_pre_msg>.+)\nMessage=(?<Message>.+)$
- 08-04-2016 12:11:01.113 INFO SearchOperator:kv - name=wel-col-kv, can_use_re2=0, regex: \n([^:\n\r]+):[ \t]++([^\n]*)
- 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=EXTRACT-useragent, can_use_re2=0, regex: userAgent=(?P<browser>[^ (]+)
- 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=splunk-service-extractions, can_use_re2=0, regex: (?i)^(?:[^ ]* ){2}(?P<log_level>[^\s]*)\s+\[(?P<requestid>\w+)]\s+(?P<component>[^ ]+):(?P<line>\d+) - (?P<message>.+)
- 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=extract_spent, can_use_re2=0, regex: (?P<spent>\d+)ms$
- 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=weblogic-code, can_use_re2=0, regex: <BEA-([0-9]+)>
- 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=colon-line, can_use_re2=0, regex: ^(\w+)\s*:[ \t]*(.*?)$
- 08-04-2016 12:11:01.114 INFO SearchOperator:kv - name=was-trlog-code, can_use_re2=0, regex: ] ([a-fA-F0-9]{8})
- 08-04-2016 12:11:01.117 INFO UnifiedSearch - base lispy: [ AND [ NOT googlecrashhan ] [ NOT googleupdate ] index::testing [ NOT searchprotocol ] sourcetype::kvmi_newproc ]
- 08-04-2016 12:11:01.118 INFO UnifiedSearch - Processed search targeting arguments
- 08-04-2016 12:11:01.118 INFO DispatchThread - BatchMode: allowBatchMode: 0, conf(1): 1, timeline/Status buckets(0):300, realtime(0):0, report pipe empty(0):1, reqTimeOrder(0):0, summarize(0):0, statefulStreaming(0):0
- 08-04-2016 12:11:01.118 INFO DispatchThread - Storing only 1000 events per timeline buckets due to limits.conf max_events_per_bucket setting.
- 08-04-2016 12:11:01.124 INFO DispatchThread - required fields list to add to remote search = *,_bkt,_cd,_si,host,index,linecount,source,sourcetype,splunk_server
- 08-04-2016 12:11:01.124 INFO SearchParser - PARSING: fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server"
- 08-04-2016 12:11:01.124 INFO UserManager - Setting user context: admin
- 08-04-2016 12:11:01.124 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.124 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.125 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.125 INFO DistributedSearchResultCollectionManager - Stream search: litsearch index=testing sourcetype=kvmi_newproc NOT "mscorsvw.exe" NOT "SearchFilterHost.exe" NOT "SearchProtocol" NOT "LogonUI.exe" NOT "smss.exe" NOT "winlogon.exe" NOT "dwm.exe" NOT "taskhost.exe" NOT "googlecrashhan" NOT "googleupdate" | fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server"
- 08-04-2016 12:11:01.125 INFO ExternalResultProvider - No external result providers are configured
- 08-04-2016 12:11:01.125 INFO DistributedSearchResultCollectionManager - ERP_FACTORY initialized, but zero external result provider, hence disabling _isERPCollectionEnabled
- 08-04-2016 12:11:01.125 INFO DistributedSearchResultCollectionManager - No default search group set.
- 08-04-2016 12:11:01.125 INFO DistributedSearchResultCollectionManager - Connecting to peer S970192 connectAll 0 connectToSpecificPeer 1
- 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
- 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
- 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
- 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
- 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
- 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.125 INFO UserManager - Setting user context: admin
- 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.125 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.125 INFO SearchParser - PARSING: litsearch index=testing sourcetype=kvmi_newproc NOT "mscorsvw.exe" NOT "SearchFilterHost.exe" NOT "SearchProtocol" NOT "LogonUI.exe" NOT "smss.exe" NOT "winlogon.exe" NOT "dwm.exe" NOT "taskhost.exe" NOT "googlecrashhan" NOT "googleupdate" | fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server"
- 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.125 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.126 INFO DispatchThread - Disk quota = 0
- 08-04-2016 12:11:01.133 INFO SearchParser - PARSING: typer | tags
- 08-04-2016 12:11:01.135 INFO FastTyper - found nodes count: comparisons=6, unique_comparisons=5, terms=4, unique_terms=4, phrases=12, unique_phrases=12, total leaves=22
- 08-04-2016 12:11:01.136 INFO IndexScopedSearch - 00000000022441D0 LISPY for index=testing is lispy='[ AND [ NOT googlecrashhan ] [ NOT googleupdate ] [ NOT searchprotocol ] sourcetype::kvmi_newproc ]' ct=2147483647 et=0 lt=2147483647 dbsize=1
- 08-04-2016 12:11:01.136 INFO UnifiedSearch - Initialization of search data structures took 4 ms
- 08-04-2016 12:11:01.136 INFO UnifiedSearch - Processed search targeting arguments
- 08-04-2016 12:11:01.142 INFO LocalCollector - Final required fields list = *,Message,_bkt,_cd,_raw,_si,_subsecond,host,index,linecount,source,sourcetype,splunk_server
- 08-04-2016 12:11:01.142 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.142 INFO UserManager - Setting user context: admin
- 08-04-2016 12:11:01.142 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.142 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.142 INFO UnifiedSearch - snapped earliest=1464675240 based on index min times
- 08-04-2016 12:11:01.142 INFO DatabaseDirectoryManager::Bucket - use_bloomfilter = true
- 08-04-2016 12:11:01.150 INFO SearchOperator:kv - 1 field name was modified. The first 1 is (format 'old'='new'):'handshake-handle' = 'handshake_handle',
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_hour is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_mday is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_minute is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_month is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_second is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_wday is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_year is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - date_zone is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - host is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - index is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - linecount is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - punct is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - source is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - sourcetype is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - splunk_server is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - splunk_server_group is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - timeendpos is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.150 WARN SearchOperator:kv - timestartpos is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - buildRegexList provided empty conf key, ignoring.
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_hour is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_mday is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_minute is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_month is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_second is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_wday is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_year is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - date_zone is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - host is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - index is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - linecount is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - punct is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - source is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - sourcetype is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - splunk_server is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - splunk_server_group is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - timeendpos is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.151 WARN SearchOperator:kv - timestartpos is an indexed field, ignoring TOKENIZER
- 08-04-2016 12:11:01.164 INFO SearchOperator:kv - 17 field names were modified. The first 10 are (format 'old'='new'):' MaxRequestThreads' = 'MaxRequestThreads', ' ServerDll' = 'ServerDll', '4 ProfileControl' = 'ProfileControl', '3 ServerDll' = 'ServerDll', '1 ServerDll' = 'ServerDll', 'plugin-path' = 'plugin_path', 'proxy-stub-channel' = 'proxy_stub_channel', 'toast-results-key' = 'toast_results_key', 'handshake-handle' = 'handshake_handle', ' SharedSection' = 'SharedSection', ....
- 08-04-2016 12:11:01.169 WARN SearchOperator:kv - buildRegexList provided empty conf key, ignoring.
- 08-04-2016 12:11:01.188 INFO SearchOperator:kv - 17 field names were modified. The first 10 are (format 'old'='new'):' MaxRequestThreads' = 'MaxRequestThreads', ' ServerDll' = 'ServerDll', '4 ProfileControl' = 'ProfileControl', '3 ServerDll' = 'ServerDll', '1 ServerDll' = 'ServerDll', 'plugin-path' = 'plugin_path', 'proxy-stub-channel' = 'proxy_stub_channel', 'toast-results-key' = 'toast_results_key', 'handshake-handle' = 'handshake_handle', ' SharedSection' = 'SharedSection', ....
- 08-04-2016 12:11:01.194 WARN SearchOperator:kv - buildRegexList provided empty conf key, ignoring.
- 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.195 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.672 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.689 INFO UserManager - Setting user context: admin
- 08-04-2016 12:11:01.689 INFO UserManager - Free version does not have user services
- 08-04-2016 12:11:01.689 INFO UserManager - Done setting user context: NULL -> NULL
- 08-04-2016 12:11:01.689 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.689 INFO DispatchManager - DispatchManager::dispatchHasFinished(id='1470334260.139', username='admin')
- 08-04-2016 12:11:01.708 INFO ISearchOperator - 00000000022441D0 PREAD_HISTOGRAM: usec_1_8=493 usec_8_64=0 usec_64_512=0 usec_512_4096=1 usec_4096_32768=0 usec_32768_262144=0 usec_262144_INF=0
- 08-04-2016 12:11:01.709 INFO UserManager - Unwound user context: NULL -> NULL
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - Shutting down splunkd
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Begin"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_JustBeforeKVStore"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_KVStore"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Thruput"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpInput1"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpOutput"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_UdpInput"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_FifoInput"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_WinEventLogInput"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_HttpInput"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Scheduler"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_SyslogOutput"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_HTTPOutput"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_ArchiveAndOneshot"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_MainThread"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Tailing"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_PeerManager"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_AuditTrailManager"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_AuditTrailQueueServiceThread"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_FSChangeMonitor"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_FSChangeManagerProcessor"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_HttpClientPollingThread"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_AsyncQueuedMessageDispatcherThread"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_OfflineFlusher"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Slave"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_SlaveSearch"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Captain"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Select"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_IdataDO_Collector"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpOutput2"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_IndexerService"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Database1"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_LastIndexerLevel"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpInput2"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_SearchDispatch"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_LoadLDAPUsers"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_MetricsManager"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Pipeline"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Queue"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_Exec"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_CallbackRunner"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_HttpClient"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - shutting down level "ShutdownLevel_DmcProxyHttpClient"
- 08-04-2016 12:11:01.709 INFO ShutdownHandler - Shutdown complete in 0 microseconds
Add Comment
Please, Sign In to add comment