取消
顯示的結果
而不是尋找
你的意思是:

磚附加Splunk v1.2 -錯誤“databricksquery”命令

hukel
新的因素

任何人使用的新v1.2嗎磚的附加Splunk嗎?我們現在升級到1.2,獲得所有查詢的這個錯誤。

運行過程:/ opt / splunk / bin / nsjail-wrapper / opt / splunk / bin / python3.7 / opt / splunk / etc /應用程序/ TA-Databricks / bin / databricksquery。py錯誤' databricksquery '命令:外部搜索命令退出意外與零錯誤代碼1。

我在這裏開了一個問題https://github.com/databrickslabs/splunk-integration/issues/42但沒有後續。

是別人使用這個插件和v1.2成功嗎?

5回複5

shan_chandra
尊敬的貢獻者二世
尊敬的貢獻者二世

@hukel——你能分享完整的錯誤堆棧跟蹤嗎?

我看不到python堆棧跟蹤,因為助教不輸出到Splunk-logged位置(我能找到)。搜索。日誌輸出都是我能看到(粘貼)。

08-07-2023 16:03:05.046信息SearchParser [994756 searchOrchestrator] -解析:| databricksquery command_timeout = 1200查詢= " \ n \ n選擇ImageFileName _time, * \ n從銀。ProcessRollup2 \ n \ n之間event_date‘2023-08-07’和‘2023-08-07’\ n和_time > = 1691409780.000和_time < = 1691424183.000 \ n和低(\ n (ImageFileName)“設備\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ harddiskvolume % \ \ \ \ \ \ \ \ \ agentexecutor。exe ' \ n)由_time DESC \ n \ n \ n階極限1" 08-07-2023 16:03:05.047 INFO ServerConfig [994756 searchOrchestrator] - Will add app jailing prefix /opt/splunk/bin/nsjail-wrapper for TA-Databricks 08-07-2023 16:03:05.047 INFO ChunkedExternProcessor [994756 searchOrchestrator] - Running process: /opt/splunk/bin/nsjail-wrapper /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-Databricks/bin/databricksquery.py 08-07-2023 16:03:05.747 INFO ChunkedExternProcessor [994756 searchOrchestrator] - Custom search command is a generating command. 08-07-2023 16:03:05.747 WARN ChunkedExternProcessor [994756 searchOrchestrator] - Error adding inspector message: invalid level or message already exists 08-07-2023 16:03:05.747 INFO SearchPipeline [994756 searchOrchestrator] - ReportSearch=0 AllowBatchMode=0 08-07-2023 16:03:05.747 INFO SearchPhaseGenerator [994756 searchOrchestrator] - No need for RTWindowProcessor 08-07-2023 16:03:05.747 INFO SearchPhaseGenerator [994756 searchOrchestrator] - Adding timeliner to final phase 08-07-2023 16:03:05.747 INFO SearchParser [994756 searchOrchestrator] - PARSING: | timeliner remote=0 partial_commits=0 max_events_per_bucket=10000 fieldstats_update_maxperiod=60 bucket=0 extra_field=* 08-07-2023 16:03:05.747 INFO TimelineCreator [994756 searchOrchestrator] - Creating timeline with remote=0 partialCommits=0 commitFreq=0 syncKSFreq=0 maxSyncKSPeriodTime=60000 bucket=0 latestTime=1691424183.000000 earliestTime=1691409780.000000 08-07-2023 16:03:05.747 INFO SearchPhaseGenerator [994756 searchOrchestrator] - required fields list to add to different pipelines = *,_bkt,_cd,_si,host,index,linecount,source,sourcetype,splunk_server 08-07-2023 16:03:05.747 INFO SearchPhaseGenerator [994756 searchOrchestrator] - Search Phases created. 08-07-2023 16:03:05.749 INFO SearchOrchestrator [994756 searchOrchestrator] - Starting the status control thread. 08-07-2023 16:03:05.749 INFO SearchOrchestrator [994756 searchOrchestrator] - Starting phase=1 08-07-2023 16:03:05.749 INFO ReducePhaseExecutor [994794 phase_1] - Starting phase_1 08-07-2023 16:03:05.749 INFO SearchStatusEnforcer [994787 StatusEnforcerThread] - Enforcing disk quota = 10485760000 08-07-2023 16:03:05.805 ERROR ChunkedExternProcessor [994794 phase_1] - EOF while attempting to read transport header read_size=0 08-07-2023 16:03:05.805 ERROR ChunkedExternProcessor [994794 phase_1] - Error in 'databricksquery' command: External search command exited unexpectedly with non-zero error code 1. 08-07-2023 16:03:05.805 INFO ReducePhaseExecutor [994794 phase_1] - Ending phase_1

shan_chandra
尊敬的貢獻者二世
尊敬的貢獻者二世

@hukel——以下查詢運行在一個孤立的筆記本嗎?

選擇ImageFileName、_time *從銀\ n。ProcessRollup2 \ n \ n之間event_date‘2023-08-07’和‘2023-08-07’\ n和_time > = 1691409780.000和_time < = 1691424183.000 \ n和低(\ n (ImageFileName)“設備\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ harddiskvolume % \ \ \ \ \ \ \ \ \ agentexecutor。exe ' \ n)由_time DESC \ n \ n \ n階極限1

是的,這是一個測試我一直使用的查詢。它隻有1.2升級後停止工作。

hukel_0 - 1691425884567. - png

歡迎來到磚社區:讓學習、網絡和一起慶祝

加入我們的快速增長的數據專業人員和專家的80 k +社區成員,準備發現,幫助和合作而做出有意義的聯係。

點擊在這裏注冊今天,加入!

參與令人興奮的技術討論,加入一個組與你的同事和滿足我們的成員。

Baidu
map