General Notes
Splunk is a system for searching, monitoring, and analyzing machine-generated big data. It is often used for financial or trading information storage as well. This document is intended to describe how to configure FIXEye-Splunk connection and search for fix data in Splunk storage using FIXEye application.
...
| part of expression | description |
|---|---|
| search | In splunk it is a command for search. In FIXEye it is a mandatory word meaning usage of splunk syntax in search string. |
| "35=*" AND "49=oil" | An expression defining what we want to find. Quotes mean that we want to search text pattern not a splunk field. * means any symbol. AND is logical conjunction. Expression means find patterns containing both 35=* and 49=oil |
| | | a pipeline symbol - results from the output of previous processing step are put to the input of next step |
| rex | field extraction command. It takes as an input a regular expression, searches in the result of previous step and puts the search result in a field |
| "(?<Message>8=FIX.+\x0110=\d{3}\x01)" | Input for rex command. Regular expression providing extraction of FIX message (which start with 8=FIX and ends with SOH10=any3digitsSOH sequence). <Message> is the name of a field containing extracted FIX message put in brackets. |
| search Message !='' | search for FIX messages that are not empty ('' is two apostrophes). Message is the name from the previous pipeline step |
| table Message | Pick only Message group from all groups that is in the output of previous pipeline step |
...
- "Connection is not added" error. You can see exclamation marks on the right side of the fields. When pointer is over the mark pop-up explanations can be seen.
Incorrect URL - change URL, it must have correct form, e.g. https://localhost:8089 for local machine.
User name can't be empty - put in valid user name
Password can't be empty - put in password for user
- "Error occurred while parsing messages (in Details: 401 Unauthorized Warning: login failed )" error - Check user name and password in connection properties
...