prees1/btool inputs list (json)

## btool inputs list (json)
[SSL]
_rcvbuf = 1572864
allowSslRenegotiation = true
cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
host = $decideOnStartup
index = default
sslQuietShutdown = false
sslVersions = *,-ssl2
[batch:///opt/splunk/var/spool/splunk]
_rcvbuf = 1572864
crcSalt = <SOURCE>
host = $decideOnStartup
index = default
move_policy = sinkhole
[batch:///opt/splunk/var/spool/splunk/...stash_new]
_rcvbuf = 1572864
crcSalt = <SOURCE>
host = $decideOnStartup
index = default
move_policy = sinkhole
queue = stashparsing
sourcetype = stash_new
[blacklist:/opt/splunk/etc/auth]
_rcvbuf = 1572864
host = $decideOnStartup
index = default
[default]
_rcvbuf = 1572864
host = $decideOnStartup
index = default
[fschange:/opt/splunk/etc]
_rcvbuf = 1572864
delayInMills = 100
filesPerDelay = 10
followLinks = false
fullEvent = false
hashMaxSize = -1
host = $decideOnStartup
index = default
pollPeriod = 600
recurse = true
sendEventMaxSize = -1
signedaudit = true
[monitor:///opt/splunk/etc/splunk.version]
_TCP_ROUTING = *
_rcvbuf = 1572864
host = $decideOnStartup
index = _internal
sourcetype = splunk_version
[monitor:///opt/splunk/var/log/splunk]
_rcvbuf = 1572864
host = $decideOnStartup
index = _internal
[monitor:///opt/splunk/var/log/splunk/metrics.log]
_TCP_ROUTING = *
_rcvbuf = 1572864
host = $decideOnStartup
index = _internal
[monitor:///opt/splunk/var/log/splunk/splunkd.log]
_TCP_ROUTING = *
_rcvbuf = 1572864
host = $decideOnStartup
index = _internal
[script]
_rcvbuf = 1572864
host = $decideOnStartup
index = default
interval = 60.0
start_by_shell = true
[splunktcp]
_rcvbuf = 1572864
acceptFrom = *
connection_host = ip
host = $decideOnStartup
index = default
route = has_key:tautology:parsingQueue;absent_key:tautology:parsingQueue
[tcp]
_rcvbuf = 1572864
acceptFrom = *
connection_host = dns
host = $decideOnStartup
index = default
[udp]
_rcvbuf = 1572864
connection_host = ip
host = $decideOnStartup
index = default
[udp://:1514]
_rcvbuf = 1572864
connection_host = dns
host = $decideOnStartup
index = default
sourcetype = json_no_timestamp

## btool inputs list (syslog)
[SSL]
_rcvbuf = 1572864
allowSslRenegotiation = true
cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
host = $decideOnStartup
index = default
sslQuietShutdown = false
sslVersions = *,-ssl2
[batch:///opt/splunk/var/spool/splunk]
_rcvbuf = 1572864
crcSalt = <SOURCE>
host = $decideOnStartup
index = default
move_policy = sinkhole
[batch:///opt/splunk/var/spool/splunk/...stash_new]
_rcvbuf = 1572864
crcSalt = <SOURCE>
host = $decideOnStartup
index = default
move_policy = sinkhole
queue = stashparsing
sourcetype = stash_new
[blacklist:/opt/splunk/etc/auth]
_rcvbuf = 1572864
host = $decideOnStartup
index = default
[default]
_rcvbuf = 1572864
host = $decideOnStartup
index = default
[fschange:/opt/splunk/etc]
_rcvbuf = 1572864
delayInMills = 100
filesPerDelay = 10
followLinks = false
fullEvent = false
hashMaxSize = -1
host = $decideOnStartup
index = default
pollPeriod = 600
recurse = true
sendEventMaxSize = -1
signedaudit = true
[monitor:///opt/splunk/etc/splunk.version]
_TCP_ROUTING = *
_rcvbuf = 1572864
host = $decideOnStartup
index = _internal
sourcetype = splunk_version
[monitor:///opt/splunk/var/log/splunk]
_rcvbuf = 1572864
host = $decideOnStartup
index = _internal
[monitor:///opt/splunk/var/log/splunk/metrics.log]
_TCP_ROUTING = *
_rcvbuf = 1572864
host = $decideOnStartup
index = _internal
[monitor:///opt/splunk/var/log/splunk/splunkd.log]
_TCP_ROUTING = *
_rcvbuf = 1572864
host = $decideOnStartup
index = _internal
[script]
_rcvbuf = 1572864
host = $decideOnStartup
index = default
interval = 60.0
start_by_shell = true
[splunktcp]
_rcvbuf = 1572864
acceptFrom = *
connection_host = ip
host = $decideOnStartup
index = default
route = has_key:tautology:parsingQueue;absent_key:tautology:parsingQueue
[tcp]
_rcvbuf = 1572864
acceptFrom = *
connection_host = dns
host = $decideOnStartup
index = default
[udp]
_rcvbuf = 1572864
connection_host = ip
host = $decideOnStartup
index = default
[udp://:1514]
_rcvbuf = 1572864
connection_host = dns
host = $decideOnStartup
index = default
sourcetype = syslog

## docker-compose
dev:
  build: docker/nginx
  links:
    - forwarder
  ports:
    - '80:80'
    - '443:443'
  log_driver: syslog
  log_opt:
    syslog-tag: dev
    syslog-address: udp://127.0.0.1
forwarder:
  build: apps/forwarder
  environment:
    - SPLUNK_FORWARD_SERVER=splunk:9997
  volumes_from:
    - forward_data
  links:
    - splunk
  ports:
   - '127.0.0.1:514:1514/udp'
  restart: always
forward_data:
  image: busybox
  volumes:
    - /opt/splunk/etc
    - /opt/splunk/var
splunk:
  build: apps/splunk
  hostname: splunk
  ports:
    - '8050:8000'
  restart: always

## json-setup_splunk-logs

n=1, shared_services_population=1
12-08-2015 15:26:01.571 +0000 INFO  loader - Setting SSL configuration.
12-08-2015 15:26:01.571 +0000 INFO  loader - Server supporting SSL versions SSL3,TLS1.0,TLS1.1,TLS1.2
12-08-2015 15:26:01.571 +0000 INFO  loader - Using cipher suite TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
12-08-2015 15:26:01.571 +0000 INFO  loader - ECDH curve not configured
12-08-2015 15:26:01.897 +0000 INFO  SpecFiles - Found external scheme definition for stanza "MonitorNoHandle://" with 2 parameters: disabled, index
12-08-2015 15:26:01.897 +0000 INFO  SpecFiles - Found external scheme definition for stanza "WinEventLog://" with 30 parameters: start_from, current_only, che
ckpointInterval, disabled, evt_resolve_ad_obj, evt_dc_name, evt_dns_name, index, whitelist, blacklist, whitelist1, whitelist2, whitelist3, whitelist4, whiteli
st5, whitelist6, whitelist7, whitelist8, whitelist9, blacklist1, blacklist2, blacklist3, blacklist4, blacklist5, blacklist6, blacklist7, blacklist8, blacklist
9, suppress_text, renderXml
12-08-2015 15:26:01.897 +0000 INFO  SpecFiles - Found external scheme definition for stanza "WinHostMon://" with 4 parameters: type, interval, disabled, index
12-08-2015 15:26:01.897 +0000 INFO  SpecFiles - Found external scheme definition for stanza "WinNetMon://" with 15 parameters: remoteAddress, process, user, a
ddressFamily, packetType, direction, protocol, readInterval, driverBufferSize, userBufferSize, mode, multikvMaxEventCount, multikvMaxTimeMs, disabled, index
12-08-2015 15:26:01.897 +0000 INFO  SpecFiles - Found external scheme definition for stanza "WinPrintMon://" with 4 parameters: type, baseline, disabled, inde
x
12-08-2015 15:26:01.897 +0000 INFO  SpecFiles - Found external scheme definition for stanza "WinRegMon://" with 7 parameters: proc, hive, type, baseline, base
line_interval, disabled, index
12-08-2015 15:26:01.897 +0000 INFO  SpecFiles - Found external scheme definition for stanza "admon://" with 7 parameters: targetDc, startingNode, monitorSubtr
ee, disabled, index, printSchema, baseline
12-08-2015 15:26:01.897 +0000 INFO  SpecFiles - Found external scheme definition for stanza "perfmon://" with 11 parameters: object, counters, instances, inte
rval, mode, samplingInterval, stats, disabled, index, showZeroValue, useEnglishOnly
12-08-2015 15:26:01.900 +0000 WARN  ClusteringMgr - Ignoring clustering configuration, the active license disables this feature.
12-08-2015 15:26:01.901 +0000 INFO  SHPoolingMgr - initing shpooling with: ht=60 rf=3 ct=60 st=60 rt=60 rct=5 rst=5 rrt=10 rmst=600 rmrt=600 pe=1 im=0 is=0 mo
r=5 pb=5 rep_port= pptr=10
12-08-2015 15:26:01.901 +0000 INFO  SHPoolingMgr - shpooling disabled
12-08-2015 15:26:01.901 +0000 INFO  DS_DC_Common - Initializing the PubSub system.
12-08-2015 15:26:01.901 +0000 INFO  DS_DC_Common - Initializing core facilities of PubSub system.
12-08-2015 15:26:01.914 +0000 INFO  DC:DeploymentClient - target-broker clause is missing.
12-08-2015 15:26:01.914 +0000 WARN  DC:DeploymentClient - DeploymentClient explicitly disabled through config.
12-08-2015 15:26:01.914 +0000 INFO  DS_DC_Common - Deployment Client not initialized.
12-08-2015 15:26:01.914 +0000 INFO  DS_DC_Common - Deployment Server not available on a dedicated forwarder.
12-08-2015 15:26:01.914 +0000 INFO  IntrospectionGenerator:disk_objects - Enabled: indexes|volumes|dispatch=false fishbucket=true partitions=false
12-08-2015 15:26:01.914 +0000 INFO  IntrospectionGenerator:disk_objects - I-data gathering (Disk Objects) starting; period=600s
12-08-2015 15:26:01.915 +0000 INFO  IntrospectionGenerator:disk_objects - Cannot get inputs progress: fishbucket not yet initialized.
12-08-2015 15:26:01.915 +0000 WARN  DistributedPeerManager - feature=DistSearch not enabled for your license level
12-08-2015 15:26:01.915 +0000 INFO  IndexProcessor - running splunkd specific init
12-08-2015 15:26:01.915 +0000 INFO  loader - Initializing from configuration
12-08-2015 15:26:01.917 +0000 INFO  PipelineComponent - Pipeline fifo disabled in default-mode.conf file
12-08-2015 15:26:01.917 +0000 INFO  TcpInputConfig - SSL clause not found or servercert not provided - SSL ports will not be available
12-08-2015 15:26:01.917 +0000 INFO  TcpInputProc - Registering metrics callback for: tcpin_connections
12-08-2015 15:26:02.177 +0000 INFO  TcpOutputProc - Initializing with fwdtype=lwf
12-08-2015 15:26:02.177 +0000 INFO  ServerRoles - Declared role=lightweight_forwarder.
12-08-2015 15:26:02.185 +0000 INFO  TcpOutputProc - found Whitelist forwardedindex.0.whitelist , RE : forwardedindex.0.whitelist
12-08-2015 15:26:02.185 +0000 INFO  TcpOutputProc - found Blacklist forwardedindex.1.blacklist , RE : forwardedindex.1.blacklist
12-08-2015 15:26:02.185 +0000 INFO  TcpOutputProc - found Whitelist forwardedindex.2.whitelist , RE : forwardedindex.2.whitelist
12-08-2015 15:26:02.185 +0000 INFO  TcpOutputProc - Initializing connection for non-ssl forwarding to splunk:9997
12-08-2015 15:26:02.185 +0000 INFO  TcpOutputProc - tcpout group default-autolb-group using Auto load balanced forwarding
12-08-2015 15:26:02.185 +0000 INFO  TcpOutputProc - Group default-autolb-group initialized with maxQueueSize=512000 in bytes.
12-08-2015 15:26:02.185 +0000 INFO  PipelineComponent - Pipeline merging disabled in default-mode.conf file
12-08-2015 15:26:02.185 +0000 INFO  PipelineComponent - Pipeline typing disabled in default-mode.conf file
12-08-2015 15:26:02.185 +0000 INFO  PipelineComponent - Pipeline vix disabled in default-mode.conf file
12-08-2015 15:26:02.185 +0000 INFO  PipelineComponent - Launching the pipelines.
12-08-2015 15:26:02.187 +0000 INFO  loader - Limiting REST HTTP server to 349525 sockets
12-08-2015 15:26:02.187 +0000 INFO  loader - Limiting REST HTTP server to 1315 threads
12-08-2015 15:26:02.294 +0000 INFO  TailingProcessor - TailWatcher initializing...
12-08-2015 15:26:02.294 +0000 INFO  TailingProcessor - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/splunk.
12-08-2015 15:26:02.294 +0000 INFO  TailingProcessor - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/splunk/...stash_new.
12-08-2015 15:26:02.294 +0000 INFO  TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/etc/splunk.version.
12-08-2015 15:26:02.295 +0000 INFO  TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk.
12-08-2015 15:26:02.295 +0000 INFO  TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk/metrics.log.
12-08-2015 15:26:02.295 +0000 INFO  TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk/splunkd.log.
12-08-2015 15:26:02.295 +0000 INFO  TailingProcessor - Adding watch on path: /opt/splunk/etc/splunk.version.
12-08-2015 15:26:02.295 +0000 INFO  TailingProcessor - Adding watch on path: /opt/splunk/var/log/splunk.
12-08-2015 15:26:02.295 +0000 INFO  TailingProcessor - Adding watch on path: /opt/splunk/var/spool/splunk.
12-08-2015 15:26:02.295 +0000 INFO  BatchReader - State transitioning from 2 to 0 (initOrResume).
12-08-2015 15:26:02.304 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='/opt/splunk/var/log/splunk/s
cheduler.log'.
12-08-2015 15:26:02.308 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='/opt/splunk/var/log/splunk/m
ongod.log'.
12-08-2015 15:26:02.310 +0000 INFO  WatchedFile - Will begin reading at offset=1935 for file='/opt/splunk/var/log/splunk/audit.log'.
12-08-2015 15:26:02.316 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='/opt/splunk/var/log/splunk/s
earchhistory.log'.
12-08-2015 15:26:02.320 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='/opt/splunk/var/log/splunk/b
tool.log'.
12-08-2015 15:26:02.323 +0000 INFO  WatchedFile - Will begin reading at offset=234 for file='/opt/splunk/var/log/splunk/splunkd_stderr.log'.
12-08-2015 15:26:02.326 +0000 INFO  WatchedFile - Will begin reading at offset=2218 for file='/opt/splunk/var/log/splunk/splunkd-utility.log'.
12-08-2015 15:26:02.328 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='/opt/splunk/var/log/splunk/l
icense_audit.log'.
12-08-2015 15:26:02.330 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='/opt/splunk/var/log/splunk/l
icense_usage.log'.
12-08-2015 15:26:02.336 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='/opt/splunk/var/log/splunk/s
plunkd_ui_access.log'.
12-08-2015 15:26:02.336 +0000 INFO  TcpOutputProc - Connected to idx=172.17.0.3:9997
12-08-2015 15:26:02.338 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='/opt/splunk/var/log/splunk/c
onf.log'.
12-08-2015 15:26:02.347 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='/opt/splunk/var/log/splunk/s
plunkd_stdout.log'.
12-08-2015 15:26:02.359 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='/opt/splunk/var/log/splunk/r
emote_searches.log'.

## syslog-setup_splunk-logs
12-08-2015 15:20:19.705 +0000 INFO  ServerConfig - My GUID is 8B5A0B6F-693F-4287-A15B-DF6658ABD59B
12-08-2015 15:20:19.705 +0000 INFO  ServerConfig - My server name is "67e9d60b38cc".
12-08-2015 15:20:19.705 +0000 INFO  ServerConfig - Found no site defined in server.conf
12-08-2015 15:20:19.705 +0000 INFO  ServerConfig - My hostname is "12298c35f9e5".
12-08-2015 15:20:19.811 +0000 INFO  ServerConfig - Setting HTTP server compression state=on
12-08-2015 15:20:19.811 +0000 INFO  ServerConfig - Setting HTTP client compression state=0 (false)
12-08-2015 15:20:19.811 +0000 INFO  ServerConfig - Default output queue for file-based input: parsingQueue.
12-08-2015 15:20:19.816 +0000 INFO  LicenseMgr - Initing LicenseMgr
12-08-2015 15:20:19.816 +0000 INFO  LMConfig - serverName=67e9d60b38cc guid=8B5A0B6F-693F-4287-A15B-DF6658ABD59B
12-08-2015 15:20:19.816 +0000 INFO  LMConfig - connection_timeout=30
12-08-2015 15:20:19.816 +0000 INFO  LMConfig - send_timeout=30
12-08-2015 15:20:19.816 +0000 INFO  LMConfig - receive_timeout=30
12-08-2015 15:20:19.816 +0000 INFO  LMConfig - squash_threshold=2000
12-08-2015 15:20:19.816 +0000 INFO  LMConfig - strict_pool_quota=1
12-08-2015 15:20:19.816 +0000 INFO  LMConfig - key=pool_suggestion not found in licenser stanza of server.conf, defaul
ting=''
12-08-2015 15:20:19.816 +0000 INFO  LicenseMgr - Initing LicenseMgr runContext_splunkd=true
12-08-2015 15:20:19.816 +0000 INFO  LMStackMgr - closing stack mgr
12-08-2015 15:20:19.816 +0000 INFO  LMSlaveInfo - all slaves cleared
12-08-2015 15:20:19.816 +0000 INFO  LMStackMgr - added pool auto_generated_pool_forwarder to stack forwarder
12-08-2015 15:20:19.816 +0000 INFO  LMStackMgr - added pool auto_generated_pool_free to stack free
12-08-2015 15:20:19.816 +0000 INFO  ServerRoles - Declared role=license_master.
12-08-2015 15:20:19.816 +0000 INFO  LMStackMgr - init completed [8B5A0B6F-693F-4287-A15B-DF6658ABD59B,Forwarder,runCon
text_splunkd=true]
12-08-2015 15:20:19.816 +0000 INFO  LicenseMgr - StackMgr init complete...
12-08-2015 15:20:19.816 +0000 INFO  LMTracker - init'ing slaveId=8B5A0B6F-693F-4287-A15B-DF6658ABD59B label=67e9d60b38
cc [30,30,self]
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - enabling implicit feature set
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=Acceleration state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=AdvancedSearchCommands state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=AdvancedXML state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=CustomRoles state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=GuestPass state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=KVStore state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=LDAPAuth state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=MultisiteClustering state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=NontableLookups state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=RollingWindowAlerts state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=ScheduledAlerts state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=ScheduledReports state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=SearchheadPooling state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=UnisiteClustering state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - attempting to ping master=self from slave=8B5A0B6F-693F-4287-A15B-DF66
58ABD59B
12-08-2015 15:20:19.817 +0000 INFO  LMSlaveInfo - new slave='8B5A0B6F-693F-4287-A15B-DF6658ABD59B' created
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=Acceleration state=DISABLED_DUE_TO_LICENSE (featureSta
tus=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=AdvancedSearchCommands state=DISABLED_DUE_TO_LICENSE (
featureStatus=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=AdvancedXML state=DISABLED_DUE_TO_LICENSE (featureStat
us=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=Alerting state=DISABLED_DUE_TO_LICENSE (featureStatus=
2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=AllowDuplicateKeys state=DISABLED_DUE_TO_LICENSE (feat
ureStatus=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=Auth state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=CanBeRemoteMaster state=DISABLED_DUE_TO_LICENSE (featu
reStatus=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=CustomRoles state=DISABLED_DUE_TO_LICENSE (featureStat
us=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=DeployClient state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=DeployServer state=DISABLED_DUE_TO_LICENSE (featureSta
tus=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=DistSearch state=DISABLED_DUE_TO_LICENSE (featureStatu
s=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=FwdData state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=GuestPass state=DISABLED_DUE_TO_LICENSE (featureStatus
=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=KVStore state=DISABLED_DUE_TO_LICENSE (featureStatus=2
)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=LDAPAuth state=DISABLED_DUE_TO_LICENSE (featureStatus=
2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=LocalSearch state=DISABLED_DUE_TO_LICENSE (featureStat
us=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=MultisiteClustering state=DISABLED_DUE_TO_LICENSE (fea
tureStatus=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=NontableLookups state=DISABLED_DUE_TO_LICENSE (feature
Status=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=RcvData state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=RcvSearch state=DISABLED_DUE_TO_LICENSE (featureStatus
=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=ResetWarnings state=DISABLED_DUE_TO_LICENSE (featureSt
atus=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=RollingWindowAlerts state=DISABLED_DUE_TO_LICENSE (fea
tureStatus=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=ScheduledAlerts state=DISABLED_DUE_TO_LICENSE (feature
Status=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=ScheduledReports state=DISABLED_DUE_TO_LICENSE (featur
eStatus=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=ScheduledSearch state=DISABLED_DUE_TO_LICENSE (feature
Status=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=SearchheadPooling state=DISABLED_DUE_TO_LICENSE (featu
reStatus=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=SigningProcessor state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=SplunkWeb state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=SyslogOutputProcessor state=ENABLED (featureStatus=1)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - Setting feature=UnisiteClustering state=DISABLED_DUE_TO_LICENSE (featu
reStatus=2)
12-08-2015 15:20:19.817 +0000 INFO  LMTracker - setting masterGuid='8B5A0B6F-693F-4287-A15B-DF6658ABD59B'
12-08-2015 15:20:19.818 +0000 INFO  LMTracker - attempting to contact master=self from slave=8B5A0B6F-693F-4287-A15B-D
F6658ABD59B success
12-08-2015 15:20:19.818 +0000 INFO  LicenseMgr - Tracker init complete...
12-08-2015 15:20:19.832 +0000 INFO  ulimit - Limit: virtual address space size: unlimited
12-08-2015 15:20:19.832 +0000 INFO  ulimit - Limit: data segment size: unlimited
12-08-2015 15:20:19.832 +0000 INFO  ulimit - Limit: resident memory size: unlimited
12-08-2015 15:20:19.832 +0000 INFO  ulimit - Limit: stack size: 8388608 bytes [hard maximum: unlimited]
12-08-2015 15:20:19.832 +0000 INFO  ulimit - Limit: core file size: 0 bytes [hard maximum: unlimited]
12-08-2015 15:20:19.832 +0000 WARN  ulimit - Core file generation disabled
12-08-2015 15:20:19.832 +0000 INFO  ulimit - Limit: data file size: unlimited
12-08-2015 15:20:19.832 +0000 INFO  ulimit - Limit: open files: 1048576 files
12-08-2015 15:20:19.832 +0000 INFO  ulimit - Limit: user processes: 524288 processes [hard maximum: 1048576 processes]
12-08-2015 15:20:19.832 +0000 INFO  ulimit - Limit: cpu time: unlimited
12-08-2015 15:20:19.832 +0000 INFO  ulimit - Linux transparent hugetables support, enabled="always" defrag="always"
12-08-2015 15:20:19.833 +0000 INFO  loader - Splunkd starting (build 275064).
12-08-2015 15:20:19.833 +0000 INFO  loader - System info: Linux, 12298c35f9e5, 3.13.0-37-generic, #64-Ubuntu SMP Mon S
ep 22 21:28:38 UTC 2014, x86_64.
12-08-2015 15:20:19.841 +0000 INFO  loader - Detected 4 (virtual) CPUs, 2 CPU cores, and 7892MB RAM
12-08-2015 15:20:19.841 +0000 INFO  loader - Maximum number of threads (approximate): 3946
12-08-2015 15:20:19.841 +0000 INFO  loader - Arguments are: "-p" "8089" "start"
12-08-2015 15:20:19.841 +0000 INFO  loader - Getting configuration data from: /opt/splunk/etc/myinstall/splunkd.xml
12-08-2015 15:20:19.842 +0000 INFO  loader - SPLUNK_MODULE_PATH environment variable not found - defaulting to /opt/sp
lunk/etc/modules
12-08-2015 15:20:19.842 +0000 INFO  loader - loading modules from /opt/splunk/etc/modules
12-08-2015 15:20:19.844 +0000 INFO  loader - Writing out composite configuration file: /opt/splunk/var/run/splunk/comp
osite.xml
12-08-2015 15:20:19.854 +0000 INFO  ServerRoles - Declared role=universal_forwarder.
12-08-2015 15:20:19.854 +0000 INFO  BundlesSetup - Setup stats for /opt/splunk/etc: wallclock_elapsed_msec=23, cpu_tim
e_used=0.01008, shared_services_generation=1, shared_services_population=1
12-08-2015 15:20:19.918 +0000 INFO  loader - Setting SSL configuration.
12-08-2015 15:20:19.918 +0000 INFO  loader - Server supporting SSL versions SSL3,TLS1.0,TLS1.1,TLS1.2
12-08-2015 15:20:19.918 +0000 INFO  loader - Using cipher suite TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
12-08-2015 15:20:19.918 +0000 INFO  loader - ECDH curve not configured
12-08-2015 15:20:20.395 +0000 INFO  SpecFiles - Found external scheme definition for stanza "MonitorNoHandle://" with
2 parameters: disabled, index
12-08-2015 15:20:20.395 +0000 INFO  SpecFiles - Found external scheme definition for stanza "WinEventLog://" with 30 p
arameters: start_from, current_only, checkpointInterval, disabled, evt_resolve_ad_obj, evt_dc_name, evt_dns_name, inde
x, whitelist, blacklist, whitelist1, whitelist2, whitelist3, whitelist4, whitelist5, whitelist6, whitelist7, whitelist
8, whitelist9, blacklist1, blacklist2, blacklist3, blacklist4, blacklist5, blacklist6, blacklist7, blacklist8, blackli
st9, suppress_text, renderXml
12-08-2015 15:20:20.395 +0000 INFO  SpecFiles - Found external scheme definition for stanza "WinHostMon://" with 4 par
ameters: type, interval, disabled, index
12-08-2015 15:20:20.395 +0000 INFO  SpecFiles - Found external scheme definition for stanza "WinNetMon://" with 15 par
ameters: remoteAddress, process, user, addressFamily, packetType, direction, protocol, readInterval, driverBufferSize,
 userBufferSize, mode, multikvMaxEventCount, multikvMaxTimeMs, disabled, index
12-08-2015 15:20:20.395 +0000 INFO  SpecFiles - Found external scheme definition for stanza "WinPrintMon://" with 4 pa
rameters: type, baseline, disabled, index
12-08-2015 15:20:20.395 +0000 INFO  SpecFiles - Found external scheme definition for stanza "WinRegMon://" with 7 para
meters: proc, hive, type, baseline, baseline_interval, disabled, index
12-08-2015 15:20:20.395 +0000 INFO  SpecFiles - Found external scheme definition for stanza "admon://" with 7 paramete
rs: targetDc, startingNode, monitorSubtree, disabled, index, printSchema, baseline
12-08-2015 15:20:20.395 +0000 INFO  SpecFiles - Found external scheme definition for stanza "perfmon://" with 11 param
eters: object, counters, instances, interval, mode, samplingInterval, stats, disabled, index, showZeroValue, useEnglis
hOnly
12-08-2015 15:20:20.397 +0000 WARN  ClusteringMgr - Ignoring clustering configuration, the active license disables thi
s feature.
12-08-2015 15:20:20.398 +0000 INFO  SHPoolingMgr - initing shpooling with: ht=60 rf=3 ct=60 st=60 rt=60 rct=5 rst=5 rr
t=10 rmst=600 rmrt=600 pe=1 im=0 is=0 mor=5 pb=5 rep_port= pptr=10
12-08-2015 15:20:20.398 +0000 INFO  SHPoolingMgr - shpooling disabled
12-08-2015 15:20:20.398 +0000 INFO  DS_DC_Common - Initializing the PubSub system.
12-08-2015 15:20:20.398 +0000 INFO  DS_DC_Common - Initializing core facilities of PubSub system.
12-08-2015 15:20:20.412 +0000 INFO  DC:DeploymentClient - target-broker clause is missing.
12-08-2015 15:20:20.412 +0000 WARN  DC:DeploymentClient - DeploymentClient explicitly disabled through config.
12-08-2015 15:20:20.412 +0000 INFO  DS_DC_Common - Deployment Client not initialized.
12-08-2015 15:20:20.412 +0000 INFO  DS_DC_Common - Deployment Server not available on a dedicated forwarder.
12-08-2015 15:20:20.412 +0000 INFO  IntrospectionGenerator:disk_objects - Enabled: indexes|volumes|dispatch=false fish
bucket=true partitions=false
12-08-2015 15:20:20.412 +0000 INFO  IntrospectionGenerator:disk_objects - I-data gathering (Disk Objects) starting; pe
riod=600s
12-08-2015 15:20:20.412 +0000 INFO  IntrospectionGenerator:disk_objects - Cannot get inputs progress: fishbucket not y
et initialized.
12-08-2015 15:20:20.413 +0000 WARN  DistributedPeerManager - feature=DistSearch not enabled for your license level
12-08-2015 15:20:20.413 +0000 INFO  IndexProcessor - running splunkd specific init
12-08-2015 15:20:20.451 +0000 INFO  loader - Initializing from configuration
12-08-2015 15:20:20.452 +0000 INFO  PipelineComponent - Pipeline fifo disabled in default-mode.conf file
12-08-2015 15:20:20.452 +0000 INFO  TcpInputConfig - SSL clause not found or servercert not provided - SSL ports will
not be available
12-08-2015 15:20:20.452 +0000 INFO  TcpInputProc - Registering metrics callback for: tcpin_connections
12-08-2015 15:20:20.818 +0000 INFO  TcpOutputProc - Initializing with fwdtype=lwf
12-08-2015 15:20:20.818 +0000 INFO  ServerRoles - Declared role=lightweight_forwarder.
12-08-2015 15:20:20.853 +0000 INFO  TcpOutputProc - found Whitelist forwardedindex.0.whitelist , RE : forwardedindex.0
.whitelist
12-08-2015 15:20:20.854 +0000 INFO  TcpOutputProc - found Blacklist forwardedindex.1.blacklist , RE : forwardedindex.1
.blacklist
12-08-2015 15:20:20.854 +0000 INFO  TcpOutputProc - found Whitelist forwardedindex.2.whitelist , RE : forwardedindex.2
.whitelist
12-08-2015 15:20:20.854 +0000 INFO  TcpOutputProc - Initializing connection for non-ssl forwarding to splunk:9997
12-08-2015 15:20:20.854 +0000 INFO  TcpOutputProc - tcpout group default-autolb-group using Auto load balanced forward
ing
12-08-2015 15:20:20.854 +0000 INFO  TcpOutputProc - Group default-autolb-group initialized with maxQueueSize=512000 in
 bytes.
12-08-2015 15:20:20.931 +0000 INFO  PipelineComponent - Pipeline merging disabled in default-mode.conf file
12-08-2015 15:20:20.931 +0000 INFO  PipelineComponent - Pipeline typing disabled in default-mode.conf file
12-08-2015 15:20:20.931 +0000 INFO  PipelineComponent - Pipeline vix disabled in default-mode.conf file
12-08-2015 15:20:20.931 +0000 INFO  PipelineComponent - Launching the pipelines.
12-08-2015 15:20:20.933 +0000 INFO  loader - Limiting REST HTTP server to 349525 sockets
12-08-2015 15:20:20.933 +0000 INFO  loader - Limiting REST HTTP server to 1315 threads
12-08-2015 15:20:21.278 +0000 INFO  TailingProcessor - TailWatcher initializing...
12-08-2015 15:20:21.278 +0000 INFO  TailingProcessor - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/sp
lunk.
12-08-2015 15:20:21.278 +0000 INFO  TailingProcessor - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/sp
lunk/...stash_new.
12-08-2015 15:20:21.278 +0000 INFO  TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/etc/splunk
.version.
12-08-2015 15:20:21.279 +0000 INFO  TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/sp
lunk.
12-08-2015 15:20:21.279 +0000 INFO  TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/sp
lunk/metrics.log.
12-08-2015 15:20:21.279 +0000 INFO  TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/sp
lunk/splunkd.log.
12-08-2015 15:20:21.279 +0000 INFO  TailingProcessor - Adding watch on path: /opt/splunk/etc/splunk.version.
12-08-2015 15:20:21.279 +0000 INFO  TailingProcessor - Adding watch on path: /opt/splunk/var/log/splunk.
12-08-2015 15:20:21.279 +0000 INFO  TailingProcessor - Adding watch on path: /opt/splunk/var/spool/splunk.
12-08-2015 15:20:21.279 +0000 INFO  BatchReader - State transitioning from 2 to 0 (initOrResume).
12-08-2015 15:20:21.289 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read e
ntire file='/opt/splunk/var/log/splunk/scheduler.log'.
12-08-2015 15:20:21.293 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read e
ntire file='/opt/splunk/var/log/splunk/mongod.log'.
12-08-2015 15:20:21.303 +0000 INFO  WatchedFile - Will begin reading at offset=1208 for file='/opt/splunk/var/log/splu
nk/audit.log'.
12-08-2015 15:20:21.307 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read e
ntire file='/opt/splunk/var/log/splunk/searchhistory.log'.
12-08-2015 15:20:21.328 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read e
ntire file='/opt/splunk/var/log/splunk/btool.log'.
12-08-2015 15:20:21.335 +0000 INFO  WatchedFile - Will begin reading at offset=117 for file='/opt/splunk/var/log/splun
k/splunkd_stderr.log'.
12-08-2015 15:20:21.338 +0000 INFO  WatchedFile - Will begin reading at offset=1109 for file='/opt/splunk/var/log/splu
nk/splunkd-utility.log'.
12-08-2015 15:20:21.347 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read e
ntire file='/opt/splunk/var/log/splunk/license_audit.log'.
12-08-2015 15:20:21.360 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read e
ntire file='/opt/splunk/var/log/splunk/license_usage.log'.
12-08-2015 15:20:21.381 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read e
ntire file='/opt/splunk/var/log/splunk/splunkd_ui_access.log'.
12-08-2015 15:20:21.383 +0000 INFO  TcpOutputProc - Connected to idx=172.17.0.3:9997
12-08-2015 15:20:21.388 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read e
ntire file='/opt/splunk/var/log/splunk/conf.log'.
12-08-2015 15:20:21.395 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read e
ntire file='/opt/splunk/var/log/splunk/splunkd_stdout.log'.
12-08-2015 15:20:21.408 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read e
ntire file='/opt/splunk/var/log/splunk/remote_searches.log'.
	[SSL]
	_rcvbuf = 1572864
	allowSslRenegotiation = true
	cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
	host = $decideOnStartup
	index = default
	sslQuietShutdown = false
	sslVersions = *,-ssl2
	[batch:///opt/splunk/var/spool/splunk]
	_rcvbuf = 1572864
	crcSalt = <SOURCE>
	host = $decideOnStartup
	index = default
	move_policy = sinkhole
	[batch:///opt/splunk/var/spool/splunk/...stash_new]
	_rcvbuf = 1572864
	crcSalt = <SOURCE>
	host = $decideOnStartup
	index = default
	move_policy = sinkhole
	queue = stashparsing
	sourcetype = stash_new
	[blacklist:/opt/splunk/etc/auth]
	_rcvbuf = 1572864
	host = $decideOnStartup
	index = default
	[default]
	_rcvbuf = 1572864
	host = $decideOnStartup
	index = default
	[fschange:/opt/splunk/etc]
	_rcvbuf = 1572864
	delayInMills = 100
	filesPerDelay = 10
	followLinks = false
	fullEvent = false
	hashMaxSize = -1
	host = $decideOnStartup
	index = default
	pollPeriod = 600
	recurse = true
	sendEventMaxSize = -1
	signedaudit = true
	[monitor:///opt/splunk/etc/splunk.version]
	_TCP_ROUTING = *
	_rcvbuf = 1572864
	host = $decideOnStartup
	index = _internal
	sourcetype = splunk_version
	[monitor:///opt/splunk/var/log/splunk]
	_rcvbuf = 1572864
	host = $decideOnStartup
	index = _internal
	[monitor:///opt/splunk/var/log/splunk/metrics.log]
	_TCP_ROUTING = *
	_rcvbuf = 1572864
	host = $decideOnStartup
	index = _internal
	[monitor:///opt/splunk/var/log/splunk/splunkd.log]
	_TCP_ROUTING = *
	_rcvbuf = 1572864
	host = $decideOnStartup
	index = _internal
	[script]
	_rcvbuf = 1572864
	host = $decideOnStartup
	index = default
	interval = 60.0
	start_by_shell = true
	[splunktcp]
	_rcvbuf = 1572864
	acceptFrom = *
	connection_host = ip
	host = $decideOnStartup
	index = default
	route = has_key:tautology:parsingQueue;absent_key:tautology:parsingQueue
	[tcp]
	_rcvbuf = 1572864
	acceptFrom = *
	connection_host = dns
	host = $decideOnStartup
	index = default
	[udp]
	_rcvbuf = 1572864
	connection_host = ip
	host = $decideOnStartup
	index = default
	[udp://:1514]
	_rcvbuf = 1572864
	connection_host = dns
	host = $decideOnStartup
	index = default
	sourcetype = json_no_timestamp
	dev:
	build: docker/nginx
	links:
	- forwarder
	ports:
	- '80:80'
	- '443:443'
	log_driver: syslog
	log_opt:
	syslog-tag: dev
	syslog-address: udp://127.0.0.1
	forwarder:
	build: apps/forwarder
	environment:
	- SPLUNK_FORWARD_SERVER=splunk:9997
	volumes_from:
	- forward_data
	links:
	- splunk
	ports:
	- '127.0.0.1:514:1514/udp'
	restart: always
	forward_data:
	image: busybox
	volumes:
	- /opt/splunk/etc
	- /opt/splunk/var
	splunk:
	build: apps/splunk
	hostname: splunk
	ports:
	- '8050:8000'
	restart: always

	n=1, shared_services_population=1
	12-08-2015 15:26:01.571 +0000 INFO loader - Setting SSL configuration.
	12-08-2015 15:26:01.571 +0000 INFO loader - Server supporting SSL versions SSL3,TLS1.0,TLS1.1,TLS1.2
	12-08-2015 15:26:01.571 +0000 INFO loader - Using cipher suite TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
	12-08-2015 15:26:01.571 +0000 INFO loader - ECDH curve not configured
	12-08-2015 15:26:01.897 +0000 INFO SpecFiles - Found external scheme definition for stanza "MonitorNoHandle://" with 2 parameters: disabled, index
	12-08-2015 15:26:01.897 +0000 INFO SpecFiles - Found external scheme definition for stanza "WinEventLog://" with 30 parameters: start_from, current_only, che
	ckpointInterval, disabled, evt_resolve_ad_obj, evt_dc_name, evt_dns_name, index, whitelist, blacklist, whitelist1, whitelist2, whitelist3, whitelist4, whiteli
	st5, whitelist6, whitelist7, whitelist8, whitelist9, blacklist1, blacklist2, blacklist3, blacklist4, blacklist5, blacklist6, blacklist7, blacklist8, blacklist
	9, suppress_text, renderXml
	12-08-2015 15:26:01.897 +0000 INFO SpecFiles - Found external scheme definition for stanza "WinHostMon://" with 4 parameters: type, interval, disabled, index
	12-08-2015 15:26:01.897 +0000 INFO SpecFiles - Found external scheme definition for stanza "WinNetMon://" with 15 parameters: remoteAddress, process, user, a
	ddressFamily, packetType, direction, protocol, readInterval, driverBufferSize, userBufferSize, mode, multikvMaxEventCount, multikvMaxTimeMs, disabled, index
	12-08-2015 15:26:01.897 +0000 INFO SpecFiles - Found external scheme definition for stanza "WinPrintMon://" with 4 parameters: type, baseline, disabled, inde
	x
	12-08-2015 15:26:01.897 +0000 INFO SpecFiles - Found external scheme definition for stanza "WinRegMon://" with 7 parameters: proc, hive, type, baseline, base
	line_interval, disabled, index
	12-08-2015 15:26:01.897 +0000 INFO SpecFiles - Found external scheme definition for stanza "admon://" with 7 parameters: targetDc, startingNode, monitorSubtr
	ee, disabled, index, printSchema, baseline
	12-08-2015 15:26:01.897 +0000 INFO SpecFiles - Found external scheme definition for stanza "perfmon://" with 11 parameters: object, counters, instances, inte
	rval, mode, samplingInterval, stats, disabled, index, showZeroValue, useEnglishOnly
	12-08-2015 15:26:01.900 +0000 WARN ClusteringMgr - Ignoring clustering configuration, the active license disables this feature.
	12-08-2015 15:26:01.901 +0000 INFO SHPoolingMgr - initing shpooling with: ht=60 rf=3 ct=60 st=60 rt=60 rct=5 rst=5 rrt=10 rmst=600 rmrt=600 pe=1 im=0 is=0 mo
	r=5 pb=5 rep_port= pptr=10
	12-08-2015 15:26:01.901 +0000 INFO SHPoolingMgr - shpooling disabled
	12-08-2015 15:26:01.901 +0000 INFO DS_DC_Common - Initializing the PubSub system.
	12-08-2015 15:26:01.901 +0000 INFO DS_DC_Common - Initializing core facilities of PubSub system.
	12-08-2015 15:26:01.914 +0000 INFO DC:DeploymentClient - target-broker clause is missing.
	12-08-2015 15:26:01.914 +0000 WARN DC:DeploymentClient - DeploymentClient explicitly disabled through config.
	12-08-2015 15:26:01.914 +0000 INFO DS_DC_Common - Deployment Client not initialized.
	12-08-2015 15:26:01.914 +0000 INFO DS_DC_Common - Deployment Server not available on a dedicated forwarder.
	12-08-2015 15:26:01.914 +0000 INFO IntrospectionGenerator:disk_objects - Enabled: indexes\|volumes\|dispatch=false fishbucket=true partitions=false
	12-08-2015 15:26:01.914 +0000 INFO IntrospectionGenerator:disk_objects - I-data gathering (Disk Objects) starting; period=600s
	12-08-2015 15:26:01.915 +0000 INFO IntrospectionGenerator:disk_objects - Cannot get inputs progress: fishbucket not yet initialized.
	12-08-2015 15:26:01.915 +0000 WARN DistributedPeerManager - feature=DistSearch not enabled for your license level
	12-08-2015 15:26:01.915 +0000 INFO IndexProcessor - running splunkd specific init
	12-08-2015 15:26:01.915 +0000 INFO loader - Initializing from configuration
	12-08-2015 15:26:01.917 +0000 INFO PipelineComponent - Pipeline fifo disabled in default-mode.conf file
	12-08-2015 15:26:01.917 +0000 INFO TcpInputConfig - SSL clause not found or servercert not provided - SSL ports will not be available
	12-08-2015 15:26:01.917 +0000 INFO TcpInputProc - Registering metrics callback for: tcpin_connections
	12-08-2015 15:26:02.177 +0000 INFO TcpOutputProc - Initializing with fwdtype=lwf
	12-08-2015 15:26:02.177 +0000 INFO ServerRoles - Declared role=lightweight_forwarder.
	12-08-2015 15:26:02.185 +0000 INFO TcpOutputProc - found Whitelist forwardedindex.0.whitelist , RE : forwardedindex.0.whitelist
	12-08-2015 15:26:02.185 +0000 INFO TcpOutputProc - found Blacklist forwardedindex.1.blacklist , RE : forwardedindex.1.blacklist
	12-08-2015 15:26:02.185 +0000 INFO TcpOutputProc - found Whitelist forwardedindex.2.whitelist , RE : forwardedindex.2.whitelist
	12-08-2015 15:26:02.185 +0000 INFO TcpOutputProc - Initializing connection for non-ssl forwarding to splunk:9997
	12-08-2015 15:26:02.185 +0000 INFO TcpOutputProc - tcpout group default-autolb-group using Auto load balanced forwarding
	12-08-2015 15:26:02.185 +0000 INFO TcpOutputProc - Group default-autolb-group initialized with maxQueueSize=512000 in bytes.
	12-08-2015 15:26:02.185 +0000 INFO PipelineComponent - Pipeline merging disabled in default-mode.conf file
	12-08-2015 15:26:02.185 +0000 INFO PipelineComponent - Pipeline typing disabled in default-mode.conf file
	12-08-2015 15:26:02.185 +0000 INFO PipelineComponent - Pipeline vix disabled in default-mode.conf file
	12-08-2015 15:26:02.185 +0000 INFO PipelineComponent - Launching the pipelines.
	12-08-2015 15:26:02.187 +0000 INFO loader - Limiting REST HTTP server to 349525 sockets
	12-08-2015 15:26:02.187 +0000 INFO loader - Limiting REST HTTP server to 1315 threads
	12-08-2015 15:26:02.294 +0000 INFO TailingProcessor - TailWatcher initializing...
	12-08-2015 15:26:02.294 +0000 INFO TailingProcessor - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/splunk.
	12-08-2015 15:26:02.294 +0000 INFO TailingProcessor - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/splunk/...stash_new.
	12-08-2015 15:26:02.294 +0000 INFO TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/etc/splunk.version.
	12-08-2015 15:26:02.295 +0000 INFO TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk.
	12-08-2015 15:26:02.295 +0000 INFO TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk/metrics.log.
	12-08-2015 15:26:02.295 +0000 INFO TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk/splunkd.log.
	12-08-2015 15:26:02.295 +0000 INFO TailingProcessor - Adding watch on path: /opt/splunk/etc/splunk.version.
	12-08-2015 15:26:02.295 +0000 INFO TailingProcessor - Adding watch on path: /opt/splunk/var/log/splunk.
	12-08-2015 15:26:02.295 +0000 INFO TailingProcessor - Adding watch on path: /opt/splunk/var/spool/splunk.
	12-08-2015 15:26:02.295 +0000 INFO BatchReader - State transitioning from 2 to 0 (initOrResume).
	12-08-2015 15:26:02.304 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/opt/splunk/var/log/splunk/s
	cheduler.log'.
	12-08-2015 15:26:02.308 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/opt/splunk/var/log/splunk/m
	ongod.log'.
	12-08-2015 15:26:02.310 +0000 INFO WatchedFile - Will begin reading at offset=1935 for file='/opt/splunk/var/log/splunk/audit.log'.
	12-08-2015 15:26:02.316 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/opt/splunk/var/log/splunk/s
	earchhistory.log'.
	12-08-2015 15:26:02.320 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/opt/splunk/var/log/splunk/b
	tool.log'.
	12-08-2015 15:26:02.323 +0000 INFO WatchedFile - Will begin reading at offset=234 for file='/opt/splunk/var/log/splunk/splunkd_stderr.log'.
	12-08-2015 15:26:02.326 +0000 INFO WatchedFile - Will begin reading at offset=2218 for file='/opt/splunk/var/log/splunk/splunkd-utility.log'.
	12-08-2015 15:26:02.328 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/opt/splunk/var/log/splunk/l
	icense_audit.log'.
	12-08-2015 15:26:02.330 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/opt/splunk/var/log/splunk/l
	icense_usage.log'.
	12-08-2015 15:26:02.336 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/opt/splunk/var/log/splunk/s
	plunkd_ui_access.log'.
	12-08-2015 15:26:02.336 +0000 INFO TcpOutputProc - Connected to idx=172.17.0.3:9997
	12-08-2015 15:26:02.338 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/opt/splunk/var/log/splunk/c
	onf.log'.
	12-08-2015 15:26:02.347 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/opt/splunk/var/log/splunk/s
	plunkd_stdout.log'.
	12-08-2015 15:26:02.359 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='/opt/splunk/var/log/splunk/r
	emote_searches.log'.
	12-08-2015 15:20:19.705 +0000 INFO ServerConfig - My GUID is 8B5A0B6F-693F-4287-A15B-DF6658ABD59B
	12-08-2015 15:20:19.705 +0000 INFO ServerConfig - My server name is "67e9d60b38cc".
	12-08-2015 15:20:19.705 +0000 INFO ServerConfig - Found no site defined in server.conf
	12-08-2015 15:20:19.705 +0000 INFO ServerConfig - My hostname is "12298c35f9e5".
	12-08-2015 15:20:19.811 +0000 INFO ServerConfig - Setting HTTP server compression state=on
	12-08-2015 15:20:19.811 +0000 INFO ServerConfig - Setting HTTP client compression state=0 (false)
	12-08-2015 15:20:19.811 +0000 INFO ServerConfig - Default output queue for file-based input: parsingQueue.
	12-08-2015 15:20:19.816 +0000 INFO LicenseMgr - Initing LicenseMgr
	12-08-2015 15:20:19.816 +0000 INFO LMConfig - serverName=67e9d60b38cc guid=8B5A0B6F-693F-4287-A15B-DF6658ABD59B
	12-08-2015 15:20:19.816 +0000 INFO LMConfig - connection_timeout=30
	12-08-2015 15:20:19.816 +0000 INFO LMConfig - send_timeout=30
	12-08-2015 15:20:19.816 +0000 INFO LMConfig - receive_timeout=30
	12-08-2015 15:20:19.816 +0000 INFO LMConfig - squash_threshold=2000
	12-08-2015 15:20:19.816 +0000 INFO LMConfig - strict_pool_quota=1
	12-08-2015 15:20:19.816 +0000 INFO LMConfig - key=pool_suggestion not found in licenser stanza of server.conf, defaul
	ting=''
	12-08-2015 15:20:19.816 +0000 INFO LicenseMgr - Initing LicenseMgr runContext_splunkd=true
	12-08-2015 15:20:19.816 +0000 INFO LMStackMgr - closing stack mgr
	12-08-2015 15:20:19.816 +0000 INFO LMSlaveInfo - all slaves cleared
	12-08-2015 15:20:19.816 +0000 INFO LMStackMgr - added pool auto_generated_pool_forwarder to stack forwarder
	12-08-2015 15:20:19.816 +0000 INFO LMStackMgr - added pool auto_generated_pool_free to stack free
	12-08-2015 15:20:19.816 +0000 INFO ServerRoles - Declared role=license_master.
	12-08-2015 15:20:19.816 +0000 INFO LMStackMgr - init completed [8B5A0B6F-693F-4287-A15B-DF6658ABD59B,Forwarder,runCon
	text_splunkd=true]
	12-08-2015 15:20:19.816 +0000 INFO LicenseMgr - StackMgr init complete...
	12-08-2015 15:20:19.816 +0000 INFO LMTracker - init'ing slaveId=8B5A0B6F-693F-4287-A15B-DF6658ABD59B label=67e9d60b38
	cc [30,30,self]
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - enabling implicit feature set
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=Acceleration state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=AdvancedSearchCommands state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=AdvancedXML state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=CustomRoles state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=GuestPass state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=KVStore state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=LDAPAuth state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=MultisiteClustering state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=NontableLookups state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=RollingWindowAlerts state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=ScheduledAlerts state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=ScheduledReports state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=SearchheadPooling state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=UnisiteClustering state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - attempting to ping master=self from slave=8B5A0B6F-693F-4287-A15B-DF66
	58ABD59B
	12-08-2015 15:20:19.817 +0000 INFO LMSlaveInfo - new slave='8B5A0B6F-693F-4287-A15B-DF6658ABD59B' created
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=Acceleration state=DISABLED_DUE_TO_LICENSE (featureSta
	tus=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=AdvancedSearchCommands state=DISABLED_DUE_TO_LICENSE (
	featureStatus=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=AdvancedXML state=DISABLED_DUE_TO_LICENSE (featureStat
	us=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=Alerting state=DISABLED_DUE_TO_LICENSE (featureStatus=
	2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=AllowDuplicateKeys state=DISABLED_DUE_TO_LICENSE (feat
	ureStatus=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=Auth state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=CanBeRemoteMaster state=DISABLED_DUE_TO_LICENSE (featu
	reStatus=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=CustomRoles state=DISABLED_DUE_TO_LICENSE (featureStat
	us=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=DeployClient state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=DeployServer state=DISABLED_DUE_TO_LICENSE (featureSta
	tus=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=DistSearch state=DISABLED_DUE_TO_LICENSE (featureStatu
	s=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=FwdData state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=GuestPass state=DISABLED_DUE_TO_LICENSE (featureStatus
	=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=KVStore state=DISABLED_DUE_TO_LICENSE (featureStatus=2
	)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=LDAPAuth state=DISABLED_DUE_TO_LICENSE (featureStatus=
	2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=LocalSearch state=DISABLED_DUE_TO_LICENSE (featureStat
	us=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=MultisiteClustering state=DISABLED_DUE_TO_LICENSE (fea
	tureStatus=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=NontableLookups state=DISABLED_DUE_TO_LICENSE (feature
	Status=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=RcvData state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=RcvSearch state=DISABLED_DUE_TO_LICENSE (featureStatus
	=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=ResetWarnings state=DISABLED_DUE_TO_LICENSE (featureSt
	atus=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=RollingWindowAlerts state=DISABLED_DUE_TO_LICENSE (fea
	tureStatus=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=ScheduledAlerts state=DISABLED_DUE_TO_LICENSE (feature
	Status=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=ScheduledReports state=DISABLED_DUE_TO_LICENSE (featur
	eStatus=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=ScheduledSearch state=DISABLED_DUE_TO_LICENSE (feature
	Status=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=SearchheadPooling state=DISABLED_DUE_TO_LICENSE (featu
	reStatus=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=SigningProcessor state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=SplunkWeb state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=SyslogOutputProcessor state=ENABLED (featureStatus=1)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - Setting feature=UnisiteClustering state=DISABLED_DUE_TO_LICENSE (featu
	reStatus=2)
	12-08-2015 15:20:19.817 +0000 INFO LMTracker - setting masterGuid='8B5A0B6F-693F-4287-A15B-DF6658ABD59B'
	12-08-2015 15:20:19.818 +0000 INFO LMTracker - attempting to contact master=self from slave=8B5A0B6F-693F-4287-A15B-D
	F6658ABD59B success
	12-08-2015 15:20:19.818 +0000 INFO LicenseMgr - Tracker init complete...
	12-08-2015 15:20:19.832 +0000 INFO ulimit - Limit: virtual address space size: unlimited
	12-08-2015 15:20:19.832 +0000 INFO ulimit - Limit: data segment size: unlimited
	12-08-2015 15:20:19.832 +0000 INFO ulimit - Limit: resident memory size: unlimited
	12-08-2015 15:20:19.832 +0000 INFO ulimit - Limit: stack size: 8388608 bytes [hard maximum: unlimited]
	12-08-2015 15:20:19.832 +0000 INFO ulimit - Limit: core file size: 0 bytes [hard maximum: unlimited]
	12-08-2015 15:20:19.832 +0000 WARN ulimit - Core file generation disabled
	12-08-2015 15:20:19.832 +0000 INFO ulimit - Limit: data file size: unlimited
	12-08-2015 15:20:19.832 +0000 INFO ulimit - Limit: open files: 1048576 files
	12-08-2015 15:20:19.832 +0000 INFO ulimit - Limit: user processes: 524288 processes [hard maximum: 1048576 processes]
	12-08-2015 15:20:19.832 +0000 INFO ulimit - Limit: cpu time: unlimited
	12-08-2015 15:20:19.832 +0000 INFO ulimit - Linux transparent hugetables support, enabled="always" defrag="always"
	12-08-2015 15:20:19.833 +0000 INFO loader - Splunkd starting (build 275064).
	12-08-2015 15:20:19.833 +0000 INFO loader - System info: Linux, 12298c35f9e5, 3.13.0-37-generic, #64-Ubuntu SMP Mon S
	ep 22 21:28:38 UTC 2014, x86_64.
	12-08-2015 15:20:19.841 +0000 INFO loader - Detected 4 (virtual) CPUs, 2 CPU cores, and 7892MB RAM
	12-08-2015 15:20:19.841 +0000 INFO loader - Maximum number of threads (approximate): 3946
	12-08-2015 15:20:19.841 +0000 INFO loader - Arguments are: "-p" "8089" "start"
	12-08-2015 15:20:19.841 +0000 INFO loader - Getting configuration data from: /opt/splunk/etc/myinstall/splunkd.xml
	12-08-2015 15:20:19.842 +0000 INFO loader - SPLUNK_MODULE_PATH environment variable not found - defaulting to /opt/sp
	lunk/etc/modules
	12-08-2015 15:20:19.842 +0000 INFO loader - loading modules from /opt/splunk/etc/modules
	12-08-2015 15:20:19.844 +0000 INFO loader - Writing out composite configuration file: /opt/splunk/var/run/splunk/comp
	osite.xml
	12-08-2015 15:20:19.854 +0000 INFO ServerRoles - Declared role=universal_forwarder.
	12-08-2015 15:20:19.854 +0000 INFO BundlesSetup - Setup stats for /opt/splunk/etc: wallclock_elapsed_msec=23, cpu_tim
	e_used=0.01008, shared_services_generation=1, shared_services_population=1
	12-08-2015 15:20:19.918 +0000 INFO loader - Setting SSL configuration.
	12-08-2015 15:20:19.918 +0000 INFO loader - Server supporting SSL versions SSL3,TLS1.0,TLS1.1,TLS1.2
	12-08-2015 15:20:19.918 +0000 INFO loader - Using cipher suite TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
	12-08-2015 15:20:19.918 +0000 INFO loader - ECDH curve not configured
	12-08-2015 15:20:20.395 +0000 INFO SpecFiles - Found external scheme definition for stanza "MonitorNoHandle://" with
	2 parameters: disabled, index
	12-08-2015 15:20:20.395 +0000 INFO SpecFiles - Found external scheme definition for stanza "WinEventLog://" with 30 p
	arameters: start_from, current_only, checkpointInterval, disabled, evt_resolve_ad_obj, evt_dc_name, evt_dns_name, inde
	x, whitelist, blacklist, whitelist1, whitelist2, whitelist3, whitelist4, whitelist5, whitelist6, whitelist7, whitelist
	8, whitelist9, blacklist1, blacklist2, blacklist3, blacklist4, blacklist5, blacklist6, blacklist7, blacklist8, blackli
	st9, suppress_text, renderXml
	12-08-2015 15:20:20.395 +0000 INFO SpecFiles - Found external scheme definition for stanza "WinHostMon://" with 4 par
	ameters: type, interval, disabled, index
	12-08-2015 15:20:20.395 +0000 INFO SpecFiles - Found external scheme definition for stanza "WinNetMon://" with 15 par
	ameters: remoteAddress, process, user, addressFamily, packetType, direction, protocol, readInterval, driverBufferSize,
	userBufferSize, mode, multikvMaxEventCount, multikvMaxTimeMs, disabled, index
	12-08-2015 15:20:20.395 +0000 INFO SpecFiles - Found external scheme definition for stanza "WinPrintMon://" with 4 pa
	rameters: type, baseline, disabled, index
	12-08-2015 15:20:20.395 +0000 INFO SpecFiles - Found external scheme definition for stanza "WinRegMon://" with 7 para
	meters: proc, hive, type, baseline, baseline_interval, disabled, index
	12-08-2015 15:20:20.395 +0000 INFO SpecFiles - Found external scheme definition for stanza "admon://" with 7 paramete
	rs: targetDc, startingNode, monitorSubtree, disabled, index, printSchema, baseline
	12-08-2015 15:20:20.395 +0000 INFO SpecFiles - Found external scheme definition for stanza "perfmon://" with 11 param
	eters: object, counters, instances, interval, mode, samplingInterval, stats, disabled, index, showZeroValue, useEnglis
	hOnly
	12-08-2015 15:20:20.397 +0000 WARN ClusteringMgr - Ignoring clustering configuration, the active license disables thi
	s feature.
	12-08-2015 15:20:20.398 +0000 INFO SHPoolingMgr - initing shpooling with: ht=60 rf=3 ct=60 st=60 rt=60 rct=5 rst=5 rr
	t=10 rmst=600 rmrt=600 pe=1 im=0 is=0 mor=5 pb=5 rep_port= pptr=10
	12-08-2015 15:20:20.398 +0000 INFO SHPoolingMgr - shpooling disabled
	12-08-2015 15:20:20.398 +0000 INFO DS_DC_Common - Initializing the PubSub system.
	12-08-2015 15:20:20.398 +0000 INFO DS_DC_Common - Initializing core facilities of PubSub system.
	12-08-2015 15:20:20.412 +0000 INFO DC:DeploymentClient - target-broker clause is missing.
	12-08-2015 15:20:20.412 +0000 WARN DC:DeploymentClient - DeploymentClient explicitly disabled through config.
	12-08-2015 15:20:20.412 +0000 INFO DS_DC_Common - Deployment Client not initialized.
	12-08-2015 15:20:20.412 +0000 INFO DS_DC_Common - Deployment Server not available on a dedicated forwarder.
	12-08-2015 15:20:20.412 +0000 INFO IntrospectionGenerator:disk_objects - Enabled: indexes\|volumes\|dispatch=false fish
	bucket=true partitions=false
	12-08-2015 15:20:20.412 +0000 INFO IntrospectionGenerator:disk_objects - I-data gathering (Disk Objects) starting; pe
	riod=600s
	12-08-2015 15:20:20.412 +0000 INFO IntrospectionGenerator:disk_objects - Cannot get inputs progress: fishbucket not y
	et initialized.
	12-08-2015 15:20:20.413 +0000 WARN DistributedPeerManager - feature=DistSearch not enabled for your license level
	12-08-2015 15:20:20.413 +0000 INFO IndexProcessor - running splunkd specific init
	12-08-2015 15:20:20.451 +0000 INFO loader - Initializing from configuration
	12-08-2015 15:20:20.452 +0000 INFO PipelineComponent - Pipeline fifo disabled in default-mode.conf file
	12-08-2015 15:20:20.452 +0000 INFO TcpInputConfig - SSL clause not found or servercert not provided - SSL ports will
	not be available
	12-08-2015 15:20:20.452 +0000 INFO TcpInputProc - Registering metrics callback for: tcpin_connections
	12-08-2015 15:20:20.818 +0000 INFO TcpOutputProc - Initializing with fwdtype=lwf
	12-08-2015 15:20:20.818 +0000 INFO ServerRoles - Declared role=lightweight_forwarder.
	12-08-2015 15:20:20.853 +0000 INFO TcpOutputProc - found Whitelist forwardedindex.0.whitelist , RE : forwardedindex.0
	.whitelist
	12-08-2015 15:20:20.854 +0000 INFO TcpOutputProc - found Blacklist forwardedindex.1.blacklist , RE : forwardedindex.1
	.blacklist
	12-08-2015 15:20:20.854 +0000 INFO TcpOutputProc - found Whitelist forwardedindex.2.whitelist , RE : forwardedindex.2
	.whitelist
	12-08-2015 15:20:20.854 +0000 INFO TcpOutputProc - Initializing connection for non-ssl forwarding to splunk:9997
	12-08-2015 15:20:20.854 +0000 INFO TcpOutputProc - tcpout group default-autolb-group using Auto load balanced forward
	ing
	12-08-2015 15:20:20.854 +0000 INFO TcpOutputProc - Group default-autolb-group initialized with maxQueueSize=512000 in
	bytes.
	12-08-2015 15:20:20.931 +0000 INFO PipelineComponent - Pipeline merging disabled in default-mode.conf file
	12-08-2015 15:20:20.931 +0000 INFO PipelineComponent - Pipeline typing disabled in default-mode.conf file
	12-08-2015 15:20:20.931 +0000 INFO PipelineComponent - Pipeline vix disabled in default-mode.conf file
	12-08-2015 15:20:20.931 +0000 INFO PipelineComponent - Launching the pipelines.
	12-08-2015 15:20:20.933 +0000 INFO loader - Limiting REST HTTP server to 349525 sockets
	12-08-2015 15:20:20.933 +0000 INFO loader - Limiting REST HTTP server to 1315 threads
	12-08-2015 15:20:21.278 +0000 INFO TailingProcessor - TailWatcher initializing...
	12-08-2015 15:20:21.278 +0000 INFO TailingProcessor - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/sp
	lunk.
	12-08-2015 15:20:21.278 +0000 INFO TailingProcessor - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/sp
	lunk/...stash_new.
	12-08-2015 15:20:21.278 +0000 INFO TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/etc/splunk
	.version.
	12-08-2015 15:20:21.279 +0000 INFO TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/sp
	lunk.
	12-08-2015 15:20:21.279 +0000 INFO TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/sp
	lunk/metrics.log.
	12-08-2015 15:20:21.279 +0000 INFO TailingProcessor - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/sp
	lunk/splunkd.log.
	12-08-2015 15:20:21.279 +0000 INFO TailingProcessor - Adding watch on path: /opt/splunk/etc/splunk.version.
	12-08-2015 15:20:21.279 +0000 INFO TailingProcessor - Adding watch on path: /opt/splunk/var/log/splunk.
	12-08-2015 15:20:21.279 +0000 INFO TailingProcessor - Adding watch on path: /opt/splunk/var/spool/splunk.
	12-08-2015 15:20:21.279 +0000 INFO BatchReader - State transitioning from 2 to 0 (initOrResume).
	12-08-2015 15:20:21.289 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read e
	ntire file='/opt/splunk/var/log/splunk/scheduler.log'.
	12-08-2015 15:20:21.293 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read e
	ntire file='/opt/splunk/var/log/splunk/mongod.log'.
	12-08-2015 15:20:21.303 +0000 INFO WatchedFile - Will begin reading at offset=1208 for file='/opt/splunk/var/log/splu
	nk/audit.log'.
	12-08-2015 15:20:21.307 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read e
	ntire file='/opt/splunk/var/log/splunk/searchhistory.log'.
	12-08-2015 15:20:21.328 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read e
	ntire file='/opt/splunk/var/log/splunk/btool.log'.
	12-08-2015 15:20:21.335 +0000 INFO WatchedFile - Will begin reading at offset=117 for file='/opt/splunk/var/log/splun
	k/splunkd_stderr.log'.
	12-08-2015 15:20:21.338 +0000 INFO WatchedFile - Will begin reading at offset=1109 for file='/opt/splunk/var/log/splu
	nk/splunkd-utility.log'.
	12-08-2015 15:20:21.347 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read e
	ntire file='/opt/splunk/var/log/splunk/license_audit.log'.
	12-08-2015 15:20:21.360 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read e
	ntire file='/opt/splunk/var/log/splunk/license_usage.log'.
	12-08-2015 15:20:21.381 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read e
	ntire file='/opt/splunk/var/log/splunk/splunkd_ui_access.log'.
	12-08-2015 15:20:21.383 +0000 INFO TcpOutputProc - Connected to idx=172.17.0.3:9997
	12-08-2015 15:20:21.388 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read e
	ntire file='/opt/splunk/var/log/splunk/conf.log'.
	12-08-2015 15:20:21.395 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read e
	ntire file='/opt/splunk/var/log/splunk/splunkd_stdout.log'.
	12-08-2015 15:20:21.408 +0000 INFO WatchedFile - File too small to check seekcrc, probably truncated. Will re-read e
	ntire file='/opt/splunk/var/log/splunk/remote_searches.log'.