SERVER=$($AWK '^(server|pool) / ' "$CONFIG") Somerford is an equal opportunities employer and does not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy. A quick fix could be to change line 31 to support the pool directive as follows: Querying For Two Values That Are Not Equal Within the Same Event I am trying to find a way to create a query to evaluate the values of two keys in the same event. To address this, you'll need to modify time.sh to suit your needs. This default server variable corresponds with 0., which explains those fqdn names that you've been observing via tcpdump. This pool will not match the awk parameters so the script will fall-back to using the $DEFAULT_SERVER (defined on line 26) as per line 32. In this video I talked about 'return' and 'format' command in splunk.The return command is used to pass values up from a subsearch.
You have presumably commented out the original server and are now using a pool directive. It uses a regular expression to extract parameters and values where the value is not 'NEGATIVE'. This is where the issue comes in: on line 31 we're attempting to parse the ntp.conf server directive.
The ntp query is determined via the OS's NTP client's config files and you're right that it does attempt to use /etc/ntp.conf.
#Splunk does not equal manual
The time.sh script that you referenced is designed to echo a manual NTP query and then the server date. Okay, I've re-read your question and I know what's going on here.
0 kommentar(er)
