1 Reply Latest reply on Jan 6, 2018 6:07 PM by Scott Johnson

    LogShark is not generating output

    john heisler

      I have installed LogShark on my desktop to peruse my desktop log files. In addition, as per the installation guide, I installed and configured Postgress, and made all of the appropriate updates to my logshark.config file.

       

      However, when I run logshark on my target (logshark C:\Users\MYUSERNAME\Documents\My Tableau Repository\Logs\log.zip) none of the folders or files are created in the \Output folder. Of note here, I am not passing the --startlocalmongo option because I have updated the .config Run option LocalMongo useAlways="true". When I run logshark C:\Users\MYUSERNAME\Documents\My Tableau Repository\Logs\log.zip, I get the same result as when I run logshark --help but none of the corresponding files or workbooks are created in the \Output folder. Am I missing something blatantly obvious?

       

      Below, I find the .config setup and the current command and responses for reference:

       

      --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      .config

      --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      <?xml version="1.0"?>

      <!-- Logshark configuration.  Consult the user guide for instructions on how to set this up. -->

      <LogsharkConfig xmlns="logshark">

        <MongoConnection poolSize="200" timeout="60" insertionRetries="3">

          <Servers>

            <Server address="localhost" port="27017" />

          </Servers>

          <!--<User username="logshark" password="password"/>-->

          <!-- UNCOMMENT if using MongoDB auth. -->

        </MongoConnection>

        <PostgresConnection tcpKeepalive="60">

          <Server address="localhost" port="5432" />

          <User username="logshark" password="MYPASSWORD" />

        </PostgresConnection>

        <TableauConnection protocol="http" publishingTimeoutSeconds="300">

          <Server address="localhost" port="80" site="Logshark" />

          <User username="admin" password="password" />

        </TableauConnection>

        <RunOptions>

          <LocalMongo useAlways="true" purgeOnStartup="true" />

          <Tuning>

            <FilePartitioner concurrencyLimit="4" maxFileSizeMb="250" />

            <FileProcessor concurrencyLimitPerCore="1" />

          </Tuning>

        </RunOptions>

        <ArtifactProcessorOptions>

          <ArtifactProcessor name="TableauDesktopLogProcessor">

            <DefaultPlugins>

              <Plugin name="CustomWorkbooks" />

              <Plugin name="DataEngine" />

              <Plugin name="VizqlDesktop" />

            </DefaultPlugins>

          </ArtifactProcessor>

          <ArtifactProcessor name="TableauServerLogProcessor">

            <DefaultPlugins>

              <Plugin name="Apache" />

              <Plugin name="Backgrounder" />

              <Plugin name="ClusterController" />

              <Plugin name="Config" />

              <Plugin name="CustomWorkbooks" />

              <Plugin name="Filestore" />

              <Plugin name="Netstat" />

              <Plugin name="Postgres" />

              <Plugin name="ResourceManager" />

              <Plugin name="SearchServer" />

              <Plugin name="Tabadmin" />

              <Plugin name="Vizportal" />

              <Plugin name="VizqlServer" />

              <!-- The VizqlServerPerformance plugin offers more granularity than VizqlServer, but takes longer to run.

              <Plugin name="VizqlServerPerformance" /> -->

            </DefaultPlugins>

          </ArtifactProcessor>

        </ArtifactProcessorOptions>

      </LogsharkConfig>

       

      --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      command line and response

      --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      C:\WINDOWS\system32>cd C:\Program Files\Logshark

      C:\Program Files\Logshark>logshark C:\Users\MYUSERNAME\Documents\My Tableau Repository\Logs\log.zip

      Logshark 2.0.0.0

      Copyright (C) 2018 Tableau

       

      Usage:

        logshark [TARGET] [OPTIONS].. | Processes target log directory, zip or hash.

                                      | Both absolute & relative paths are supported.

       

      Usage Examples:

        logshark C:\Logs\logs.zip | Runs logshark on logs.zip and outputs locally.

        logshark C:\Logs\Logset   | Runs logshark on existing unzipped log directory.

        logshark logs.zip -p      | Runs logshark and publishes to Tableau Server.

       

      Options:

       

        --args                    (Default: System.String[]) Set of custom arguments

                                  that will be passed to plugins. Ex: --args

                                  "PluginName.MyCustomArg:MyValue"

       

        --dbname                  (Default: ) Sets a custom name for the database

                                  instance where plugin data will be stored.  Default

                                  behavior is to generate a new database for each

                                  run.  If this argument is specified and the given

                                  database name already exists, the data generated by

                                  this run will be appended to it.

       

        -d, --dropparsedlogset    (Default: False) Drops the parsed logset from

                                  MongoDB at the end of the run.  Logsets parsed by

                                  previous runs will be ignored.

       

        -f, --forceparse          (Default: False) Forces a fresh parse of the

                                  logset, overriding any existing data in MongoDB.

       

        --id                      (Default: ) Sets a custom ID for the run that will

                                  be stored alongside the run metadata and tagged on

                                  any published workbooks.

       

        --ignoredebuglogs         (Default: False) Disables processing of DEBUG-level

                                  logs.

       

        -l, --listplugins         (Default: False) Lists information about all

                                  available Logshark plugins.

       

        --localmongoport          (Default: 27017) Port which the temporary local

                                  MongoDB process will run on.

       

        --metadata                (Default: System.String[]) Set of custom metadata

                                  key/value pairs that will stored in the resulting

                                  Mongo database. Ex: --metadata

                                  "SalesforceId:SomeValue TFSDefect:SomeOtherValue"

       

        --plugins                 (Default: System.String[]) List of plugins that

                                  will be run against the processed logset. Also

                                  accepts "all" to run all plugins, "default" to run

                                  the default plugin set, or "none" to bypass plugin

                                  execution.

       

        --parseall                (Default: False) Parse full logset into MongoDB.

                                  If false, only the logs required for active plugins

                                  will be parsed.

       

        -p, --publishworkbooks    (Default: False) Publish resulting workbooks to

                                  Tableau Server.

       

        --projectdescription      (Default: ) Sets the Tableau Server project

                                  description where any workbooks will be published.

       

        --projectname             (Default: ) Sets the Tableau Server project name

                                  where any workbooks will be published.

       

        -s, --startlocalmongo     (Default: False) Start up a temporary local MongoDB

                                  process for this run. Recommended for small log

                                  sets only.

       

        --sitename                (Default: ) Sets the Tableau Server site where any

                                  workbooks will be published. Overrides what is

                                  specified in Logshark.config.

       

        --tags                    (Default: System.String[]) List of tags that will

                                  written to the resulting workbook(s). Ex: --tags

                                  "MyTag MyOtherTag"

       

        --help                    Display this help screen.