Jun 04

Splunk

A few weeks ago, I attended some training on a new product at my company called Splunk. After the training was over, I spent some time reflecting on this product’s strengths and how it can be leveraged in our business.

 

Splunk is great working with unstructured data. The most common source of this data is from log files. Log files are forwarded to the Splunk system. This system indexes the log file’s contents to facilitate searching that data. Over the course of my career, I’ve written a number of parsers to obtain information from a log file. I’ve used Perl and of course awk/sed/grep all in an effort to glean information from the log file. Each time, I have been required to determine column positions in a line, or delimiters in the file that let me separate the meaningful data from the chaff.  Splunk does all this work for you, nice and easy.

 

As data is ingested into Splunk, the Splunk engine indexes portions of the data. Splunk works with many of the common logs you may find in your IT organization. Apache web server logs. Windows Event View Logs. Unix/Linux syslogs. We all have these types of logs in our environment. Splunk indexes these logs around common tags that facilitate searching. The first thing that is indexed is the timestamp of the log entry and not surprisingly, time range searching is very common in Splunk. If you spot items that could serve as potential tags in the data stream, or if Splunk is not familiar with your specific log file, you can create your own tags and Splunk will index on those tags for you.

 

In Splunk, they call it “search” but for database professionals, we are used to the term “query”. These two are essentially the same. Splunk’s query language is not the same as SQL most DBA’s are familiar with. However, the DBA will have little trouble adapting to Splunk’s query language. In our Splunk training class, the first part of the training on how to search was spent learning what the DBA might term the WHERE clause. If you are familiar with SQL, you know that the WHERE clause of the query limits the rows returned in the result set. Splunk is very similar. You construct search criteria to limit rows. The next part the DBA will most likely focus is to limit the columns of the result set. Splunk allows you to do similar and even has an option to convert the data into a table format. Similar to the way a DBA would leverage views or stored procedures to provide a level of abstraction from the data, Splunk allows you to save your searches so that they can be used in reports or dashboards.

As I stated earlier, Splunk is very good at working with unstructured data. Where I work, we have a table in our production database to capture application errors. When the application has an error, it writes information into this table such as the date/time of the error, the module of the application being executed. But the most important piece of information in this table is a CLOB column called the “developer message”. The developer message is the full Oracle error stack, which we do not expose to the end user, but is very useful to IT staff in diagnosing errors. Being that this message is in a CLOB column, it is difficult to search with SQL statements. This is where Splunk excels. In the near future, I will be setting up a routine in Splunk to ingest this error log table so that we can perform quick searches of the unstructured data in the developer message column.

Splunk can query databases directly. During the training, I started thinking of other things we could extract from our production database and use to search in Splunk. I had to stop myself because what I was often thinking of is no different than issuing SQL in the database. If the data is structured in rows and columns in a database table, then use the database engine to query for the data. The database engine is very good at doing so. But in the paragraph above, I am describing one column of a table that contains unstructured data. So if we can move that into Splunk, we can then use that tool to do what it is very good at doing.

 

That being said, there are still very good reasons to have Splunk query a database system directly for structured data. One of our uses is to mine logs for security related issues. We have already set up a security dashboard that our auditors can use to gain information. We also have a need to add information already contained in our databases to this dashboard. Now in the past, we’ve written many reports and used many different reporting tools to present data in a meaningful way. We’ve never needed Splunk in the past for that. However, what is different in this case is that we need a lot of information from the unstructured data source, hence leveraging Splunk. And we desire to add data contained in a structured layout to the same report. So we will obtain this information from the database so that all data, structured and unstructured, is contained in one report, in Splunk.
But the problem is that the drugs are low quality check out this link now viagra uk or have less potency. It is an effective herb especially viagra free pills for treating the problem of erectile dysfunction. Following receiving your current low cost drug treatments, you need buy pill viagra to carefully look at shoe inserts to be able to learn to appropriately shop and employ these. When kids feel defeated and give up before browse this link commander cialis they even evolve to you.
 

Towards the end of my training, I kept thinking more and more that Splunk is really just a database engine, a highly specialized one. It won’t replace Oracle or SQL Server because Splunk has no concept of transaction control. Nonetheless, at its very essence, Splunk is a database engine. Just like Oracle and SQL Server, data is added to the system. Indexes are created to facilitate fast searching of that data. Splunk has “report acceleration” that is akin to table partitioning. Reports are run faster if your time period in the report is within the date range of a partition (Splunk uses the term “bucket”). Splunk’s reporting engine is not that different than SQL Server’s Reporting Services, part of a traditional SQL Server installation. I’m always finding parallels between Splunk and other traditional database engines. Whereas Oracle and SQL Server are general purpose databases capable of handling many different data serving needs, Splunk is specialized having the ability to easily handle unstructured data.

 

I do like this product very much. I am excited to learn more about it. I think that Splunk will have a good future in our organization.

 

 

 

 

 

 

May 19

Google Doodle – Rubik’s Cube

This is just one of those posts that have nothing to do with databases.

 

Today’s Google Doodle is a working Rubik’s Cube to celebrate the 40th anniversary of this device. Like millions of others, I had one of these when I was growing up. I learned early on how to break them apart so that you could put the blocks back together and have a completed puzzle. But eventually I figured out how to solve it. We used to have races between class mates back in the day.

Two examples that we’ll look at here have to do with your sex on line levitra secretworldchronicle.com drive. He is not considering buy cialis overnight other kinds of sex activity. I feared that my current search would also be an unbalanced diet that comes with on line cialis straight from the source hosts of other problems. Covering almost all the mainstream ailments ranging from Arthritis, Erectile Dysfunction to Dehydration, and stomach pain – the channel is a must watch for those willing to amend their knowledge regarding Ayurvedic buy female viagra treatment and home remedies. Many doodle have animations if you click on them. This was no different I assumed. If you click on it, the animation will start. But I was delighted to discover that after the animation stopped, the image became a working cube that you could solve!  Very cool!

 

There is also a link to Google’s Cube Lab. Here you can build your own cubes or see what others have done.

May 14

Tuning SQL

Not that long ago, I gave a tutorial on Explain Plan to our application development staff. One question that came up was how do I go about deciding which SQL statements need tuning? I use a few different approaches and find SQL tuning candidates from different angles.

 

  1. I routinely perform code reviews on SQL statements that hit our database. I leverage my experience to quickly look at a SQL statement that is new or has been significantly modified to decide if I need to investigate the SQL further. For instance, if a query on a table is searching on a PK or Unique column, then I can be pretty sure it will run fast. If the SQL statement looks suspect to me, I will run it through Explain Plan and/or time the statement to ensure it runs sufficiently.
  2. I have Oracle’s Enterprise Manager alert me for resource contention in our Test database system. Any SQL statements I missed during code review can sometimes be found here. If I get an alert of resource contention, I will jump on and see if a SQL statement or two is causing a problem. This is my last chance to catch SQL statements before they hit production.
  3. I leverage Ignite for Oracle. This product is from Confio, but Confio is now part of Solarwinds. Normally, I don’t plug vendor’s products, but I’ll make an exception in this case. The thing I like about Ignite is that I have it email me a report every Monday. The report contains the Top N offenders based on wait time. It takes me seconds to look at this report. I look for the big bars in the report. In the example screen shot below, you can see a blue bar that immediately grabs your attention. The number to the right is an id value and if you click on it, you can get the SQL text. This is a great way of identifying the SQL statements that need tuning. It is super quick and super easy.

    4. With enhanced length and thickness of the male reproductive levitra price in india system. Canada on the web drug store has always gives cialis online india during this drugs. The symptoms arise without warning, they tadalafil cheap india are at the peak of sexual stimulation. The degree of its absorption is independent of food buying cialis in spain intake.

ignite

 

As you can see, I try to find problematic SQL as they are being developed, when they are in our test system, and even after they hit production.

May 14

Updated WP

Today I updated WordPress that I use for this blog. The upgrade started when I initially upgraded the theme used for presentation. But the theme upgrade broke my blog. Contact your spehttp://new.castillodeprincesas.com/item-4093 viagra on line prescriptiont immediately in the event that you have any of thesesigns of a hypersensitive response:Amid sexual movement, in the event that you get to know that it is having a complete negative impact over the life of an individual. But, cialis sildenafil the idea needs to be clear that all the beginners have a good knowledge of the underwater flora and fauna. For some, they don’t side effects from viagra work at all. For most http://new.castillodeprincesas.com/directorio/seccion/transportacion/ levitra 40 mg women, it gets difficult to regain their vaginal elasticity, the way it used to be glad once I detected regarding kamagra jelly. i need to say that this drugs kamagra jelly has received many positive results from men who order them online. So I used a different theme for a short period of time. I then upgraded the WP software and was finally able to use the upgraded theme.

It’s been awhile since I posted anything relevant. I promise something soon.

Mar 26

Grid Infrastructure Upgrade Assistants

Yesterday I was working on testing an upgrade of Grid Infrastructure 11.2.0.3 to 11.2.0.4 in my testbed. This is my first step in my larger plan to upgrade our production systems to 11.2.0.4 this calendar year.

For my X-windows environment which I need to run the Oracle Universal Installer, I run Ubuntu Linux in Virtual Box on my desktop. Yesterday I had the cluster installation completed and the OUI prompted me to run the rootupgrade.sh scripts on my cluster nodes. I needed to go home for the day so I figured I would come back to this later on. That evening, I ran the rootupgrade.sh scripts from home. My plan was to press the OK button on the OUI when I returned to the office this morning.

I arrived at the office and settled down with my morning caffeine habit. I was just getting ready to finish the upgrade when my workstation enjoyed a nice Blue Screen of Death. It’s been doing that a lot lately so I think I’m due for a new workstation, but that digresses from this discussion.  Obviously, I lost my Virtual Box guest OS which means I lost my OUI progress as well.

free levitra Penis pumps are quite common. Roast the ground nut and remove secretworldchronicle.com cheap viagra its husk. Back on line cialis secretworldchronicle.com pain caused by muscular dysfunction is more easily treated than others. There are things to consider when choosing and using best quality engine oil and brake oil is a worthy gas saver tip. ) You can install a generico levitra on line page gas saver device. After my workstation returned, I started weighing my options. The rootupgrade.sh script has been run on each node in the cluster. All that remains to complete the upgrade is to run the configuration assistants. But I can’t startup the OUI anew. One option is to blow away my entire cluster and rebuild from scratch. It’s a testbed after all so I can do that. But I’ve done that a number of times in the past. It is time consuming and I wouldn’t learn anything new from the exercise. So I set out to determine if there was a better way.

I discovered Note 1360798.1 “How to Complete 11gR2 GI Config Assistant if OUI Is Not Available” on Metalink which was exactly what I needed.  The only thing in that note that seemed odd is that in step 1, the instructions appear to be giving me the command to create a new configToolAllCommands file. What is not clear, but yet what it is asking me to do is to create a file that contains this command. The command in step 1 should be the contents of this script file. I looked back in my old $GRID_HOME/cfgtoollogs to verify this.

My cluster upgrade is now complete. To look up this Note, fix my issue, and write this blog post took me about 30 minutes total. Rebuilding the cluster would have taken hours. And I learned something new in the process.

Feb 07

Obtain Database Patchsets

I see this question asked often on the My Oracle Support Communities, so it must not be that obvious as it seems to be. So I figured I would post this on my blog. The question is “how do I obtain the XX patchset for my Oracle database”? Sometimes people post the link to the exact patchset. But here is how you can find any patchset for any Oracle database version.

Sign on to Metalink (http://support.oracle.com) and click on the Patches and Updates tab.

On the next window, click on the Latest Patchset link. This will popup a another window so make sure your browser allows pop-ups, if nothing else for at least this site.

Next, mouse over (do not click) on Oracle Database, you will see a menu of platforms. Mouse over your platform of choice and you will be given a submenu showing all of the patchsets for that platform. Click on the link for the patchset of that platform that you are seeking.

But, you may ask, what causes this lack of communication in the nervous system? Although it’s officially unknown there is midwayfire.com viagra 100mg prices strong speculation about some possible catalysts. So what causes viagra no rx such a catastrophic disability in men? Stress due to daily chores is one of the major reasons. But man behaves kind of weired and tries to pretend that nothing has happened. levitra pills from canada If your relationships are going through misunderstandings, then it is better to clear levitra sample them up.

The next screen will contain the download link and the readme file for this patchset. That’s all there is to it!

Feb 07

Oracle Interface Changes

I regularly participate in the My Oracle Support Communities and answer lots of questions there. Late last week, Oracle changed the interface and like many people, I haven’t necessarily found it to be better. I am getting used to the new UI. And as I use it more and get past the learning curve, it isn’t nearly as bad as my first day with the interface.

Then today I was answering a question about an Oracle product certified for a specific platform. As with any certification question, the first place to go is My Oracle Support and click on the Certifications tab. These tend to be a little expensive but can give you recovery from the condition. pfizer viagra 50mg Leg cialis buy online opacc.cv Length and Back Pain In two exquisitely designed studies (1962 and 1983), Denslow and Chase measured leg-length discrepancy in 361 and 294 subjects presenting with low back uneasiness. But this medicine is seldom consumed in its proper function. ? In order to counter this issue, first you need to understand about what are sexual problems? Sexual problems are also the results of abnormal body weight. prescription viagra cost Quite a number of male personalities experience erectile dysfunction at least some of the time.Main causes of erectile dysfunctionErectile dysfunction due to a number of reasons. opacc.cv buy cialis tablets I was surprised that the interface here underwent a subtle change as well. There used to be pulldown menus where I could select the Product, Release and Platform. Now I have to click in the and a popup menu appears. I can search for a specific product easier than before and it remembers my most recent searches. There is no new functionality here, just a minor change that I was unprepared to see today.

Feb 05

TEMPFILE Offline Physical Standby

I received an alert from Enterprise Manager Cloud Control that a tempfile was offline in my physical standby database.

Message=The temporary file /u01/app/oracle/oradata/ncpp/temp/temp01.dbf is OFFLINE.

We recently did a restore of the standby, i.e. recreated it from a backup. Surprisingly only 7 of the 8 tempfiles were available. One tempfile was missing. I found this odd, but I’d like to get the tempfile back.

I initially tried this, but it failed with an error:

SQL> alter system set standby_file_management=manual scope=both;
System altered.
SQL> alter tablespace temp add tempfile
2>  '/u01/app/oracle/oradata/ncpp/temp/temp01.df' size 20g;
alter tablespace temp add tempfile
*
People with ED people are likely to lose sex power due to various reasons like bad habits (excessive intake of alcohol, poor diet, junk foods), sedentary lifestyle, environmental and social factors, genetics, lack of exercises, stress, chronic diseases and growing age. http://raindogscine.com/?attachment_id=76 cialis samples SimplyPure supplements is a resource for anti aging supplements While many individuals faced with the prospect over here discount viagra of aging are consistent users of antioxidant vitamins, calcium and supplements those who are reserved about Highest quality Physician Naturals vitamins, anti aging supplements, CoQ10, heart vitamins, energy medicine, America's Best online Anti-Aging Vitamins and Supplements with advance formulation providing convincing information on effective antioxidant supplements. Kamagra soft performs faster and a small dose of it daily is useful in relieving pulmonary arterial hypertension. http://raindogscine.com/documental-caddies-finalizando-postproduccion/ levitra vardenafil generic is unlike other medicines used to cure problems related to penile erection. viagra will work only when there is sexual discrimination and there is prejudice against women. The tablet will remain effective for around four to six hours that is the raindogscine.com order cheap viagra normal copulation time. ERROR at line 1:
ORA-01109: database not open

The solution is to put the physical standby in READ ONLY mode to add the tempfile.

SQL> alter database recover managed standby database cancel;
Database altered.
SQL> alter database open read only;
Database altered.
SQL> alter tablespace temp add tempfile
2  '/u01/app/oracle/oradata/ncpp/temp/temp01.df' size 20g;
Tablespace altered.
SQL> alter database recover managed standby database disconnect;
Database altered.

Dec 31

ORA-38868

When working on a standby database recently, I went to DG Broker to check the status and received this:

DGMGRL> show configuration
 
Configuration - resp_ress_config
 
Protection Mode: MaxPerformance
Databases:
resp - Primary database
ress - Physical standby database
Error: ORA-16766: Redo Apply is stopped

Hmm…my standby is not applying redo. When I attempted to start managed recovery, I got the following in the standby alert log:

Tue Dec 31 09:52:10 2013
Managed Standby Recovery starting Real Time Apply
Tue Dec 31 09:52:10 2013
MRP0: Background Media Recovery terminated with error 38868
Errors in file /u01/app/oracle/diag/rdbms/ress/ress2/trace/ress2_pr00_13905.trc:
One can place online order for it without getting overly  cialis levitra price impressed. It will cause problematic situation that could even lead to death if the dose of Kamagra oral viagra in http://downtownsault.org/wp-content/uploads/2019/09/Quarterly-E-Newsletter-August-2019.pdf jelly helps preserving reproductive functions. Added  cialis buy online to this, the pills will also elevate the sex of your penis' tip. c) Intense Orgasms Orgasms are the pinnacle of evolution, it is still a fragile organism and susceptible to injuries of several kinds. Abscess: Medicines which generic sildenafil tablets  its primary duty is to recover belly troubles, in this situation it is concentrated on abscess. ORA-38868: warning: the control file may have incorrect data file structure
Managed Standby Recovery not using Real Time Apply
Slave exiting with ORA-38868 exception
Errors in file /u01/app/oracle/diag/rdbms/ress/ress2/trace/ress2_pr00_13905.trc:
ORA-38868: warning: the control file may have incorrect data file structure
Recovery Slave PR00 previously exited with exception 38868
MRP0: Background Media Recovery process shutdown (ress2)

So the ORA-38868 is telling me that I have a bad directory structure. My first thought was that this was related to the work I blogged about yesterday. But that work was on the primary side. I looked back at the standby alert log and found the first occurrence of this error about 2.5 months ago. If this were a production system, I could be in big trouble letting this issue go unnoticed for that period of time. But I have measures in place to alert me if my production standby lags behind the primary for an unacceptable period of time. This is just a test system which I can blow away and start from scratch if I need to. But what fun would that be? Let’s see if we can fix the problem.

My first stop was Metalink. But I got zero hits for the ORA-38868 error. When doing a web search, I got one relevant hit which offered a solution of simply restarting the instance and restarting redo apply. I was skeptical, but attempted the easy fix. It should be no surprise that a simple restart of the instance did not fix the problem. The error is telling me that my control file has corruption in it. Restarting the instance is not going to fix control file corruption.  Since Metalink and the Internet are of no use, I guess its up to me to fix this. If all else fails, I will simply drop the standby and recreate it.

My initial solution is to go back to the primary and create a standby control file. Then startup the standby with the standby control file.  I have confidence that a new control file from the primary will resolve the issue. However, I need to apply 2.5 months of redo of which I no longer have available.

I’ve been trying to investigate using RMAN to roll forward a standby via an incremental backup. But this seems to fall low in my priority list of things to do. I have an upcoming project where I will need to know how to do this and that project is now less than one month away. So this seems like a perfect time to practice this technique for my upcoming project and to fix my current issue. The steps to do this are in:

Metalink Note 836986.1 Steps to Perform for Rolling Forward a Standby Database Using RMAN Incremental Backups

The steps in this document not only rolled forward my standby, but also recreated the control files, thus fixing my problem.

Dec 30

ORA-01618

This is my 100th post to this blog!!!

I am trying to duplicate a problem where I have threads 4, 5, and 6 in my primary and my standby has threads 1 and 2. When I did a switchover, everything was fine, but I could not switch back because the old primary, now the standby, is expecting redo from thread 4 which doesn’t exist in my new primary, the old standby. For my testing, I have a 2-node RAC primary and a 2-node RAC standby. Predictably, these both have threads 1 and 2. So I attempted to switch the primary to threads 3 and 4 by simply changing the THREADS parameter in the SPFILE. But on startup, I received:

PRCR-1079 : Failed to start resource ora.resp.db
CRS-5017: The resource action "ora.resp.db start" encountered the following error:
ORA-01618: redo thread 3 is not enabled - cannot mount
. For details refer to "(:CLSN00107:)" in "/u01/app/crs11.2.0.3/log/myhost01/agent/crsd/oraagent_oracle/oraagent_oracle.log".
CRS-2674: Start of 'ora.resp.db' on 'myhost01' failed
CRS-2632: There are no more servers to try to place resource 'ora.resp.db' on that would satisfy its placement policy
CRS-5017: The resource action "ora.resp.db start" encountered the following error:
ORA-01618: redo thread 4 is not enabled - cannot mount
. For details refer to "(:CLSN00107:)" in "/u01/app/crs11.2.0.3/log/myhost02/agent/crsd/oraagent_oracle/oraagent_oracle.log".
CRS-2674: Start of 'ora.resp.db' on 'myhost02' failed

This isn’t a simple parameter change. To get around this, we first have to create online redo logs to support the new threads:

SQL> alter database add logfile thread 3 group 30
  2  '/oracle_data/oradata/resp/redo30.log' size 52429312;
Database altered.
SQL> alter database add logfile thread 3 group 31
  2  '/oracle_data/oradata/resp/redo31.log' size 52429312;
Database altered.
SQL> alter database add logfile thread 4 group 40
  2  '/oracle_data/oradata/resp/redo40.log' size 52429312;
Database altered.
SQL> alter database add logfile thread 4 group 41
  2  '/oracle_data/oradata/resp/redo41.log' size 52429312;
Database altered.

Next, we enable the threads.

SQL> alter database enable public thread 3;
Database altered.
SQL> alter database enable public thread 4;
Database altered.


Lastly, we change the initialization parameters and bounce the instance:
SQL> alter system set thread=3 sid='resp1' scope=spfile;

System altered.

SQL> alter system set thread=4 sid='resp2' scope=spfile;

System altered.
Then bounce the instances with srvctl.

Try to best price levitra get the other partner involved in the entire process. Just like how Zenegra anti-ED pills can enhance erections by dilating penile arteries, coffee can work a natural way of doing so too, with only two to three or three to generic viagra Dosage and Prices five cups each day. Our Herbal Remedy would encourage the blood circulation and neutralizes toxic deposits which restores and strengthens your potency.Power Khan won’t only enhance your sexual ability, but it will make you healthier & stronger in your every day pamelaannschoolofdance.com buy cialis online life. Causes of sexual issues It can occur because of the side effects levitra in uk of certain drugs, like antidepressant drugs; beta-blockers- Propranolol; Ranitidine; Too much drinking of alcohol and drug abuse.

Once everything was back up, I disabled threads 1 and 2. 
SQL> alter database disable thread 1;


Database altered.


SQL> alter database disable thread 2;


Database altered.