Logging number of events based on log file

freephoneid — Tue, 18 Sep 2012 00:41:51 GMT

Hi,

My log snippet is shown below:

[2012-09-01 11:02:27:405 GMT+00:00][Timer-1][com.abc.myprog] INFO email sent to agaur12@hotmail.com (firstName: null, lastName: null, language: eng, expiryDate: 2012-09-02 08:12:16.0)
[2012-09-01 11:02:32:544 GMT+00:00][Timer-1][com.abc.myprog] INFO email sent to testmyyyynp@test.com (firstName: null, lastName: null, language: eng, expiryDate: 2012-09-02 03:29:42.0)
[2012-09-02 11:02:37:679 GMT+00:00][Timer-1][com.abc.myprog] INFO email sent to auuuu@abcd.com (firstName: jaber, lastName: kapo, language: eng, expiryDate: 2012-09-02 10:50:46.0)
[2012-09-03 11:02:42:806 GMT+00:00][Timer-1][com.abc.myprog] INFO email sent to test_123iopm@test.com (firstName: null, lastName: null, language: eng, expiryDate: 2012-09-02 21:39:43.0)
[2012-09-03 11:02:27:405 GMT+00:00][Timer-1][com.abc.myprog] INFO email sent to ggg@test.com (firstName: null, lastName: null, language: eng, expiryDate: 2012-09-02 08:12:16.0)
[2012-09-03 11:02:22:400 GMT+00:00][Timer-1][com.abc.myprog] INFO email sent to nfmd@yahoo.com (firstName: null, lastName: null, language: eng, expiryDate: 2012-09-02 08:12:16.0)
[2012-09-05 11:02:32:544 GMT+00:00][Timer-1][com.abc.myprog] INFO email sent to testmnp@test.com (firstName: null, lastName: null, language: eng, expiryDate: 2012-09-02 03:29:42.0)
[2012-09-05 11:02:37:679 GMT+00:00][Timer-1][com.abc.myprog] INFO email sent to nnjj@abc.com (firstName: jack, lastName: dorson, language: eng, expiryDate: 2012-09-02 10:50:46.0)

Query should return data on how many emails were sent on a particular day i.e. if I want to know how many emails were sent on 2012-09-04, it should return 0 records.
Query should print the data in below format mentioning the number of emails sent for all the days in the log:
```
Date        No of Emails Sent
2012-09-01  2
2012-09-02  1
2012-09-03  3
2012-09-04  0
2012-09-05  2
```

I'll appreciate if some one can provide answers to the above 2 questions.

Thanks in Advance!!

UPDATE: The log has other entries as well. I've provided only snippet.

Re: Logging number of events based on log file

gkanapathy — Tue, 18 Sep 2012 00:48:07 GMT

perhaps you can look at the timechart search command.

Re: Logging number of events based on log file

emiller42 — Tue, 18 Sep 2012 00:49:46 GMT

So for the first one, you simply need to do:

sourcetype=FOO | stats count

and restrict the time range to a single day.

For the second, you can use:

sourcetype=FOO | timechart span=1d count

Which will make sure you get the zero values on days with no events. You can rename columns using

count as "No of emails"

or something similar.

Re: Logging number of events based on log file

freephoneid — Tue, 18 Sep 2012 00:54:23 GMT

The log does not have just "email sent to" lines....it has all other info as well which I've not printed here

Re: Logging number of events based on log file

emiller42 — Tue, 18 Sep 2012 01:00:50 GMT

then you would need to filter down to just the 'email sent to' events before the pipe to stats/timechart using something like:

sourcetype=FOO "email sent to" | ...

topic Re: Logging number of events based on log file in Splunk Search

Logging number of events based on log file

Re: Logging number of events based on log file

Re: Logging number of events based on log file

Re: Logging number of events based on log file

Re: Logging number of events based on log file