topic Re: Search log file based on timestamp from other file in Splunk Search

Search log file based on timestamp from other file

tushargupta1 — Mon, 08 Jan 2018 08:01:57 GMT

We have 2 files

First File has only start time and end time of the test.

STARTTIME ENDTIME

2018-01-04-17.49.29.497000 2018-01-04-18.35.44.945000

Second File: Has the long entry from test run and past test runs

We want to search second file based on start and end time of first file. Also second file that has long entry has time in format YYYY-MM-DDTHH:MM:SS,mSS.

We are new to splunk and please suggest how we can fetch the desired results.

Thanks
Tushar

Re: Search log file based on timestamp from other file

kamlesh_vaghela — Mon, 08 Jan 2018 13:14:55 GMT

Hi @tushargupta1,

You can create a dashboard with 2 panels.

1st panel will display table view with Start Time and End time columns. On Click of row that particular Start Time and End time will pass to the 2nd panels (by setting token).

2nd panel will display all test case entries between the Start Time and End time .

Thanks

Re: Search log file based on timestamp from other file

somesoni2 — Mon, 08 Jan 2018 17:21:27 GMT

How many entries will be there in the first sourcetype which contains the STARTTIME and ENDTIME? Do you want to display test run results all at once or one at a time?