All Apps and Add-ons

Search for Date and data in a logfile

Ravi_c
New Member

Hi,

Im having a error log file, which is having last 30 days error information and with time stamp when the error was occurred. Now how can we write a SEARCH string to get the last error appended to that error log file. I dont want to specify the date and search as I need to automate to run for every day.

Error Log File will be like
01-Feb-2014 09:09:12 Error Java custom error.
01-Feb-2014 09:30:30 Error Oracle error.
01-Feb-2014 14:45:30 Error Java error.
.
.
.
.
26-Feb-2014 09:09:12 Error Java custom error.
26-Feb-2014 09:30:30 Error Oracle error.
26-Feb-2014 14:45:30 Error Java error.

Is this possible that this search string automate to run for every day and then if any error then send an email.

Please help.

0 Karma

melonman
Motivator

Yes, basically you need to set up alert action for your search so the search will run once a day to check ERROR message (or any other search).

You can take a look at this alert documentation for detail.
http://docs.splunk.com/Documentation/Splunk/latest/Alert/Aboutalerts

Scheduled Alert
http://docs.splunk.com/Documentation/Splunk/latest/Alert/Definescheduledalerts

Hope this help you get started

0 Karma

melonman
Motivator

Well if you simply want to get the latest ERROR message, you just search like this:

your search | head 1

Splunk will return the result from latest to earliest in time order and if you add "head 1" you will get latest event.

0 Karma

melonman
Motivator

This will add current unixtime to your event/table

your search | eval now=now()

0 Karma

Ravi_c
New Member

Thanx for your suggestion.

I want to know is there any keyword for getting current time, like sysdate in Oracle db, which will give current time.

Please help.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!