Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: ping test using batch file
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
raghu_vaidya
Explorer
07-23-2012
11:19 AM
Hi,
I have a windows batch file (.bat) which reads a text (servers.txt) file (this file contains Host names) and produces the output of the ping test. Currently, I have 3 hosts mentioned in the servers.txt file and the output of the ping results which is displayed within Splunk is as below: My requirement is I want to group all the SUCCESS and FAILED hosts, how can I group it? Also, is there a way to colorize the text SUCCESS in green and FAILED text in RED color.
HostName=Host8842, IPAddress=10.10.10.10, Status=SUCCESS
HostName=Host9802, Status=FAILED
HostName=Host41692, IPAddress=11.11.11.11, Status=SUCCESS
host=SuperHost8366 | sourcetype=pingpoc | source=E:\Program Files\Splunk\bin\scripts\pingtest.bat
HostName=Host8842, IPAddress=10.10.10.10, Status=SUCCESS
HostName=Host9802, Status=FAILED
HostName=Host41692, IPAddress=11.11.11.11, Status=SUCCESS
host=SuperHost8366 | sourcetype=pingpoc | source=E:\Program Files\Splunk\bin\scripts\pingtest.bat
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MarioM
Motivator
07-23-2012
11:53 AM
You need first to line break each line as one event,ie you need to have the following in your props.conf for your sourcetype:
[pingpoc]
SHOULD_LINEMERGE=false
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MarioM
Motivator
07-23-2012
11:53 AM
You need first to line break each line as one event,ie you need to have the following in your props.conf for your sourcetype:
[pingpoc]
SHOULD_LINEMERGE=false
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
raghu_vaidya
Explorer
07-23-2012
02:57 PM
I added following to props.conf and it started working
[pingpoc]
SHOULD_LINEMERGE=true
BREAK_ONLY_BEFORE = HostName=
Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
r34220
Explorer
01-03-2017
03:46 PM
@raghu_vaidya could you share your script?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
raghu_vaidya
Explorer
07-23-2012
11:23 AM
EDIT : The fields I get is host, sourcetype and source and as part of the Interesting fields I can see HostName but the count is 1, which always is Host8842, and Status interesting field contains always the value of SUCCESS.
Please let me know how can I use the search app to group the above text by Status.
Get Updates on the Splunk Community!
What You Read The Most: Splunk Lantern’s Most Popular Articles!
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
See your relevant APM services, dashboards, and alerts in one place with the updated ...
As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
Index This | What goes away as soon as you talk about it?
May 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this month’s ...
