Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: ping test using batch file
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
raghu_vaidya
Explorer
07-23-2012
11:19 AM
Hi,
I have a windows batch file (.bat) which reads a text (servers.txt) file (this file contains Host names) and produces the output of the ping test. Currently, I have 3 hosts mentioned in the servers.txt file and the output of the ping results which is displayed within Splunk is as below: My requirement is I want to group all the SUCCESS and FAILED hosts, how can I group it? Also, is there a way to colorize the text SUCCESS in green and FAILED text in RED color.
HostName=Host8842, IPAddress=10.10.10.10, Status=SUCCESS
HostName=Host9802, Status=FAILED
HostName=Host41692, IPAddress=11.11.11.11, Status=SUCCESS
host=SuperHost8366 | sourcetype=pingpoc | source=E:\Program Files\Splunk\bin\scripts\pingtest.bat
HostName=Host8842, IPAddress=10.10.10.10, Status=SUCCESS
HostName=Host9802, Status=FAILED
HostName=Host41692, IPAddress=11.11.11.11, Status=SUCCESS
host=SuperHost8366 | sourcetype=pingpoc | source=E:\Program Files\Splunk\bin\scripts\pingtest.bat
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MarioM
Motivator
07-23-2012
11:53 AM
You need first to line break each line as one event,ie you need to have the following in your props.conf for your sourcetype:
[pingpoc]
SHOULD_LINEMERGE=false
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MarioM
Motivator
07-23-2012
11:53 AM
You need first to line break each line as one event,ie you need to have the following in your props.conf for your sourcetype:
[pingpoc]
SHOULD_LINEMERGE=false
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
raghu_vaidya
Explorer
07-23-2012
02:57 PM
I added following to props.conf and it started working
[pingpoc]
SHOULD_LINEMERGE=true
BREAK_ONLY_BEFORE = HostName=
Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
r34220
Explorer
01-03-2017
03:46 PM
@raghu_vaidya could you share your script?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
raghu_vaidya
Explorer
07-23-2012
11:23 AM
EDIT : The fields I get is host, sourcetype and source and as part of the Interesting fields I can see HostName but the count is 1, which always is Host8842, and Status interesting field contains always the value of SUCCESS.
Please let me know how can I use the search app to group the above text by Status.
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
