Dashboards & Visualizations
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ping test using batch file

raghu_vaidya
Explorer
‎07-23-2012 11:19 AM

Hi,
I have a windows batch file (.bat) which reads a text (servers.txt) file (this file contains Host names) and produces the output of the ping test. Currently, I have 3 hosts mentioned in the servers.txt file and the output of the ping results which is displayed within Splunk is as below: My requirement is I want to group all the SUCCESS and FAILED hosts, how can I group it? Also, is there a way to colorize the text SUCCESS in green and FAILED text in RED color.

HostName=Host8842, IPAddress=10.10.10.10, Status=SUCCESS
HostName=Host9802, Status=FAILED
HostName=Host41692, IPAddress=11.11.11.11, Status=SUCCESS
host=SuperHost8366 | sourcetype=pingpoc | source=E:\Program Files\Splunk\bin\scripts\pingtest.bat

HostName=Host8842, IPAddress=10.10.10.10, Status=SUCCESS
HostName=Host9802, Status=FAILED
HostName=Host41692, IPAddress=11.11.11.11, Status=SUCCESS
host=SuperHost8366 | sourcetype=pingpoc | source=E:\Program Files\Splunk\bin\scripts\pingtest.bat

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MarioM
Motivator
‎07-23-2012 11:53 AM

You need first to line break each line as one event,ie you need to have the following in your props.conf for your sourcetype:

[pingpoc]
SHOULD_LINEMERGE=false

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

MarioM
Motivator
‎07-23-2012 11:53 AM

You need first to line break each line as one event,ie you need to have the following in your props.conf for your sourcetype:

[pingpoc]
SHOULD_LINEMERGE=false
0 Karma
Reply
Solved! Jump to solution

raghu_vaidya
Explorer
‎07-23-2012 02:57 PM

I added following to props.conf and it started working
[pingpoc]
SHOULD_LINEMERGE=true
BREAK_ONLY_BEFORE = HostName=

Thanks!!

0 Karma
Reply
Solved! Jump to solution

r34220
Explorer
‎01-03-2017 03:46 PM

@raghu_vaidya could you share your script?

0 Karma
Reply
Solved! Jump to solution

raghu_vaidya
Explorer
‎07-23-2012 11:23 AM

EDIT : The fields I get is host, sourcetype and source and as part of the Interesting fields I can see HostName but the count is 1, which always is Host8842, and Status interesting field contains always the value of SUCCESS.
Please let me know how can I use the search app to group the above text by Status.

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top