Dashboards & Visualizations
Highlighted

ping test using batch file

Explorer

Hi,
I have a windows batch file (.bat) which reads a text (servers.txt) file (this file contains Host names) and produces the output of the ping test. Currently, I have 3 hosts mentioned in the servers.txt file and the output of the ping results which is displayed within Splunk is as below: My requirement is I want to group all the SUCCESS and FAILED hosts, how can I group it? Also, is there a way to colorize the text SUCCESS in green and FAILED text in RED color.

HostName=Host8842, IPAddress=10.10.10.10, Status=SUCCESS
HostName=Host9802, Status=FAILED
HostName=Host41692, IPAddress=11.11.11.11, Status=SUCCESS
host=SuperHost8366 | sourcetype=pingpoc | source=E:\Program Files\Splunk\bin\scripts\pingtest.bat

HostName=Host8842, IPAddress=10.10.10.10, Status=SUCCESS
HostName=Host9802, Status=FAILED
HostName=Host41692, IPAddress=11.11.11.11, Status=SUCCESS
host=SuperHost8366 | sourcetype=pingpoc | source=E:\Program Files\Splunk\bin\scripts\pingtest.bat

Tags (3)
0 Karma
Highlighted

Re: ping test using batch file

Explorer

EDIT : The fields I get is host, sourcetype and source and as part of the Interesting fields I can see HostName but the count is 1, which always is Host8842, and Status interesting field contains always the value of SUCCESS.
Please let me know how can I use the search app to group the above text by Status.

0 Karma
Highlighted

Re: ping test using batch file

Motivator

You need first to line break each line as one event,ie you need to have the following in your props.conf for your sourcetype:

[pingpoc]
SHOULD_LINEMERGE=false

View solution in original post

0 Karma
Highlighted

Re: ping test using batch file

Explorer

I added following to props.conf and it started working
[pingpoc]
SHOULDLINEMERGE=true
BREAK
ONLY_BEFORE = HostName=

Thanks!!

0 Karma
Highlighted

Re: ping test using batch file

Explorer

@raghu_vaidya could you share your script?

0 Karma