Reporting

Need help in generating a custom report

mkumarpisl
New Member

Hi Everyone,

I need to generate a customized report for analysing the error on the application server.

My log will be in the format as below.

2013.02.06- 13:51:32.186(PST)|0Lbw4V5QmkjbukJtDVxjTA==|hupy123456|Manoj|AccountDetails|mkmpbt51:18|token1: Nullpointerexception while processing the request.

The fields in the above log statement is as
Timestamp | application id | client id | clientname | classname | servername:instance|error details.

I want to generate a report with the above information by placing | as delimiter. and i need to get the unique count info of the errors.

Can any one guide me on this. Thanks.

Thanks,
Manoj

Tags (1)
0 Karma

mkumarpisl
New Member

Thanks a lot, i am trying to work on.

0 Karma

lguinn2
Legend

You may need to do some reading on field extractons for this to make much sense. But...

In transforms.conf

[yoursourcetypehere]
DELIMS = "|"
FIELDS = Timestamp,application_id,client_id,clientname,classname,servername_instance,error_details

In your search:

sourcetype=yoursourcetypehere
| stats count by error_details

or however you want to count and report. A few more details about the report would be helpful...

Some helpful info about field extractions:

Add fields at searchtime

Create advanced field extractions

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...