Reporting

Need help in generating a custom report

mkumarpisl
New Member

Hi Everyone,

I need to generate a customized report for analysing the error on the application server.

My log will be in the format as below.

2013.02.06- 13:51:32.186(PST)|0Lbw4V5QmkjbukJtDVxjTA==|hupy123456|Manoj|AccountDetails|mkmpbt51:18|token1: Nullpointerexception while processing the request.

The fields in the above log statement is as
Timestamp | application id | client id | clientname | classname | servername:instance|error details.

I want to generate a report with the above information by placing | as delimiter. and i need to get the unique count info of the errors.

Can any one guide me on this. Thanks.

Thanks,
Manoj

Tags (1)
0 Karma

mkumarpisl
New Member

Thanks a lot, i am trying to work on.

0 Karma

lguinn2
Legend

You may need to do some reading on field extractons for this to make much sense. But...

In transforms.conf

[yoursourcetypehere]
DELIMS = "|"
FIELDS = Timestamp,application_id,client_id,clientname,classname,servername_instance,error_details

In your search:

sourcetype=yoursourcetypehere
| stats count by error_details

or however you want to count and report. A few more details about the report would be helpful...

Some helpful info about field extractions:

Add fields at searchtime

Create advanced field extractions

0 Karma
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...