Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Need help in generating a custom report

mkumarpisl
New Member
‎02-07-2013 12:40 AM

Hi Everyone,

I need to generate a customized report for analysing the error on the application server.

My log will be in the format as below.

2013.02.06- 13:51:32.186(PST)|0Lbw4V5QmkjbukJtDVxjTA==|hupy123456|Manoj|AccountDetails|mkmpbt51:18|token1: Nullpointerexception while processing the request.

The fields in the above log statement is as
Timestamp | application id | client id | clientname | classname | servername:instance|error details.

I want to generate a report with the above information by placing | as delimiter. and i need to get the unique count info of the errors.

Can any one guide me on this. Thanks.

Thanks,
Manoj

Tags (1)
0 Karma
Reply

mkumarpisl
New Member
‎02-12-2013 02:52 AM

Thanks a lot, i am trying to work on.

0 Karma
Reply

lguinn2
Legend
‎02-07-2013 01:18 AM

You may need to do some reading on field extractons for this to make much sense. But...

In transforms.conf

[yoursourcetypehere]
DELIMS = "|"
FIELDS = Timestamp,application_id,client_id,clientname,classname,servername_instance,error_details

In your search:

sourcetype=yoursourcetypehere
| stats count by error_details

or however you want to count and report. A few more details about the report would be helpful...

Some helpful info about field extractions:

Add fields at searchtime

Create advanced field extractions

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...