Reporting
Highlighted

Need help in generating a custom report

New Member

Hi Everyone,

I need to generate a customized report for analysing the error on the application server.

My log will be in the format as below.

2013.02.06- 13:51:32.186(PST)|0Lbw4V5QmkjbukJtDVxjTA==|hupy123456|Manoj|AccountDetails|mkmpbt51:18|token1: Nullpointerexception while processing the request.

The fields in the above log statement is as
Timestamp | application id | client id | clientname | classname | servername:instance|error details.

I want to generate a report with the above information by placing | as delimiter. and i need to get the unique count info of the errors.

Can any one guide me on this. Thanks.

Thanks,
Manoj

Tags (1)
0 Karma
Highlighted

Re: Need help in generating a custom report

Legend

You may need to do some reading on field extractons for this to make much sense. But...

In transforms.conf

[yoursourcetypehere]
DELIMS = "|"
FIELDS = Timestamp,application_id,client_id,clientname,classname,servername_instance,error_details

In your search:

sourcetype=yoursourcetypehere
| stats count by error_details

or however you want to count and report. A few more details about the report would be helpful...

Some helpful info about field extractions:

Add fields at searchtime

Create advanced field extractions

0 Karma
Highlighted

Re: Need help in generating a custom report

New Member

Thanks a lot, i am trying to work on.

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.