Hi, I have log files coming at different times, but i need to compare logs of same time.
1-----Log1 - file received for every 30mins, ex : 12:30,13:00, 13:30,14:00, 14:30,15:00, 15:30
2-----Log2 - file received for every 2hrs ex: 9:00, 11:00 , 13:00 , 15:00
Here, I need to compare the Log1 and Log2 only after receiving Log2, but catch here is if I run report at
for 4hrs , results will be picked from Log1 for which we don't have data in Log2, which is not correct.
I need results matching same time in both logs.
Is there any way to schedule
Have a search that runs every 2 hours + 15 minutes (be EXTREMELY mindful that schedules/times are effected by the others/users TZ setting) and looks for a new log2 file. Using this filename calculate the associated log1 file (I assume the date is somewhere in there). Do this in a subsearch that generates a search string that contains "source=fooLog1 OR source=fooLog2" and go from there.
What SPL have you tried?