Splunk Search

How should I create a software installation alert?

msachdeva3
Explorer

Question : I'm trying to install software on some devices & if the install fails, I should know and in which step it failed?
Ideally i want to present a report/dashboard. also I would need to set up an alert.

I have data being logged for each installation step in Splunk. Mostly data in json fomrat.
it has time timestamp,device id, & install step info

what i should be reading in terms of docs & any pointers to approach the problem?

woodcock
Esteemed Legend

If the data is JSON then make sure that you use INDEXED_EXTRACTIONS=JSON. Then the fields that you need will be automatically available to you and you can just search for fieldname="fieldvalue".

0 Karma

jplumsdaine22
Influencer

If you haven't done so already I highly recommend running through the Splunk tutorial. It takes a few hours but it will give you a lot of grounding in the basics. http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchTutorial/WelcometotheSearchTutorial

The tutorial should give you a good enough grounding to explore your data and will probably enable you to solve your problem. After that I would get familiar with the SPL manual http://docs.splunk.com/Documentation/Splunk/6.5.2/Search/GetstartedwithSearch and SPL reference http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/WhatsInThisManual

Failing that, googling splunk should produce some links to peopole who have encountered your specific issue.

0 Karma
Get Updates on the Splunk Community!

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...