Splunk Search

How should I create a software installation alert?

msachdeva3
Explorer

Question : I'm trying to install software on some devices & if the install fails, I should know and in which step it failed?
Ideally i want to present a report/dashboard. also I would need to set up an alert.

I have data being logged for each installation step in Splunk. Mostly data in json fomrat.
it has time timestamp,device id, & install step info

what i should be reading in terms of docs & any pointers to approach the problem?

woodcock
Esteemed Legend

If the data is JSON then make sure that you use INDEXED_EXTRACTIONS=JSON. Then the fields that you need will be automatically available to you and you can just search for fieldname="fieldvalue".

0 Karma

jplumsdaine22
Influencer

If you haven't done so already I highly recommend running through the Splunk tutorial. It takes a few hours but it will give you a lot of grounding in the basics. http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchTutorial/WelcometotheSearchTutorial

The tutorial should give you a good enough grounding to explore your data and will probably enable you to solve your problem. After that I would get familiar with the SPL manual http://docs.splunk.com/Documentation/Splunk/6.5.2/Search/GetstartedwithSearch and SPL reference http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/WhatsInThisManual

Failing that, googling splunk should produce some links to peopole who have encountered your specific issue.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...