Question : I'm trying to install software on some devices & if the install fails, I should know and in which step it failed?
Ideally i want to present a report/dashboard. also I would need to set up an alert.
I have data being logged for each installation step in Splunk. Mostly data in json fomrat.
it has time timestamp,device id, & install step info
what i should be reading in terms of docs & any pointers to approach the problem?
If the data is JSON then make sure that you use INDEXED_EXTRACTIONS=JSON
. Then the fields that you need will be automatically available to you and you can just search for fieldname="fieldvalue"
.
If you haven't done so already I highly recommend running through the Splunk tutorial. It takes a few hours but it will give you a lot of grounding in the basics. http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchTutorial/WelcometotheSearchTutorial
The tutorial should give you a good enough grounding to explore your data and will probably enable you to solve your problem. After that I would get familiar with the SPL manual http://docs.splunk.com/Documentation/Splunk/6.5.2/Search/GetstartedwithSearch and SPL reference http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/WhatsInThisManual
Failing that, googling splunk should produce some links to peopole who have encountered your specific issue.