Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How should I create a software installation alert?

msachdeva3
Explorer
‎01-25-2017 07:01 PM

Question : I'm trying to install software on some devices & if the install fails, I should know and in which step it failed?
Ideally i want to present a report/dashboard. also I would need to set up an alert.

I have data being logged for each installation step in Splunk. Mostly data in json fomrat.
it has time timestamp,device id, & install step info

what i should be reading in terms of docs & any pointers to approach the problem?

Reply

woodcock
Esteemed Legend
‎03-05-2017 12:06 AM

If the data is JSON then make sure that you use INDEXED_EXTRACTIONS=JSON. Then the fields that you need will be automatically available to you and you can just search for fieldname="fieldvalue".

0 Karma
Reply

jplumsdaine22
Influencer
‎01-26-2017 03:15 AM

If you haven't done so already I highly recommend running through the Splunk tutorial. It takes a few hours but it will give you a lot of grounding in the basics. http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchTutorial/WelcometotheSearchTutorial

The tutorial should give you a good enough grounding to explore your data and will probably enable you to solve your problem. After that I would get familiar with the SPL manual http://docs.splunk.com/Documentation/Splunk/6.5.2/Search/GetstartedwithSearch and SPL reference http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/WhatsInThisManual

Failing that, googling splunk should produce some links to peopole who have encountered your specific issue.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...