Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to parse these events?

ravikumar_sri20
Engager
‎02-21-2023 04:31 AM 
Hi Experts,

I have below events

Event 1 : TRANEND TRANS ABENDS TRN1 ABN1 blah blah
Event 2 : TRANEND CICS_TRAN_Abends CICT1 TRN3 ABN3 blah blah
Event 3 : TRANSUMM CICS_TSUM_Rate CICT1 = * blah blah
Event 4 : TRANDYN TRANS ABENDS TRN2 ABN2 blah blah
Event 5 : SYSTEM CICS_RDSA_MaxFree CICt2 * * blah blah
Event 6 : TRANDYN CICS_TRAN_Abends CICT1 TRN4 ABN4 blah blah

I want below output

Traction Abend code
TRN1     ABN1
TRN3     ABN3
TRN2     ABN2
TRN4     ABN4

Events 2,3,5 needs to be excluded from the result

Could you please help me ?

Thanks,
Ravikumar

 

Labels (1)
Labels
0 Karma
Reply

ravikumar_sri20
Engager
‎02-21-2023 09:11 AM

Hi,

Below are the sample events

Event 1 : TRANEND TRANS ABENDS TRN1 ABN1 blah blah
Event 2 : TRANEND CICS_TRAN_Abends CICT1 TRN3 ABN3 blah blah
Event 3 : TRANSUMM CICS_TSUM_Rate CICT1 = * blah blah
Event 4 : TRANDYN TRANS ABENDS TRN2 ABN2 blah blah
Event 5 : SYSTEM CICS_RDSA_MaxFree CICt2 * * blah blah
Event 6 : TRANDYN CICS_TRAN_Abends CICT1 TRN4 ABN4 blah blah

Events containing below text should be in output. So, Events 2,3,5 need to be excluded from the result
"TRANEND TRANS ABENDS"
"TRANEND CICS_TRAN_Abends"
"TRANDYN TRANS ABENDS"
"TRANDYN CICS_TRAN_Abends"


I want below output

Traction Abend code
TRN1 ABN1
TRN3 ABN3
TRN2 ABN2
TRN4 ABN4


Thanks,
Ravikumar

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-21-2023 05:09 AM

Hi @ravikumar_sri20,

what are the rules to exclude ot include an event?

could you share a sample of your events?

Ciao.

Giuseppe

0 Karma
Reply

ravikumar_sri20
Engager
‎02-21-2023 09:12 AM

Hi,

Below are the sample events

Event 1 : TRANEND TRANS ABENDS TRN1 ABN1 blah blah
Event 2 : TRANEND CICS_TRAN_Abends CICT1 TRN3 ABN3 blah blah
Event 3 : TRANSUMM CICS_TSUM_Rate CICT1 = * blah blah
Event 4 : TRANDYN TRANS ABENDS TRN2 ABN2 blah blah
Event 5 : SYSTEM CICS_RDSA_MaxFree CICt2 * * blah blah
Event 6 : TRANDYN CICS_TRAN_Abends CICT1 TRN4 ABN4 blah blah

Events containing below text should be in output. So, Events 2,3,5 need to be excluded from the result
"TRANEND TRANS ABENDS"
"TRANEND CICS_TRAN_Abends"
"TRANDYN TRANS ABENDS"
"TRANDYN CICS_TRAN_Abends"


I want below output

Traction Abend code
TRN1 ABN1
TRN3 ABN3
TRN2 ABN2
TRN4 ABN4


Thanks,
Ravikumar

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Application management with Targeted Application Install for Victoria Experience

  Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...

Index This | What goes up and never comes down?

January 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

The Power of Two: Splunk + Cisco at "Ludicrous Scale"   You know Splunk. You know Cisco. But have you seen ...