Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to write a search for mapping fields based...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have a sample dataset as follows:
PROCCESS_NAME STATUS
p1 PASS
p2 PASS
p3 PASS
p4 PASS
p5 PASS
p6 PASS
Their dependency relationship is as follows
p1-->depends on -->p2 -->depends on-->p4 -->depends on -->p6
p1-->depends on --> p3-->depends on-->p5
How can I represent the same in table/chart in a dynamic way. Also if any PROCCESS_NAME fails, its upper hierarchy show also set as FAIL.
Means if p6 fails, then p6,p4,p2 and p1 should also be set as FAIL.
Currently I am able to show either predecessor or successor . i.e p2-p1 OR p2-p3 based on the lookup created:
Predecessor Successor
p1 p2
p1 p3
p2 p4
p4 p6
p3 p5
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are two solutions on the thread at this link, one of which is extensively documented and general in its application.
https://answers.splunk.com/answers/170487/recursively-join-the-same-table.html
Be sure to upvote rmasuoka's post on that thread if it helps you with your problem. Looks like he did a lot of work to create, document and explain a generally applicable solution.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are two solutions on the thread at this link, one of which is extensively documented and general in its application.
https://answers.splunk.com/answers/170487/recursively-join-the-same-table.html
Be sure to upvote rmasuoka's post on that thread if it helps you with your problem. Looks like he did a lot of work to create, document and explain a generally applicable solution.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, thanks for sharing the link - this will help me.
Yes, rmasuoka definitely deserves an up vote.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if any lower hierarchy process fails, its upper one should be forced to set as FAIL, even if in individual run the upper one was PASS.
Means if p6 fails and p5 not, then p6 predecessor p4 should be set as FAIL, which in turn set p2 as FAIL and finally P1 as FAIL.
while p5 and p3 continues to be in PASS status.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What happens when P6 fails but p5 passes?
And when p6 fails and p2 passes?
Also how are these processes distinguished in each run say, if the data needs a correlation between multi runs, like below, how can once distinguish between p1 of run 1 from p1 of run2,3 or 4:
run 1 - p1 pass; p2 pass; p4 pass; p6 pass
run 2 - p1 pass; p3 pass; p5 fails
run 3 - p1 pass; p2 fails; p4 pass; p6 pass
run 4 - p1 pass; p3 pass; p5 pass
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
