All Posts

Top

All Posts

"Your Splunk license expired". Does it ring a bell?
@dtburrows3 @gcusello @PickleRick @ITWhisperer - Kindly help
I need to do this for multivalues which is not working. 
@deepakc  Thank you for reply. _raw data is not static it going to change every minute. could u pls let know how to use "eval" for data which going to be changed.
Try this | inputlookup userinfo | eval fourth_result=if(ExamID>=120 AND ExamID<=125,"GOOD","OTHER")
Greetings, I have just started using splunk and I was trying to montior logs from my files section, And I am getting the following errors while doing so, help me. I am using heavy forwarder for this.... See more...
Greetings, I have just started using splunk and I was trying to montior logs from my files section, And I am getting the following errors while doing so, help me. I am using heavy forwarder for this.   I have added my forwarder port to 192.168.196.51:9997 and also made reciever on port 9997. I dont know where I am making mistake. Please help me with this. Thanks and Regards.  
This is an example using makeresults and rex | makeresults | eval _raw="Test1=101,Test2=102,Test3=103,Test4=104,Test5=105,Test6=106,Test7=107,Test8=108,Test9=109,Test101=110" | makemv _raw delim=",... See more...
This is an example using makeresults and rex | makeresults | eval _raw="Test1=101,Test2=102,Test3=103,Test4=104,Test5=105,Test6=106,Test7=107,Test8=108,Test9=109,Test101=110" | makemv _raw delim="," | rex field=_raw "(?<field>Test7)=(?<value>\d+)" | table field value
Sample "testput.log" file as below: 240418 06:44:53 3543 testput1: ---> TRN: 133c0119a15e407595cd46c89216ca101 - AP sent to [TEST.SND.TO.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:44:53 3543 te... See more...
Sample "testput.log" file as below: 240418 06:44:53 3543 testput1: ---> TRN: 133c0119a15e407595cd46c89216ca101 - AP sent to [TEST.SND.TO.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:44:53 3543 testput1: <=== TRN@Al10: 133c0119a15e407595cd46c89216ca101 - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:44:52 3543 testput1: ---> TRN: b247073ae24443d79be3360de4c1bfec1 - AP sent to [TEST.SND.TO.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:44:52 3543 testput1: <=== TRN@Al5: b247073ae24443d79be3360de4c1bfec1 - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:44:52 3543 testput1: ---> TRN: f3cf7266d2ad4fa6bf86412441c374991 - AP sent to [TEST.SND.TO.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:44:52 3543 testput1: <=== TRN@Al10: f3cf7266d2ad4fa6bf86412441c374991 - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:44:52 3543 testput1: ---> TRN: d7de4351d94040a995eb373fe834a0371 - AP sent to [TEST.SND.TO.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:44:52 3543 testput1: <=== TRN@Al13: d7de4351d94040a995eb373fe834a0371 - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:44:50 3543 testput1: ---> TRN: c36d67d7af5f45f28afe0af2a80c6ea61 - AP sent to [TEST.SND.TO.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:44:50 3543 testput1: <=== TRN@Al9: c36d67d7af5f45f28afe0af2a80c6ea61 - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:43:31 3543 testput1: HS135255 InvokeIDRModule: << IDR TRN <UVW024041800194GN00002-DREn00001A> . Out Status = < > 240418 06:43:31 3543 testput1: HS135254 InvokeIDRModule: >> IDR TRN <UVW024041800194GN00002-DREn00001A> . In Status = <P> 240418 06:43:31 3543 testput1: ---> TRN: UVW024041800194GN00002-DREn00001A - MP sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:43:31 3543 testput1: <=== TRN@mmicntl: UVW024041800194GN00002-DREn00001A - MP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:41:25 3543 testput1: ---> TRN: fbccac1e49bf41b9a66ac87c2e9976691 - AP sent to [TEST.SND.TO.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:41:25 3543 testput1: <=== TRN@Al9: fbccac1e49bf41b9a66ac87c2e9976691 - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:39:59 3543 testput1: ---> TRN: UVW024041800194GN00013 - MP sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:59 3543 testput1: SendResponseToHost : Sending response to the Host 240418 06:39:59 3543 testput1: HS135255 InvokeIDRModule: << IDR TRN <UVW024041800194GN00013-DREn0000cA> . Out Status = <P> 240418 06:39:59 3543 testput1: HS135254 InvokeIDRModule: >> IDR TRN <UVW024041800194GN00013-DREn0000cA> . In Status = <H> 240418 06:39:59 3543 testput1: ---> TRN: UVW024041800194GN00013-DREn0000cA - AH sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:59 3543 testput1: <=== TRN@Al9: UVW024041800194GN00013-DREn0000cA - AH. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:39:59 3543 testput1: ---> TRN: UVW024041800194GN00007-DREn00006A - AP sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:59 3543 testput1: <=== TRN@Al7: UVW024041800194GN00007-DREn00006A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:39:59 3543 testput1: ---> TRN: UVW024041800194GN00010-DREn00009A - AP sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:59 3543 testput1: <=== TRN@Al4: UVW024041800194GN00010-DREn00009A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:39:58 3543 testput1: ---> TRN: UVW024041800194GN00008-DREn00007A - AP sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:58 3543 testput1: <=== TRN@Al3: UVW024041800194GN00008-DREn00007A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:39:58 3543 testput1: ---> TRN: UVW024041800194GN00006-DREn00005A - AP sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:58 3543 testput1: <=== TRN@Al1: UVW024041800194GN00006-DREn00005A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:39:58 3543 testput1: ---> TRN: UVW024041800194GN00011-DREn0000aA - AP sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:58 3543 testput1: <=== TRN@Al11: UVW024041800194GN00011-DREn0000aA - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:39:58 3543 testput1: HS135255 InvokeIDRModule: << IDR TRN <UVW024041800194GN00002-DREn00001A> . Out Status = <O> 240418 06:39:58 3543 testput1: HS135254 InvokeIDRModule: >> IDR TRN <UVW024041800194GN00002-DREn00001A> . In Status = <H> 240418 06:39:58 3543 testput1: ---> TRN: UVW024041800194GN00002-DREn00001A - AH sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:58 3543 testput1: <=== TRN@Al10: UVW024041800194GN00002-DREn00001A - AH. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:39:58 3543 testput1: ---> TRN: UVW024041800194GN00012-DREn0000bA - AP sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:58 3543 testput1: <=== TRN@Al8: UVW024041800194GN00012-DREn0000bA - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:39:58 3543 testput1: ---> TRN: UVW024041800194GN00003-DREn00002A - AP sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:58 3543 testput1: <=== TRN@Al14: UVW024041800194GN00003-DREn00002A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:39:58 3543 testput1: ---> TRN: UVW024041800194GN00001 - MP sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:58 3543 testput1: SendResponseToHost : Sending response to the Host 240418 06:39:58 3543 testput1: HS135255 InvokeIDRModule: << IDR TRN <UVW024041800194GN00001-DREn00000A> . Out Status = <P> 240418 06:39:58 3543 testput1: HS135254 InvokeIDRModule: >> IDR TRN <UVW024041800194GN00001-DREn00000A> . In Status = <H> 240418 06:39:58 3543 testput1: ---> TRN: UVW024041800194GN00001-DREn00000A - AH sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:39:58 3543 testput1: <=== TRN@Al13: UVW024041800194GN00001-DREn00000A - AH. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:46 3543 testput1: <=== TRN@Al8: 34e4c77406e647d29859a7c3e0077cab1 - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:46 3543 testput1: ---> TRN: 34e4c77406e647d29859a7c3e0077cab1 - AP sent to [TEST.SND.TO.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:37:40 3543 testput1: HS135255 InvokeIDRModule: << IDR TRN <MNCDBC2024041804991213-DREg0000aA> . Out Status = < > 240418 06:37:40 3543 testput1: HS135254 InvokeIDRModule: >> IDR TRN <MNCDBC2024041804991213-DREg0000aA> . In Status = <P> 240418 06:37:40 3543 testput1: ---> TRN: MNCDBC2024041804991213-DREg0000aA - MP sent to [TEST.SND.TO.CPC@QM.PQRS103]. 240418 06:37:40 3543 testput1: <=== TRN@mmicntl: MNCDBC2024041804991213-DREg0000aA - MP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:28 3543 testput1: ---> TRN: 17bd221de8f14fd09439fc2bb9564bed1 - AP sent to [TEST.SND.TO.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:37:28 3543 testput1: <=== TRN@Al9: 17bd221de8f14fd09439fc2bb9564bed1 - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:23 3543 testput1: <=== TRN@mmicntl: CLG024041800098GN00001-DREh00023A - MP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:23 3543 testput1: HS135255 InvokeIDRModule: << IDR TRN <CLG024041800098GN00001-DREh00023A> . Out Status = < > 240418 06:37:23 3543 testput1: HS135254 InvokeIDRModule: >> IDR TRN <CLG024041800098GN00001-DREh00023A> . In Status = <P> 240418 06:37:23 3543 testput1: ---> TRN: CLG024041800098GN00001-DREh00023A - MP sent to [TEST.SND.TO.CLH@QM.PQRS103]. 240418 06:37:17 3543 testput1: ---> TRN: MNO24041800065GS00077-DREl0004cA - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:17 3543 testput1: <=== TRN@Al2: MNO24041800065GS00077-DREl0004cA - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:17 3543 testput1: ---> TRN: MNO24041800065GS00079-DREl0004eA - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:17 3543 testput1: <=== TRN@Al5: MNO24041800065GS00079-DREl0004eA - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:16 3543 testput1: ---> TRN: MNO24041800065GS00081-DREl00050A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:16 3543 testput1: <=== TRN@Al1: MNO24041800065GS00081-DREl00050A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:16 3543 testput1: ---> TRN: MNO24041800065GS00075-DREl0004aA - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:15 3543 testput1: <=== TRN@Al1: MNO24041800065GS00064-DREl0003fA - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:15 3543 testput1: ---> TRN: MNO24041800065GS00063-DREl0003eA - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:15 3543 testput1: <=== TRN@Al13: MNO24041800065GS00063-DREl0003eA - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:15 3543 testput1: ---> TRN: MNO24041800065GS00066-DREl00041A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:15 3543 testput1: <=== TRN@Al3: MNO24041800065GS00066-DREl00041A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:15 3543 testput1: ---> TRN: MNO24041800065GS00058-DREl00039A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:15 3543 testput1: <=== TRN@Al2: MNO24041800065GS00058-DREl00039A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:15 3543 testput1: ---> TRN: MNO24041800065GS00061-DREl0003cA - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:15 3543 testput1: <=== TRN@Al12: MNO24041800065GS00061-DREl0003cA - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:12 3543 testput1: <=== TRN@Al4: MNO24041800065GS00035-DREl00022A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:12 3543 testput1: ---> TRN: MNO24041800065GS00033-DREl00020A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:12 3543 testput1: <=== TRN@Al5: MNO24041800065GS00033-DREl00020A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:12 3543 testput1: ---> TRN: MNO24041800065GS00039-DREl00026A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:12 3543 testput1: <=== TRN@Al3: MNO24041800065GS00039-DREl00026A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:12 3543 testput1: ---> TRN: MNO24041800065GS00044-DREl0002bA - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:12 3543 testput1: <=== TRN@Al14: MNO24041800065GS00044-DREl0002bA - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:12 3543 testput1: ---> TRN: MNO24041800065GS00038-DREl00025A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:12 3543 testput1: <=== TRN@Al1: MNO24041800065GS00038-DREl00025A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:12 3543 testput1: ---> TRN: MNO24041800065GS00036-DREl00023A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:11 3543 testput1: <=== TRN@Al9: MNO24041800065GS00026-DREl00019A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:11 3543 testput1: ---> TRN: MNO24041800065GS00019-DREl00012A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:11 3543 testput1: <=== TRN@Al1: MNO24041800065GS00019-DREl00012A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:11 3543 testput1: ---> TRN: MNO24041800065GS00025-DREl00018A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:11 3543 testput1: <=== TRN@Al5: MNO24041800065GS00025-DREl00018A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:11 3543 testput1: ---> TRN: MNO24041800065GS00016-DREl0000fA - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:11 3543 testput1: <=== TRN@Al4: MNO24041800065GS00016-DREl0000fA - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:11 3543 testput1: vlog: Current log size is 3497994 bytes 240418 06:37:11 3543 testput1: ---> TRN: MNO24041800065GS00024-DREl00017A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:11 3543 testput1: <=== TRN@Al3: MNO24041800065GS00024-DREl00017A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:11 3543 testput1: ---> TRN: MNO24041800065GS00017-DREl00010A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:11 3543 testput1: <=== TRN@Al12: MNO24041800065GS00017-DREl00010A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:11 3543 testput1: ---> TRN: MNO24041800065GS00022-DREl00015A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:11 3543 testput1: <=== TRN@Al13: MNO24041800065GS00022-DREl00015A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:11 3543 testput1: ---> TRN: MNO24041800065GS00023 - MP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:11 3543 testput1: SendResponseToHost : Sending response to the Host 240418 06:37:11 3543 testput1: HS135255 InvokeIDRModule: << IDR TRN <MNO24041800065GS00023-DREl00016A> . Out Status = <P> 240418 06:37:11 3543 testput1: HS135254 InvokeIDRModule: >> IDR TRN <MNO24041800065GS00023-DREl00016A> . In Status = <H> 240418 06:37:11 3543 testput1: ---> TRN: MNO24041800065GS00023-DREl00016A - AH sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:11 3543 testput1: <=== TRN@Al10: MNO24041800065GS00023-DREl00016A - AH. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:09 3543 testput1: ---> TRN: MNO24041800065GS00007-DREl00006A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:09 3543 testput1: <=== TRN@Al14: MNO24041800065GS00007-DREl00006A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:09 3543 testput1: ---> TRN: MNO24041800065GS00004-DREl00003A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:37:09 3543 testput1: <=== TRN@Al8: MNO24041800065GS00004-DREl00003A - AP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1. 240418 06:37:09 3543 testput1: ---> TRN: MNO24041800065GS00001-DREl00000A - AP sent to [TEST.SND.TO.XYZ@QM.PQRS103]. 240418 06:35:10 3543 testput1: HS135255 InvokeIDRModule: << IDR TRN <UVW024041800193GN00003-DREh0002dA> . Out Status = < > 240418 06:35:10 3543 testput1: HS135254 InvokeIDRModule: >> IDR TRN <UVW024041800193GN00003-DREh0002dA> . In Status = <P> 240418 06:35:10 3543 testput1: ---> TRN: UVW024041800193GN00003-DREh0002dA - MP sent to [TEST.SND.TO.PQR@QM.PQRS103]. 240418 06:35:10 3543 testput1: <=== TRN@mmicntl: UVW024041800193GN00003-DREh0002dA - MP. DestHost=[MQ] from RESPONSE_Q1=instance_abc.RS1.  
Hi  try using kvform (https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/SearchReference/Kvform ) Ciao. Giuseppe
Refer below sample log file - there are 2 log files "testget.log" & "testput.log" Sample "testget.log" file as below: 240418 06:44:51 37787 testget1: ===> TRN@instance_abc.RQ1: 133c0119a15e4075... See more...
Refer below sample log file - there are 2 log files "testget.log" & "testput.log" Sample "testget.log" file as below: 240418 06:44:51 37787 testget1: ===> TRN@instance_abc.RQ1: 133c0119a15e407595cd46c89216ca101 [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:44:51 37787 testget1: <--- TRN: 133c0119a15e407595cd46c89216ca101 - S from [TEST.RCV.FROM.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:44:51 37787 testget1: ===> TRN@instance_abc.RQ1: b247073ae24443d79be3360de4c1bfec1 [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:44:51 37787 testget1: ===> TRN@instance_abc.RQ1: f3cf7266d2ad4fa6bf86412441c374991 [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:44:51 37787 testget1: <--- TRN: b247073ae24443d79be3360de4c1bfec1 - S from [TEST.RCV.FROM.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:44:51 37787 testget1: <--- TRN: f3cf7266d2ad4fa6bf86412441c374991 - S from [TEST.RCV.FROM.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:44:51 37787 testget1: ===> TRN@instance_abc.RQ1: d7de4351d94040a995eb373fe834a0371 [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:44:50 37787 testget1: <--- TRN: d7de4351d94040a995eb373fe834a0371 - S from [TEST.RCV.FROM.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:44:49 37787 testget1: ===> TRN@instance_abc.RQ1: c36d67d7af5f45f28afe0af2a80c6ea61 [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:44:49 37787 testget1: <--- TRN: c36d67d7af5f45f28afe0af2a80c6ea61 - S from [TEST.RCV.FROM.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:41:24 37787 testget1: ===> TRN@instance_abc.RQ1: fbccac1e49bf41b9a66ac87c2e9976691 [Priority=Medium,ScanPriority=4, Rule: LOC=HK2; Cur=USD; Amt≥0; Srv=ALL; Recv@1565936557:00 00-00-0000]. 240418 06:41:24 37787 testget1: <--- TRN: fbccac1e49bf41b9a66ac87c2e9976691 - S from [TEST.RCV.FROM.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00013-DREn0000cA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00012-DREn0000bA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00011-DREn0000aA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00010-DREn00009A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00009-DREn00008A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00008-DREn00007A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00007-DREn00006A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00006-DREn00005A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00005-DREn00004A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00004-DREn00003A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00003-DREn00002A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00002-DREn00001A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00013-DREn0000cA - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00012-DREn0000bA - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00011-DREn0000aA - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00010-DREn00009A - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00009-DREn00008A - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00008-DREn00007A - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00007-DREn00006A - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:57 37787 testget1: vlog: Current log size is 2441342 bytes 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00006-DREn00005A - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00005-DREn00004A - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00004-DREn00003A - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00003-DREn00002A - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:57 37787 testget1: <--- TRN: UVW024041800194GN00002-DREn00001A - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:39:56 37787 testget1: ===> TRN@instance_abc.RQ1: UVW024041800194GN00001-DREn00000A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:39:56 37787 testget1: <--- TRN: UVW024041800194GN00001-DREn00000A - S from [TEST.RCV.FROM.PQR@QM.PQRS103]. 240418 06:37:45 37787 testget1: ===> TRN@instance_abc.RQ1: 34e4c77406e647d29859a7c3e0077cab1 [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:45 37787 testget1: <--- TRN: 34e4c77406e647d29859a7c3e0077cab1 - S from [TEST.RCV.FROM.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:37:28 37787 testget1: ===> TRN@instance_abc.RQ1: 17bd221de8f14fd09439fc2bb9564bed1 [Priority=Medium,ScanPriority=4, Rule: LOC=HK2; Cur=USD; Amt≥0; Srv=ALL; Recv@1565936557:00 00-00-0000]. 240418 06:37:28 37787 testget1: <--- TRN: 17bd221de8f14fd09439fc2bb9564bed1 - S from [TEST.RCV.FROM.ABC.PQRST.Q1@QM.PQRS102]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00081-DREl00050A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00080-DREl0004fA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00079-DREl0004eA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00078-DREl0004dA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00077-DREl0004cA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00076-DREl0004bA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00059-DREl0003aA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00058-DREl00039A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00057-DREl00038A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00056-DREl00037A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00055-DREl00036A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00054-DREl00035A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00053-DREl00034A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00052-DREl00033A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00081-DREl00050A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00080-DREl0004fA - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00079-DREl0004eA - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00078-DREl0004dA - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00077-DREl0004cA - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00076-DREl0004bA - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00071-DREl00046A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00057-DREl00038A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00056-DREl00037A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00055-DREl00036A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00054-DREl00035A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00053-DREl00034A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00052-DREl00033A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00051-DREl00032A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00050-DREl00031A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00049-DREl00030A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00048-DREl0002fA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00047-DREl0002eA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00031-DREl0001eA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00030-DREl0001dA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00029-DREl0001cA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00028-DREl0001bA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00027-DREl0001aA [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00026-DREl00019A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00025-DREl00018A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00024-DREl00017A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: vlog: Current log size is 2427949 bytes 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00023-DREl00016A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00022-DREl00015A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00021-DREl00014A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00020-DREl00013A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00009-DREl00008A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00008-DREl00007A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00007-DREl00006A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00006-DREl00005A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00005-DREl00004A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00004-DREl00003A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00003-DREl00002A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00002-DREl00001A [Priority=Low,ScanPriority=0, Rule: Default Rule]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00051-DREl00032A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00050-DREl00031A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00049-DREl00030A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00048-DREl0002fA - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00047-DREl0002eA - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00046-DREl0002dA - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00045-DREl0002cA - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00044-DREl0002bA - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00043-DREl0002aA - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00042-DREl00029A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00036-DREl00023A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:08 37787 testget1: <--- TRN: MNO24041800065GS00035-DREl00022A - S from [TEST.RCV.FROM.XYZ@QM.PQRS103]. 240418 06:37:07 37787 testget1: ===> TRN@instance_abc.RQ1: MNO24041800065GS00001-DREl00000A [Priority=Low,ScanPriority=0, Rule: Default Rule].        
I need to create a dashboard panel merging two different search queries. I have below two queries: Kindly help on this request.   index=test_index source=/applications/test/*instance_abc* ("<--- T... See more...
I need to create a dashboard panel merging two different search queries. I have below two queries: Kindly help on this request.   index=test_index source=/applications/test/*instance_abc* ("<--- TRN:" OR "Priority" OR "---> TRN:" OR "AP sent to" OR "AH sent to" OR "MP sent to") | rex field=_raw "Priority\=(?<Priority>[^\,]+)" | rex "(?:\={3}\>|\<\-{3})\s+TRN[^\:]*\:\s+(?<trn>[^\s]+)" | rex "TEST\.RCV\.FROM\.(?<TestMQ>.*)\@" | stats count(eval(Priority=="Low")) as Low, count(eval(Priority=="Medium")) as Medium, count(eval(Priority=="High")) as High, values(TestMQ) as TestMQ by trn | stats sum(Low) as Low, sum(Medium) as Medium, sum(High) as High by TestMQ | addtotals fieldname="TotalCount" | sort by TotalCount desc     This gives me output as below: TestMQ | Low | Medium | High | TotalCount The 2nd query is below:     index=test_index source=/applications/test/*instance_abc* ("<--- TRN:" OR "Priority" OR "---> TRN:" OR "AP sent to" OR "AH sent to" OR "MP sent to") | eval field=split(source,"/") | eval Instance=mvindex(field,4) | chart count(eval(searchmatch("from"))) as Testget count(eval(searchmatch("sent to"))) as Testput count(eval(searchmatch("AP sent to"))) as AP count(eval(searchmatch("AH sent to"))) as AH count(eval(searchmatch("MP sent to"))) as MP by Instance | eval Pending = Testget - (AP + AH) | sort Testget desc     This gives me output as below: Instance | Testget | Testput | AP | AH | MP | Pending I am looking for merging both the queries together and get the final output based on Pending volume for Low, Medium and High priority counts.   Select: Low, Medium, High (From the Dashboard dropdown) Output Expected: TestMQ| Low-Testget | Low-Testput | Low-AP | Low-AH | Low-MP | Low-Pending TestMQ | Medium-Testget | Medium-Testput | Medium-AP | Medium-AH | Medium-MP | Medium-Pending TestMQ | High-Testget | High-Testput | High-AP | High-AH | High-MP | High-Pending
I have a lookup like this  Name Status ExamID John Pass 123 Bob Pass 345 John Fail 234 Bob Pass 235 Smith Fail 231   My Events are having Name alone as the unique ... See more...
I have a lookup like this  Name Status ExamID John Pass 123 Bob Pass 345 John Fail 234 Bob Pass 235 Smith Fail 231   My Events are having Name alone as the unique identifier.   I wrote my query like this  index=userdata [ inputlookup userinfo.csv | fields Name]  | lookup userinfo.csv Name as Name OUTPUT Status as Status ExamID as Identifier  Via first subsearch I extracted the events only belong to names present in the table and then i tried to ouput the status and examid for those Names. On combination of these 3 in the event i need to evaluate fourth result.  John - Pass - 123 ->> In this if ExamID falls between 120 and 125 I need to print value for fourth field as "GOOD"  However while am printing output from lookup i got multivalues like this. Then i tried to do mvappend and that did not work correctly.  So how to do this correctly John Pass Fail 123 234
Hi Team, Good day! We have extracted the set of job names from the event using the below rex query. index=app_events_dwh2_de_uat _raw=*jobname* | rex max_match=0 "\\\\\\\\\\\\\"jobname\\\\\\\\\\\\... See more...
Hi Team, Good day! We have extracted the set of job names from the event using the below rex query. index=app_events_dwh2_de_uat _raw=*jobname* | rex max_match=0 "\\\\\\\\\\\\\"jobname\\\\\\\\\\\\\":\s*\\\\\\\\\\\\\"(?<Name>[^\\\]+).*?\\\\\\\\\\\\\"status\\\\\\\\\\\\\":\s*\\\\\\\\\\\\\"(?<State>ENDED OK).*?Timestamp\\\\\\\\\\\\\": \\\\\\\\\\\\\"(?<TIME>\d+\s*\d+\:\d+\:\d+).*?execution_time_in_seconds\\\\\\\\\\\\\": \\\\\\\\\\\\\"(?<EXECUTION_TIME>[\d\.\-]+)" | table "TIME", "Name", "State", "EXECUTION_TIME" | mvexpand TIME | dedup TIME After using the above query we have obtained the result in the table format like below. 20240417 21:13:23 CONTROL_M_REPORT ENDED OK 73.14 DWHEAP_FW_BHW ENDED OK 80.66 DWHEAP_FW_TALANX ENDED OK 80.18 DWHEAP_TALANX_LSP_FW_NODATA ENDED OK 3.25 SALES_EVENT_TRANSACTION_RDV ENDED OK 141.41   Is it possible to extract only the jobs with name consists of string NODATA from the above set of job names.  Below is the sample event for the above one. Dataframe row : {"_c0":{"0":"{","1":" \"0\": {","2":" \"jobname\": \"CONTROL_M_REPORT\"","3":" \"status\": \"ENDED OK\"","4":" \"execution_time_in_seconds\": \"46.39\"","5":" \"Timestamp\": \"20240418 12:13:23\"","6":" }","7":" \"1\": {","8":" \"jobname\": \"DWHEAP_FW_AIMA_001\"","9":" \"status\": \"ENDED OK\"","10":" \"execution_time_in_seconds\": \"73.14\"","11":" \"Timestamp\": \"20240418 12:13:23\"","12":" }","13":" \"2\": {","14":" \"jobname\": \"DWHEAP_FW_BHW\"","15":" \"status\": \"ENDED OK\"","16":" \"execution_time_in_seconds\": \"71.19\"","17":" \"Timestamp\": \"20240418 12:13:23\"","18":" }","19":" \"3\": {","20":" \"jobname\": \"DWHEAP_FW_NODATA\"","21":" \"status\": \"ENDED OK\"","22":" \"execution_time_in_seconds\": \"80.63\"","23":" \"Timestamp\": \"20240418 12:13:23\"","24":" }","25":" \"4\": {","26":" \"jobname\": \"DWHEAP_FW_TALANX\"","27":" \"status\": \"ENDED OK\"","28":" \"execution_time_in_seconds\": \"80.20\"","29":" \"Timestamp\": \"20240418 12:13:23\"","30":" }","31":" \"5\": {","32":" \"jobname\": \"DWHEAP_FW_UC4_001\"","33":" \"status\": \"ENDED OK\"","34":" \"execution_time_in_seconds\": \"80.13\"","35":" \"Timestamp\": \"20240418 12:13:23\"","36":" }","37":" \"6\": {","38":" \"jobname\": \"DWHEAP_TALANX_LSP_FW_NODATA\"","39":" \"status\": \"ENDED NOTOK\"","40":" \"execution_time_in_seconds\": \"120.12\"","41":" \"Timestamp\": \"20240418 12:13:23\"","42":" }","43":" \"7\": {","44":" \"jobname\": \"RDV_INFRASTRUCTURE_DETAILS\"","45":" \"status\": \"ENDED OK\"","46":" \"execution_time_in_seconds\": \"81.16\"","47":" \"Timestamp\": \"20240418 12:13:23\"","48":" }","49":" \"8\": {","50":" \"jobname\": \"VIPASNEU_STG\"","51":" \"status\": \"ENDED OK\"","52":" \"execution_time_in_seconds\": \"45.04\"","53":" \"Timestamp\": \"20240418 12:13:23\"","54":" }","55":"}"}} Please look into this and kindly help us in extraction of the job which contains string NODATA from the above set of job names that has been extracted     
Hi All, I have a json event which has test cases and test case status and jenkins build number. There are many test cases in my events. I want to find if any of the test case is failing more than in... See more...
Hi All, I have a json event which has test cases and test case status and jenkins build number. There are many test cases in my events. I want to find if any of the test case is failing more than in 5 jenkins build number continuously. If any of the test cases is failing continuously in 5 builds i want to list such test cases. I have tried streamstats but not able to implement it fully. Does anyone have a better approach on this? please guide me on this.  
Hi Community, I have a question about regex and extraction I have _raw data in 2 rows/lines  (key and value) and I have to extract filed with key and value e.g :  row 1 : Test1 Test2 Test3 Test... See more...
Hi Community, I have a question about regex and extraction I have _raw data in 2 rows/lines  (key and value) and I have to extract filed with key and value e.g :  row 1 : Test1 Test2 Test3 Test4 Test5 Test6 Test7 Test8 Test9 Test10 row 2:  101    102     103.    104.     105.   106.   107.   108.   109.    110      I have to extract only Test7 from above log and have print it's value in table  Pls help me  Regards, Moin
Hi @ITWhisperer , Thank you so much for the info. I referred the example mentioned above and i was able to get the answer.
@kiran_panchavat  Thank you for your response! I've already reached out to PowerConnect via email, but if anyone has access to a guide or documentation that could help me plan my solution more effect... See more...
@kiran_panchavat  Thank you for your response! I've already reached out to PowerConnect via email, but if anyone has access to a guide or documentation that could help me plan my solution more effectively, I would greatly appreciate it.
@chanathipRefer the below link. How to integrate Splunk with SAP HANA? - Splunk Community    
This still has not been solved in 2024.  I do mess a Heavy Forwarder group/tag as well.  Indexer group should only contain indexers, but we now have the HF in that group as well.
Hi Hardik, The query that i sent to you is working for the whole collectors (I have only 1 collector so it is showing only 1 )   If you have more than 1 collector you need to add "WHERE" clause ... See more...
Hi Hardik, The query that i sent to you is working for the whole collectors (I have only 1 collector so it is showing only 1 )   If you have more than 1 collector you need to add "WHERE" clause with "server-id" property in order to filter your exact collector match. (you can also find which server-id is equal to which collector name via Chrome 12 Network tools. I sent you a reference screenshot)  The query below will be useful for you to filter the exact collector, In my example, I'm only working with a collector that server-id =4838  you can find your collector's server-id via Chrome-FireFox brows. developer tools like this below, First Open you database collector via AppD controller UI below at the same time you can find the server-id detail over Browser's "Network-Response tab"  After finding the exact server-id property you can use this Select query below for the result If you want to compare result via Default dashboard widget as you can see it is also same below, Btw you can also find wait-stat-id explanation detail same way (over Chrome developer tool) If you want more detail please feel free. Thanks Cansel