Hello folks, I have Logger lines as below: job MONITOR-DESYNC-3-20I-ERNC: { "chain":"PR1", "nbProperties":1345, "propertyStartCount":1, "nbPropertyPerExecution":5, "propertyEndCount":6, "nbProperty...
See more...
Hello folks, I have Logger lines as below: job MONITOR-DESYNC-3-20I-ERNC: { "chain":"PR1", "nbProperties":1345, "propertyStartCount":1, "nbPropertyPerExecution":5, "propertyEndCount":6, "nbPropertyForCurrentExecution":5 } job MONITOR-DESYNC-3-20I-ERNC: { "chain":"PR2", "nbProperties":1345, "propertyStartCount":6, "nbPropertyPerExecution":5, "propertyEndCount":11, "nbPropertyForCurrentExecution":5 } ------These lines continue till propertyEndCount = nbProperties but sometimes it does not get equal and stops randomly like below. This job stopped at "propertyEndCount":1076 only job MONITOR-DESYNC-3-6AQ-Q7Z: { "chain":"PR1", "nbProperties":1345, "propertyStartCount":1071, "nbPropertyPerExecution":5, "propertyEndCount":1076, "nbPropertyForCurrentExecution":5 } SPlunk query to find how many hotels got covered for each chain . In this case Output Expected is: chain total-property covered-property PR1 1345 1076 PR2 1345 1000 I am quite new to splunk query. I think If somehow I could fetch the value of propertyEndCount from the last event then it should work. If anyone can provide some solution to get as expected result mentioned above. Thanks in Advance.