Hi Splunkers,
So I'm getting started with multikv extractions, and I've come across this issue. I'm attempting to generate a report (based on the output of Solarwinds) that will graph the average number of concurrent connections per virtual server on a specific physical ESX server. The log format is as follows:
Virtual Server Concurrent Connections
LAST 3 MONTHS
PSRV-0001
DATE / TIME VS-0001 VS-0002 VS-0003 VS-0004
29-Apr-11 0 0.142857143 0 0
6-May-11 0 0.285714286 0 0
13-May-11 0 0 0 0
20-May-11 0 0 0 0
27-May-11 0 0 0 0
3-Jun-11 0 0 0 0
10-Jun-11 0 0 0 0
17-Jun-11 0 0 0.018867925 0.018867925
24-Jun-11 0 0.005952381 0 0.005952381
1-Jul-11 0 0.011904762 0 0.005952381
8-Jul-11 0 0 0 0.011904762
15-Jul-11 0 0.017 0.006 0.007
Now I've worked through the examples in the documentation, but I can't seem to find a way to make this work the way I want it to, specifically around field extractions (I'm fine with the reporting side of things). To better illustrate the values I'm attempting to extract and report on, I've put together this little HTML table.
Virtual Server Concurrent Connections LAST THREE MONTHS [host] PSRV-0001 DATE / TIME VS-0001 VS-0002 VS-0003 VS-0004 [virtual_host] 29-Apr-11 0 0.142857143 0 0 6-May-11 0 0.285714286 0 0 13-May-11 0 0 0 0 20-May-11 0 0 0 0 27-May-11 0 0 0 0 3-Jun-11 0 0 0 0 10-Jun-11 0 0 0 0 17-Jun-11 0 0 0.018867925 0.018867925 24-Jun-11 0 0.005952381 0 0.005952381 1-Jul-11 0 0.011904762 0 0.005952381 8-Jul-11 0 0 0 0.011904762 15-Jul-11 0 0.017 0.006 0.007 [timestamp] [concurrent-connections]
In essence, I'm trying to extract what would be the logged equivalent of the following (which would be easy to report on):
# timestamp, virtual_server, concurrent_connections
29-Apr-11, VS-0001, 0
29-Apr-11, VS-0002, 0.142857143
29-Apr-11, VS-0003, 0
29-Apr-11, VS-0004, 0
6-May-11, VS-0001, 0
6-May-11, VS-0002, 0.285714286
6-May-11, VS-0003, 0
6-May-11, VS-0004, 0
...
The following caveats are in play:
The host value is variable (ie. changes naming conventions depending on the origin of data)
The virtual_host values are also variable
The number of virtual_hosts on a given host are variable
Can someone please point me in the right direction here, or tell me if this is even possible? There will be much kudos & upvoting for whoever helps!
... View more