I wonder if anyone could help me with a report I'm trying to make.
Below is my sample logs format.
ipfield sessionfield - - timefield urlfield methodfield
datefied midfield sessionfield2 sessionfield3 userfield functionfield ipfield2 rolefield.
what I want to do is search log2 if the sessionfield in log1 exists, then print out a table that has
userfield from log2, ipfield from log1orlog2, all sessionfield from log1 and log2, userfield from log2, urlfield and mehtodfield and the counts of methodfield.
I have something like this
(index=1 log2) OR (index=1 log1)| eval sessionfield=coalesce(sessionfield,sessionfield2,sessionfield3) | stats values(sessionfield) values(ipfield2) by sessiontuser
I got the sessionfield(s) to print but it did not print the sessionfield in log1.
I could not figure out how to print the other fields that I needed
I don't have much experience in Splunk search so any guidance or help would be excellent.
... View more
I'm trying to only get a certain server processes to ingest to splunk index using Splunk Add-on for Unix and Linux script by editing the ps.sh script by adding grep command in there. like below.
However i'm getting error like
ERROR: Unsupported option (BSD syntax)
ERROR: Garbage option.
CMD='ps auxww|grep nc'
Could someone please direct me to document how to add grep in or some guidance how to get this ps.sh script to works?
... View more