i am pretty new to Splunk and i want to verify an idea which i have.
My aim is to ensure the data transmission of a business object (can be a list or something similar) across four systems.
The source system is an SAP system called PA9, which sends the business objects (a list) to the EAI, PRODAP and at the end to the PFPS.
So this is the following chain (PA9 -> EAI -> PRODAP -> PFPS).
Each application has logs. I think, to ensure the data transmission, for me it is important to see the following logs (in this use case "MTL" is the name of the business object)
Log PA9 send MTL to EAI (generated by PA9)
Log EAI receive MTL from PA9 (generated by EAI)
Log EAI send MTL to PRODAP (generated by EAI)
Log PRODAP receive MTL from EAI (generated by PRODAP)
Log PRODAP send MTL to PFPS (generated by PRODAP)
Log PFPS receive MTL from PRODAP (generated by PFPS)
So the upper Log corresponds to ONE sent list/ business object.
If you have an idea which log information could be more useful, please let me know. I am pretty open concerning the logs, so i can change the log specification quickly with some developers.
Step 2:So in the next step i would like to build a dashboard and a alert.
So i need an alert for when any of the logs are not provided.
I have something like that in my mind:
"Count foreach business object amount of logs (in upper example its 6); if amount = 6, then TRUE (everything is okay), else FALSE (data transmission was not successful); send alarm"
For the dashboard i have the following idea...
I want to see a tile, which is green when the search "Count foreach business object amount of logs (in upper example its 6); if amount = 6" is true, else the tile should turn red.
In the next step i want to see the process. So something like: PA9 --> EAI --> PRODAP --> PFPS. That way, if the data transmission has not been successful, i can see directly in which tile/ system it went wrong. In which case, i can directly figure out the problem by a drill down and see if the problem is located in the infrastructure because, for example, the CPU of the database was at 100%.
Does this need can be covered by Splunk? With which example search headline can i do this: "Count foreach business object amount of logs (in upper example its 6); if amount = 6, TRUE, else FALSE"?
Do i need an ID which is the same across the four systems, which is the same in all the 6 logs?
Yes thats it. I hope you can understand my need.
I am looking forward to an answer to this concept and may a search line.
Greetings from a manufacturing in Stuttgart, Germany,
... View more