In our application, we are processing files received by our application.
In various places, we have logs as follows:
Log when a file received:
Received Document [application, document id] : app_name, doc_uuid
Ex:
2017-07-02_20:46:08.073 INFO c.o.f.m.r.NotificationReceiver - Received Document [application, document id] : ApplicationOne, 5959a1dfe4b0fc54b544ae1e
Log when a file in error format:
Not able to process the request [application, document id, errorMessage] : app_name, doc_uuid, error_msg
Ex:
2017-06-29_20:03:54.868 [SimpleAsyncTaskExecutor-5] ERROR c.o.f.m.r.NotificationReceiver - Not able to process the request [application, document id, errorMessage] : ApplicationOne, 5959a1dfe4b0fc54b544ae1e, The field abcd - cannot be null
Log when document processing successful:
Document Processed successfully [application, document id] : app_name, doc_uuid
Ex:
2017-06-29_20:03:54.868 [SimpleAsyncTaskExecutor-5] ERROR c.o.f.m.r.NotificationReceiver - Document Processed successfully [application, document id] : ApplicationOne, 5959a1dfe4b0fc54b544ae1e
We need to prepare daily statistics for a week as follows:
Index & Source types are same for all the log entries.
Ex: index = "SplunkAppNameProd" sourcetype="appname-service-prod"
... View more