Hi Rich, My earlier query seems to be complex .I need to simplfy query as much as I can , so I need to trigger my search as an event. I can trigger this event at 7:00 AM So that it can show failure (Importantly ) of all cronjobs . Usually all Jobs start from 2:45 AM and goes till 5:55 AM after all jobs are completed events get triggered and I can see the stats.
sourcetype=hybris_console "full-wcpIndexCA-cronjob" earliest=-80m | rex field=_raw "\[(?<cronType>\w+\-\w+\-\w+)\::" | eval Period=if(_time>=relative_time(now(),"-24h"),1,2) | stats min(Period) as periodMin max(Period) as periodMax by cronType | eval stopped = if(periodMin=2,"true", "false") | eval restarted = if(stopped="false" AND periodMax=1,"true", "false") | where stopped="true" OR restarted="true" | table cronType stopped restarted
if you can help me in simplyfying my query with the above condition
Also I didn't get your previous comment solution.
Sample Failure event
3/2/19
4:25:07.538 AM
INFO | jvm 1 | main | 2019/03/02 04:25:07.538 | [m[33mWARN full-wcpIndexFR-cronjob::de.hybris.platform.servicelayer.internal.jalo.ServicelayerJob [SolrIndexerJob] Error during indexer call: frIndex
host = uat_hybris_system_0 source = /opt/sap/hybris/log/tomcat/console-20190302.log
Image url- [1]: https://storage.googleapis.com/splunk-alert/Screen%20Shot%202019-03-02%20at%209.48.27%20PM.png
I would request you to kindly help me here and will wait for your response.
... View more