×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
arulbalans
Engager
Member since: ‎06-28-2016
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎06-28-2016
Activity Feed
View All

Re: Get the latest event status of the Jobs (re-su...

by in Splunk Search
‎07-13-2016 07:51 PM
‎07-13-2016 07:51 PM
Thank you Sundaresh! ... View more

Re: Join with subsearch doesn't gives me expected ...

by in Splunk Search
‎07-12-2016 02:01 PM
‎07-12-2016 02:01 PM
Yup, the same question I posted here: https://answers.splunk.com/answers/427007/get-the-latest-event-status-of-the-jobsre-submitte.html, thanks. ... View more

Get the latest event status of the Jobs (re-submit...

by in Splunk Search
‎07-12-2016 02:00 PM
‎07-12-2016 02:00 PM
Splunk Query: 2016-06-12 00:48:29,834 INFO [MainThread][PID:3143] item: AR001SJFBS valid_audio_path: /PROXY_AUDIO/2011/05/31/AR001SJFBS_3.mp2||/PROXY_AUDIO/2011/05/31/AR001SJFBS_4.mp2 2016-06-12 00:48:29,834 INFO [MainThread][PID:3143] Item Submitted :: AR001SJFBS 2016-06-12 00:48:40,730 INFO [MainThread][PID:3143] Item Processed :: AR001SJFBS, Transcode Status :: error 2016-06-27 08:30:20,169 INFO [MainThread][PID:29112] item: AR001SJFBS valid_audio_path: /PROXY_AUDIO/2011/05/31/AR001SJFBS_3.mp2||/PROXY_AUDIO/2011/05/31/AR001SJFBS_4.mp2 2016-06-27 08:30:20,169 INFO [MainThread][PID:29112] Item Submitted :: AR001SJFBS 2016-06-27 08:51:56,680 INFO [MainThread][PID:29112] update metadat:: file system check True, new access path L:\PROXY\2011\05\31\AR001SJFBS.mp4 2016-06-27 08:52:13,879 INFO [MainThread][PID:29112] Existing proxy backup at P:\MPEG_Backup\PROXY\2011\05\31\AR001SJFBS.mpeg :: 2016-06-27 08:52:13,879 INFO [MainThread][PID:29112] Item Processed :: AR001SJFBS, Transcode Status :: completed From the above log I'm re-submitting jobs that are failed with error/aborted/failed status. So possibilities of repeated proxies are present in the list. I have to treat the transcode status of "AR001SJFBS" as "completed" instead "error" since completed is the latest status. Thanks, Arul ... View more

Re: Join with subsearch doesn't gives me expected ...

by in Splunk Search
‎07-08-2016 06:05 AM
‎07-08-2016 06:05 AM
Mr. Woodcock, One more help from you. Audit Logs: 2016-06-12 00:48:29,834 INFO [MainThread][PID:3143] item: AR001SJFBS valid_audio_path: /PROXY_AUDIO/2011/05/31/AR001SJFBS_3.mp2||/stornext/MAM_LOWRES_5/PROXY_AUDIO/2011/05/31/AR001SJFBS_4.mp2 2016-06-12 00:48:29,834 INFO [MainThread][PID:3143] Item Submitted :: AR001SJFBS 2016-06-12 00:48:40,730 INFO [MainThread][PID:3143] Item Processed :: AR001SJFBS, Transcode Status :: error 2016-06-27 08:30:20,169 INFO [MainThread][PID:29112] item: AR001SJFBS valid_audio_path: /PROXY_AUDIO/2011/05/31/AR001SJFBS_3.mp2||/stornext/MAM_LOWRES_5/PROXY_AUDIO/2011/05/31/AR001SJFBS_4.mp2 2016-06-27 08:30:20,169 INFO [MainThread][PID:29112] Item Submitted :: AR001SJFBS 2016-06-27 08:51:56,680 INFO [MainThread][PID:29112] update metadat:: file system check True, new access path L:\PROXY\2011\05\31\AR001SJFBS.mp4 2016-06-27 08:52:13,879 INFO [MainThread][PID:29112] Existing proxy backup at P:\MPEG_Backup\PROXY\2011\05\31\AR001SJFBS.mpeg :: 2016-06-27 08:52:13,879 INFO [MainThread][PID:29112] Item Processed :: AR001SJFBS, Transcode Status :: completed Question, from the above log I'm re-submitting jobs those are failed with error/aborted/failed status. So possibilities of repeated proxies present in the list. I've to treat the transcode status of "AR001SJFBS" as "completed" instead "error" since completed is the latest status. Thanks, Arul ... View more

Re: Join with subsearch doesn't gives me expected ...

by in Splunk Search
‎07-05-2016 03:04 PM
‎07-05-2016 03:04 PM
Mr. Woodcock, It works to me. I appreciate your help on this part, Thank you so much. Thanks, Arul ... View more

Join with subsearch doesn't gives me expected resu...

by in Splunk Search
‎06-28-2016 03:13 PM
‎06-28-2016 03:13 PM
Query1-Results: ProxiesProcessed,Status Query2-Results: ProxiesProcessed,Audio_Tracks,year_mm_dd Join Query: index=index1 host=node1 source="results.log" "item: " AND "valid_audio_path: " |eval ProxiesProcessed=trim(substr(_raw,101,11)) | dedup ProxiesProcessed |rename ProxiesProcessed as P_ProxiesProcessed |eval Audio_Tracks = trim(substr(_raw,130,len(_raw)-129)) |eval year_mm_dd = trim(substr(Audio_Tracks,36,07)) |fields P_ProxiesProcessed,Audio_Tracks,year_mm_dd |join type=left max=0 P_ProxiesProcessed [search index=index1 host=node1 source="results.log" "Item Processed :: " |eval ProxiesProcessed=trim(substr(_raw,112,10)) |eval Status=trim(substr(_raw,144,len(_raw)-143)) |dedup ProxiesProcessed |where Status="already_transcoded" |fields ProxiesProcessed,Status |rename ProxiesProcessed as P_ProxiesProcessed |rename Status as S_Status ] |table P_ProxiesProcessed,Audio_Tracks,year_mm_dd,S_Status I'm trying to join with the ProxiesProcessed field to get matching results with Query1 & Query2 If I execute the Query1 (used in subsearch) separately, gives me 300 events matched. If I execute the Query2 (used in outer search) separately, gives me 20k events matched. Any help is really appreciated. Thanks, Arul ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All