Activity Feed
- Posted Re: categorization based on frequent text on Splunk Search. 06-19-2012 09:46 PM
- Posted Re: categorization based on frequent text on Splunk Search. 06-19-2012 12:04 AM
- Posted Re: categorization based on frequent text on Splunk Search. 06-18-2012 11:40 PM
- Posted Re: categorization based on frequent text on Splunk Search. 06-14-2012 11:17 PM
- Posted categorization based on frequent text on Splunk Search. 06-14-2012 04:16 AM
- Tagged categorization based on frequent text on Splunk Search. 06-14-2012 04:16 AM
- Tagged categorization based on frequent text on Splunk Search. 06-14-2012 04:16 AM
- Tagged categorization based on frequent text on Splunk Search. 06-14-2012 04:16 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
06-19-2012
09:46 PM
I was referring to the index file that would get generated when I run Splunk on the file containing the incident description.
Based on the example provided, I am assuming the index file would have the following content :
5 aaaa
2 backup
4 bbbbb
3 channel
4 cluster
2 disk
3 fibre
3 luns
3 multipath
where the numbers specify the number of times the string appears in the content.
Was wondering if I could read this index file to obtain the strings and count, provided my assumption about the index file contents are correct.
Thanks !
... View more
06-19-2012
12:04 AM
Thanks Ayn!
Yes, the first part is what i am looking for, as currently I do not know what are the possible incident categories and associated strings I should be searching for.
Would it be feasible to read the index file from wherein I could identify the various strings and associated number of occurrences?
... View more
06-18-2012
11:40 PM
Right about the format - it doesn't have a common template. Thanks Lamar !
... View more
06-14-2012
11:17 PM
Thanks for your time Lamar !
I have edited my original post to include samples of my requirement. Trust this brings in more clarity.
... View more
06-14-2012
04:16 AM
Hi. I have an excel dump of incident tickets generated from the ticketing tool.
Sample incidents' description from the report:
"Target: CI-xxxx Stateless event
alarm Event details: HA recovered
from a total cluster failure in
cluster"
"Server - CI-aaaa generates
Multipath Issue Fibre Channel
information: Multipathing ERROR, not
all luns have 4 paths"
"Servers generate CI-aaaa & CI-bbbbb - Multipath issue Fibre Channel information: Multipathing ERROR, not all luns have 4 paths"
"Servers generate CI-aaaa & CI-bbbbb - Multipath issue Fibre Channel information: Multipathing ERROR, not all luns have 4 paths"
"[VMware vCenter - Alarm Cluster high availability error] Insufficient resources to satisfy HA failover level on cluster"
"F drive is having less disk space nagios-ebs: CI-xxxx "
"Low disk space alert on CI-yyyyy"
"Failed backup report for 2nd April 2012 : CI-xxxx , CI-aaaa , CI-bbbbb"
"Failed backup report for 3rd April 2012 : CI-xxxx , CI-aaaa , CI-bbbbb"
There is no exclusive "category" field. My end objective is to perform a Trend Analysis to identify top recurring issues.
I could perform a grouping by going through the description fields one by one and identifying the incident type.
Desired output would be :
category ---- count of occurrence
HA ---- 2
Multipath ---- 3
disk space ---- 2
failed backup ---- 2
The manual grouping would not be feasible though for a list of 300+ incidents.
I was wondering if Splunk could identify the common significant text from the description fields and return a similar grouping, without the need to key in search strings ?
... View more
