×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
SajarKumarPat
New Member
Member since: ‎08-26-2022
‎08-26-2022
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-26-2022
Activity Feed
View All

How can I display a chain of all ten messages?

by in Splunk Search
‎08-26-2022 07:15 AM
‎08-26-2022 07:15 AM
I have a message thread, these messages are coming on splunk. The chain consists of ten different messages: five messages from one system, five messages from another (backup) system. Messages from the primary system use the same SrcMsgId value, and messages from the backup system are combined with a common SrcMsgId. Messages from the standby system also have a Mainsys_srcMsgId value - this value is identical to the main system's SrcMsgId value. The message chain from the backup system enters the splunk immediately after the messages from the main system. Tell me how can I display a chain of all ten messages? Perhaps first messages from the first system (main), then from the second (backup) with the display of the time of arrival at the server. With time, I understand, I will include _time in the request. I got a little familiar with the syntax of queries, but still I still have a lot of difficulties with creating queries. Please help me with an example of the correct request. Thank you in advance! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-26-2022 10:48 AM