Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About splunklearner99
splunklearner99
Engager
Member since:
12-04-2022
12-05-2022
Community Statistics
| Posts | 5 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 12-04-2022 |
Activity Feed
- Posted How to marry lookup table and index data? on Splunk Search. 12-05-2022 10:43 AM
- Posted Re: How to covert raw log to specific fields on Alerting. 12-05-2022 09:49 AM
- Posted Re: How to covert raw log to specific fields on Alerting. 12-05-2022 04:00 AM
- Posted How to covert raw log to specific fields? on Alerting. 12-04-2022 09:25 PM
- Posted How to create alert when input file received whereas output file not created? on Alerting. 12-04-2022 08:49 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
12-05-2022
10:43 AM
Hello Champs
I've index data table
change records errors
B221205A
109
0
B221205B
1480
0
B221205C
3336
0
B221205D
2581
8
I also have lookup table that contains
File_name Remote_file records
$APPLXYZ.C221205A
/APPLABC/B123/OUT/C221205A
109
$APPLXYZ.C221205D
/APPLABC/B123/OUT/C221205D
2581
$APPLXYZ.C221205C
/APPLABC/B123/OUT/C221205C
3336
/APPLABC/B123
/APPLABC/B123/OUT/C221205B
1480
I am looking for the result
File_name
Remote_file
records
change
errors
$APPLXYZ.C221205A
/APPLABC/B123/OUT/C221205A
109
B221205A
0
$APPLXYZ.C221205D
/APPLABC/B123/OUT/C221205D
2581
B221205B
0
$APPLXYZ.C221205C
/APPLABC/B123/OUT/C221205C
3336
B221205C
0
/APPLABC/B123
/APPLABC/B123/OUT/C221205B
1480
B221205D
8
... View more
Labels
- Labels:
-
lookup
12-05-2022
09:49 AM
thanks @ITWhisperer , Similarly would be able to help for thisText: CBM042 CEDBatch finished, Chg=B221205D, Recs=2581, Errs=8 Where I need Status = CEDBatch finished Records = 2581 Errors =9 Change = B221205D @ITWhisperer @ITWhisperer
... View more
12-05-2022
04:00 AM
Thanks @ITWhisperer , the query is giving below result File_name = $PRD10.C221130A Remote_file = /ABC/APP1/OUT/C221130A rerecords = 3 For records your query is taking the first byte of microsecond, expected 578 records raw log: File $PRD10.C221130A Remotefile /ABC/APP1/OUT/C221130A 63465 bytes, 578 records in 38875 microsec
... View more
12-04-2022
09:25 PM
Hello Champs..
One of the splunk log is having below field
Text: XCOM: File Receive ended REQ 086094, Remote LU 10.38.46.122, File $PRD10.C221130A Remotefile /ABC/APP1/OUT/C221130A 63465 bytes, 578 records in 38875 microsec
I want to extract File_name = $PRD10.C221130A and Remote_file = /ABC/APP1/OUT/C221130A and records = 578 from above Text filed. How this can be done? Please help
... View more
12-04-2022
08:49 PM
Hello Masters,
I've the index
index="xxx_generic_app_audit_prd" sourcetype="xxx:designeng:syslog" host="15.250.99.*" OR host="15.246.49.*" "*/testshare/APP1/OUT/*" AND "BANP3*" | search "Subsystem: XCOM" AND "Event Number: 01"
Log is coming as below:
Dec 5 14:30:43 Web ViewPoint Enterprise: Owner: XCOM Subsystem: XCOM Event Number: 01 Generation TIme: 2022-12-05 14:30:41 Text: XCOM: File Receive ended REQ 086694, Remote LU 10.38.46.122, File $PRD10.FILE01.C221205C Remotefile /testshare/APP1/OUT/C221205C 341797 bytes, 3336 records in 234564 microsec Event Type: Normal Process: \BANP3.$X2LD Content Standard: Subject: Custom Text: Source: WVPE Passvalue: 0 Node Name: \BANP3 host = 15.246.49.129 index = xxx_generic_app_audit_prd source = /syslogdata/dns/test.internal.xxx/logs/2022-12-05/hp/15.246.49.129/2022-12-05-14_user.log sourcetype = xxx:designeng:syslog
Where as once the input file is received, the application job should process this file and complete. The log for completed job as follows.
index="xxx_generic_app_audit_prd" sourcetype="xxx:designeng:syslog" host="15.250.44.*" OR host="15.246.44.*" "BANP3*" | search "Subsystem: 800" AND "Event Number: 42"
Dec 5 15:00:14 Web ViewPoint Enterprise: Owner: DELUXE Subsystem: 800 Event Number: 42 Generation TIme: 2022-12-05 15:00:13 Text: CBM042 Batch finished, Chg=B221205C, Recs=3336, Errs=0 Event Type: Normal Process: \BANP3.$X3F1 Content Standard: Subject: Custom Text: Source: WVPE Passvalue: 0 Node Name: \BANP3 host = 15.246.44.129index = xxx_generic_app_audit_prd source = /syslogdata/dns/test.internal.xxx/logs/2022-12-05/hp/15.246.49.129/2022-12-05-14_user.log sourcetype = xxx:designeng:syslog
My requirement is to marry both these logs and create a alert only when input file is received, where as no log for output file. Could you please assist
... View more
Labels
- Labels:
-
alert action
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-05-2022
04:10 PM
|
