Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About Pravinsugi
Pravinsugi
Path Finder
Member since:
11-12-2023
12-10-2023
Community Statistics
| Posts | 14 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 11-12-2023 |
Activity Feed
- Posted Mail kafka on Alerting. 12-10-2023 07:56 AM
- Posted Event alert on Alerting. 12-08-2023 01:59 AM
- Posted Re: And condition on Alerting. 12-03-2023 07:29 AM
- Posted Re: And condition on Alerting. 12-03-2023 07:22 AM
- Posted Re: And condition on Alerting. 12-03-2023 07:22 AM
- Posted And condition on Alerting. 12-03-2023 06:01 AM
- Posted Alert event on Alerting. 11-13-2023 08:29 AM
- Tagged Alert event on Alerting. 11-13-2023 08:29 AM
- Posted Re: Kafka stream alert on Alerting. 11-13-2023 06:00 AM
- Posted Re: Kafka stream alert on Alerting. 11-12-2023 07:17 PM
- Posted Re: Kafka stream alert on Alerting. 11-12-2023 06:21 PM
- Posted Re: Kafka stream alert on Alerting. 11-12-2023 10:08 AM
- Posted Re: Kafka stream alert on Alerting. 11-12-2023 09:38 AM
- Posted Re: Kafka stream alert on Alerting. 11-12-2023 09:13 AM
- Posted Kafka stream alert on Alerting. 11-12-2023 08:29 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
12-10-2023
07:56 AM
I have below requirement Log info: 09.00PM Xyz event received for customernumber:1234 Log info: 09.05 PM abc event received for customernumber:1234 Loginfo :09.10PM pqr event received for customernumber:1234 Like that n number of customer number is there in the splunk log I want to check ,whether all 3 event has been received for customernumber or not For that I tried using AND operation Like "xyz received for customernumber" AND "abc event received for customernumber" AND "PQR event received for customernumber|rex (I tried retrieve customernumber) Which is not working .pls help with exact query
... View more
Labels
- Labels:
-
email
12-08-2023
01:59 AM
i have three events like received message class.if you seee the pic,you will be seeing 3 event for each customer .each event have customerordernumber.i want to check for each and every customer I have all three event message in the splunk log.how to write splunk query for that.
... View more
Labels
- Labels:
-
email
12-03-2023
07:29 AM
I have below query .how to include into result query.pls advise Need to include this one into result query | stats values(event) as events by customer | where NOT (events = "s1" AND events = "s2" AND events = "s3") Result query: (index=1 sourcetype="abc" "s1 event received" and "s2 event received" and "s3 event received") OR (index=2 sourcetype="xyz" "created") | rex "(?<e_type>s.) event received for (?<customer>\d+)" | rex "(?<created>created) for (?<customer>\d+)" | stats max(eval(if(e_type="s3",_time, null()))) as last_e_type max(eval(if(created="created", _time, null()))) as created_time dc(e_type) as e_types values(created) as created by customer | addinfo | where e_types=3 AND (created_time-last_e_type > 300 OR (isnull(created_time) AND info_max_time - last_e_type > 300)
... View more
12-03-2023
06:01 AM
I have below message in the splunk log Ex : s1 event has been received for customer 15778 S2 event has been received for customer 15778 S3 event has been received for customer 15778 I want to check all S1,S2,S3 event has been received message present in the particular customer.i used AND condition but not able to achieve.plesse help me on this. As per my scenario,if i have 1 lakhs customer, i want to check for all 3 events has been received mesage is present in the splunk log for one particular customer.if not present all 3 mesage i need to set up alert.
... View more
Labels
- Labels:
-
email
11-13-2023
08:29 AM
Please help me on below things: Requirements: Once 3 events meets, immediately next event should published.if event is not published after 5 min ,need alert. Example : We have one customerno.for the customer number ,I have to search whether 3 events meets logs available in the splunk log or not Ex: index= 1 source type ="abc" "s1 event received" and "s2 event received" and "s3 event received" When I search above query ,I will be getting like S1 received for 12345 customer S2 received for 12345 customer S3 received for 12345 customer If for one customer,all 3 event are met,next i want to search "created" message available in the splunk for same customer (12345) Here "created" message index and source type is different If "created" message not available for 12345 customer no after 5 min once all 3 events meets,I need alert.pls help on this query.
... View more
- Tags:
- alert
Labels
- Labels:
-
alert action
11-13-2023
06:00 AM
Could you please replicate and share the search the query in splunk
... View more
11-12-2023
07:17 PM
Please help me on below things: Requirements: Once 3 events meets, immediately next event should published.if event is not published after 5 min ,need alert. Example : We have one customerno.for the customer number ,I have to search whether 3 events meets logs available in the splunk log or not Ex: index= 1 source type ="abc" "s1 event received" and "s2 event received" and "s3 event received" When I search above query ,I will be getting like( format as below ) S1 received for 12345 customer,name=abz S2 received for 12345 customer,name = abz S3 received for 12345 customer,name =abz If for one customer,all 3 event are met,next i want to search "created" message available in the splunk for same customer (12345) Here "created" message index and source type is different If "created" message not available for 12345 customer no after 5 min once all 3 events meets,I need alert with customer no.pls help on this query..if "created" message available after 5 min also need capture customer number. Fyi : if we received "created" message in the log ,sample log will be (json format ) Log : created :{"customer no" : "12345",name :"kanunam"} like that. Please please help me on search query.
... View more
11-12-2023
06:21 PM
Please help me on below things: Requirements: Once 3 events meets, immediately next event should published.if event is not published after 5 min ,need alert. Example : We have one customerno.for the customer number ,I have to search whether 3 events meets logs available in the splunk log or not Ex: index= 1 source type ="abc" "s1 event received" and "s2 event received" and "s3 event received" When I search above query ,I will be getting like S1 received for 12345 customer S2 received for 12345 customer S3 received for 12345 customer If for one customer,all 3 event are met,next i want to search "created" message available in the splunk for same customer (12345) Here "created" message index and source type is different If "created" message not available for 12345 customer no after 5 min once all 3 events meets,I need alert.pls help on this query.
... View more
11-12-2023
09:38 AM
For example 1) One index and one source type and search string is "hello" "how" "where".here each search string will give common log as "id" and "name" 2) once done with all 3 search string (hello,how,where).within in next 5 min ,one log should present in splunk. 3)that log contain "completed" as string which also have "id" and "name". 4) incase after 5 min,"completed" string is not available in the splunk log,I want to retrieve"id" and "name" from my "hello",how,where string search result .pls help me with search query.
... View more
11-12-2023
08:29 AM
I have 2 string which need to be searched in splunk both string having different index and different source type.one string is "published sourcing plan " and another string is "published transfer order" .I need to get "published transfer order" log from the splunk.if it's not available after 5 min of getting "published sourcing plan "log in the splunk.i need to count it or need to retrieve some details like salesorderid from "published sourcing order" log .how to prepare sea rch query in splunk.incase none of the log available in the splunk for "transfer order published",I need to capture the things
... View more
Labels
- Labels:
-
email
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-10-2023
11:17 AM
|
