Hi, I am trying to join to log files under same index & sourcetype having a common field between them. log event where type=dte2_fios has below fields TRANID, ANALYSIS, WPID (this is common field), COMMAND log event where type=dte4_fios has below fields REQID, FT, WPID (this is common field), DIP, DTE,FTC,ERR_MSG I need a table output with below fields and its corresponding value in each row TRANID WPID, REQID,ANALYSIS ,COMMAND,FT,DIP,DTE,FTC,ERR_MSG I used below query, but it is giving me multiple values for REQID & FT in single row as one WPID will have multiple REQID & FTs. I need separate row with all the above fields index=delb_np sourcetype="app_kafka_np_east" AND (function_name="dte2_fios" OR function_name="dte4_fios") | table _time @timestamp function_name log_message.WPID log_message.CID log_message.TN log_message.TRANID log_message.REQID log_message.ANALYSIS log_message.COMMAND log_message.DIP log_message.FT | stats values(log_message.TRANID) as TRANID, values(log_message.REQID) as REQID, values(log_message.ANALYSIS) as ANALYSIS, values(log_message.COMMAND) as COMMAND, values(log_message.DIP) as DIP, values(log_message.FT) as FT by log_message.WPID, log_message.CID
... View more
Hi, My scenario is that I have a set of commands and I have total hits & total failures for a command in last 30 mins. Let's say Command A has got 100 hits and out of it 30 got failed in last 30 mins now I want to check the same total hits & total failures of the same command previous 30 mins and if I see same then I want to check for more previous 30 mins and if I see same kind of failure % then I want to trigger an alert.
How can I do this in splunk?
... View more