I am getting some HTML files(not available over the server) which I need to process in splunk. Not able to figure out how can I achieve this is in splunk.
Problem Statement
I got a file which has plenty of events inside it but I am intrested only in those Events which has "Error" keyword.
I am trying to find out a way which can give me event Ids (which is available inside the DIV), Error Detail(Available inside the DIV),
timestamp of the event (Available in the parent DIV).
Appreciate any help.
Thanks
input is something like that:
<DIV id="A">[Jan 22 20h39:02.924] - <a href="javascript://" onClick="toggle(this)">Disconnected from server 'SERVER102'</a>
<DIV id="B"><UL>
Disconnected from server SERVER102. Reason: Initiated by the Server application<P>
[Error event 8000]
</P>
</UL><HR></DIV>
</DIV>
Required Fields as output:
***EventType EventID Description* Timestamp**
Error 8000 Disconnected from server SERVER102. Reason: Initiated by the Server application Jan 22 20h39:02.924
Detailed sample html file:
<html>
<head>
<style type="text/css">
A { font-family:Verdana, Arial; font-size:9.0pt; }
A:visited { color:#0000FF }
U { cursor:hand }
P { font-family:Verdana, Arial; font-size:9.0pt; }
</style>
<script>
function handleClick()
{
el=event.srcElement;
if (el.id!="clickable")
return;
if (!changeSetting(el,"content1",true) && !changeSetting(el,"content3",true))
changeSetting(el,"content2",true);
event.cancelBubble=true
}
/*----------------------------------------------------------------------------*/
</script>
<body>
<DIV id="content1">[Jan 22 20h39:02.756] - <a href="javascript://" onClick="toggle(this)">Disconnected from server 'Server1'</a>
<DIV id="id="content2""><UL>
Disconnected from server 'Server1'. Reason: Initiated by the server application<P>
[Error event 5001]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:02.924] - <a href="javascript://" onClick="toggle(this)">Disconnected from server 'hulk'</a>
<DIV id="id="content2""><UL>
Disconnected from server 'hulk'. Reason: Initiated by the server application<P>
[Error event 5001]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:12.772] - <a href="javascript://" onClick="toggle(this)">Connected to server 'tarzon'</a>
<DIV id="id="content2""><UL>
Connected to server 'tarzon'.<P>
[Informational event 5000]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:13.123] - <a href="javascript://" onClick="toggle(this)">Connected to server 'iron'</a>
<DIV id="id="content2""><UL>
Connected to server 'iron'.<P>
[Informational event 5000]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:13.126] - <a href="javascript://" onClick="toggle(this)">Connected to server 'titanium'</a>
<DIV id="id="content2""><UL>
Connected to server 'titanium'.<P>
[Informational event 5000]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:13.133] - <a href="javascript://" onClick="toggle(this)">Connected to server 'iron'</a>
<DIV id="id="content2""><UL>
Connected to server 'iron'.<P>
[Informational event 5000]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:13.192] - <a href="javascript://" onClick="toggle(this)">Connected to server 'titanium'</a>
<DIV id="id="content2""><UL>
Connected to server 'titanium'.<P>
[Informational event 5000]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:13.362] - <a href="javascript://" onClick="toggle(this)">Connected to server 'titaniumPI898'</a>
<DIV id="id="content2""><UL>
Connected to server 'titaniumPI898'.<P>
[Informational event 5000]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:13.412] - <a href="javascript://" onClick="toggle(this)">Connected to server 'titaniumPI498'</a>
<DIV id="id="content2""><UL>
Connected to server 'titaniumPI498'.<P>
[Informational event 5000]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:13.618] - <a href="javascript://" onClick="toggle(this)">Connected to server 'titaniumPI998'</a>
<DIV id="id="content2""><UL>
Connected to server 'titaniumPI998'.<P>
[Informational event 5000]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:13.745] - <a href="javascript://" onClick="toggle(this)">Connected to server 'titaniumPI098'</a>
<DIV id="id="content2""><UL>
Connected to server 'titaniumPI098'.<P>
[Informational event 5000]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:13.784] - <a href="javascript://" onClick="toggle(this)">Connected to server 'Server1'</a>
<DIV id="id="content2""><UL>
Connected to server 'Server1'.<P>
[Informational event 5000]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 22 20h39:13.939] - <a href="javascript://" onClick="toggle(this)">Connected to server 'hulk'</a>
<DIV id="id="content2""><UL>
Connected to server 'hulk'.<P>
[Informational event 5000]
</P>
</UL><HR></DIV>
</DIV>
<!--EOM-->
<DIV id="content1">[Jan 23 06h00:00.472] - <a href="javascript://" onClick="toggle(this)">he usage</a>
<DIV id="id="content2""><UL>
Hard disk usage warning.<P>
[Warning event 621]
</P>
</UL><HR></DIV>
</DIV>
</body>
</html>
... View more