Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Group multiple events and also index logs with 03 ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Group multiple events and also index logs with 03 hours less than the time zone.
leandromatperei
Path Finder
04-02-2020
04:51 PM
Hello everyone.
I need to index the logs below and the example that is on my Dropbox link in a new sourcetype.
The event line break occurs through the timestamp at the beginning of each interaction: "2020-04-02 22:09:52,416", this is the time format of my log.
Another point is that it is added with a time zone of 03 hours more, so for example:
- The log of the time "2020-04-02 22:09:52,416" should be indexed in Splunk with the time "2020-04-02 19:09:52,416", if it is not clear I will explain it again.
Can you help me how to set up this sourcetype in props.conf?
Link Dropbox:
2020-04-02 21:57:38,063 INFO ecp-1-1784929 25000 ExtractWindow: CFG, [2020-02-28 05:53:42,2020-04-02 21:57:14(1582869222,1585864634)]
*** SESSIONS(2):
2020-04-02 21:32:52,779 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan - exit(elapsed 47 ms) returning 43
2020-04-02 21:32:53,278 WARN ecp-1-872908 20000 User data mapping and data base schema validation warnings:
Default value in data base schema for user dimension column USER_DATA_CUST_DIM_2.SEGMENTO is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_13.CORRENTISTAS is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_13.MULTIPLO is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_13.TPESSOA is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_13.AVI is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_13.ELEG is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_14.ASSUNTO is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_14.PRODUTODN is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_14.CONPO is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_15.FIDELIZA is empty, will use hardcoded default: none
2020-04-02 21:32:53,278 INFO ecp-1-872908 30000 JobTransform: SERVICE_OBJECTIVE default is = -1
2020-04-02 21:32:53,278 INFO ecp-1-872908 30000 JobTransform: creating Lookup ...
2020-04-02 21:32:53,278 DEBUG ecp-1-872908 35000 COMMIT: 2004326974; called by com.genesyslab.gim.etl.jobs.transform.JobTransform.init(JobTransform.java:269)
2020-04-02 21:32:53,278 INFO ecp-1-872908 30000 JobTransform: initialized
2020-04-02 21:32:53,309 INFO ecp-1-872908 30042 Job step INIT completed successfully.
2020-04-02 21:32:53,309 INFO ecp-1-885538 30041 Job step AGENTtoRESOURCE started.
2020-04-02 21:32:51,999 DEBUG ecp-1-872908 35000 ConcurrentUtils.shutdown: all tasks completed, executor terminated
2020-04-02 21:32:51,999 INFO ecp-1-872908 20104 Job 'Job_ExtractICON' completed successfully.
2020-04-02 21:32:51,999 INFO ecp-1-872908 25000 Execution Info
+[Job_ExtractICON].....................................................21653 ms. Invocations 1
|-- [INIT]................................................................15 ms. Invocations 1
|--+[RUN]..............................................................20905 ms. Invocations 1
|-- [TRUNCATE_TMP]....................................................203 ms. Invocations 1
|--+[EXTRACT].......................................................20670 ms. Invocations 1
|--+[ExtractAndMerge]............................................13417 ms. Invocations 1
|--+[ExtractTriplets]..........................................2886 ms. Invocations 1
|-- [G_IR]..................................................3181 ms. Invocations 7
|-- [G_CALL]................................................8859 ms. Invocations 7
|-- [G_IS_LINK].............................................3135 ms. Invocations 7
|--+[MergeMove]...............................................10359 ms. Invocations 1
|-- [insertIRs4ConCalls2TmpMerge](0).........................499 ms. Invocations 1
|--+[insertClassifiedIsLinks](5993)..........................561 ms. Invocations 1
|-- [classify links - join](5993).........................234 ms. Invocations 1
|-- [classify links - insert](5993).......................171 ms. Invocations 1
|-- [insertIsLinks2TmpMerge](1058)............................93 ms. Invocations 1
|-- [update_G_CALL_ROOTIRID](1533)...........................561 ms. Invocations 2
|-- [update_G_IR_ROOTIRID](1096).............................156 ms. Invocations 2
|-- [insertIRs2TmpMerge](38).................................218 ms. Invocations 1
|-- [updateTO_CYCLE](0)......................................234 ms. Invocations 4
|-- [updateRootIrInTmpMerge](41).............................156 ms. Invocations 4
|-- [updateRootirInTmpMerge2](3937)..........................141 ms. Invocations 1
|-- [insertPendingRootIrs2TmpMerge](1881).....................47 ms. Invocations 1
|-- [insertNotPendingRootIrs2TmpMerge](3648).................187 ms. Invocations 1
|-- [insertNotPendingLinks](2116)............................593 ms. Invocations 1
|-- [deleteNotPendingLinks](2116)............................124 ms. Invocations 1
|-- [G_IR_copyMerged](4696)..................................531 ms. Invocations 1
|-- [G_IR_deleteMerged](4696)................................125 ms. Invocations 1
|-- [G_CALL_copyMerged](6846)...............................1263 ms. Invocations 1
|-- [G_CALL_deleteMerged](6846).............................2543 ms. Invocations 1
|-- [G_IR_copyStuckRecords](0)...............................187 ms. Invocations 1
|-- [G_CALL_copyStuckRecords](0).............................422 ms. Invocations 1
|--+[Extract].....................................................6833 ms. Invocations 1
|-- [G_IR]......................................................578 ms. Invocations 1
|-- [G_VIRTUAL_QUEUE]..........................................2059 ms. Invocations 8
|-- [GC_LOGIN].................................................1014 ms. Invocations 1
|-- [GC_BUS_ATTRIBUTE].........................................1357 ms. Invocations 1
|-- [G_USERDATA_HISTORY]......................................15678 ms. Invocations 8
|-- [GC_IVRPORT]................................................983 ms. Invocations 1
|-- [GC_TREATMENT]..............................................858 ms. Invocations 1
|-- [GC_SKILL]..................................................982 ms. Invocations 1
|-- [GCX_GROUP_PLACE]...........................................749 ms. Invocations 1
|-- [G_SECURE_USERDATA_HISTORY].................................811 ms. Invocations 8
|-- [GC_PLACE]..................................................999 ms. Invocations 1
|-- [GC_ANNEX]..................................................265 ms. Invocations 1
|-- [GCX_GROUP_ROUTEDN]........................................1482 ms. Invocations 1
|-- [G_DND_HISTORY].............................................750 ms. Invocations 6
|-- [G_ROUTE_RESULT]...........................................2416 ms. Invocations 8
|-- [G_AGENT_STATE_RC].........................................1186 ms. Invocations 6
|-- [GC_SWITCH].................................................952 ms. Invocations 1
|-- [GC_ATTR_VALUE].............................................921 ms. Invocations 1
|-- [GM_L_USERDATA].............................................625 ms. Invocations 1
|-- [GCX_FORMAT_FIELD].........................................1498 ms. Invocations 1
|-- [G_CUSTOM_DATA_S]...........................................920 ms. Invocations 8
|-- [GM_F_USERDATA]..............................................94 ms. Invocations 1
|-- [G_PARTY].................................................10294 ms. Invocations 8
|-- [G_CALL_STAT]..............................................1387 ms. Invocations 7
|-- [GCX_ENDPOINT_PLACE].......................................1310 ms. Invocations 1
|-- [GCX_GROUP_AGENT]..........................................1326 ms. Invocations 1
|-- [GCX_CAMPGROUP_INFO].......................................1045 ms. Invocations 1
|-- [GCX_SKILL_LEVEL]..........................................1435 ms. Invocations 1
|-- [GCX_LOGIN_INFO]............................................999 ms. Invocations 1
|-- [G_ROUTE_RES_VQ_HIST]......................................1295 ms. Invocations 8
|-- [GC_AGENT]..................................................858 ms. Invocations 1
|-- [GCX_AGENT_PLACE]...........................................983 ms. Invocations 1
|-- [GC_CAMPAIGN]...............................................749 ms. Invocations 1
|-- [GC_CALLING_LIST]..........................................1061 ms. Invocations 1
|-- [G_LOGIN_SESSION]..........................................3900 ms. Invocations 6
|-- [GC_TENANT].................................................748 ms. Invocations 1
|-- [G_IR_HISTORY].............................................2668 ms. Invocations 8
|-- [GCX_CAMPLIST_INFO]........................................1372 ms. Invocations 1
|-- [GC_FILTER]................................................1217 ms. Invocations 1
|-- [G_CALL]....................................................639 ms. Invocations 1
|-- [GC_TIME_ZONE]..............................................655 ms. Invocations 1
|-- [GC_OBJ_TABLE]..............................................624 ms. Invocations 1
|-- [GC_VOICE_PROMPT]...........................................593 ms. Invocations 1
|-- [GC_GROUP].................................................1030 ms. Invocations 1
|-- [GC_SCRIPT]................................................1186 ms. Invocations 1
|-- [GC_ACTION_CODE]...........................................1311 ms. Invocations 1
|-- [GC_ENDPOINT]...............................................811 ms. Invocations 1
|-- [G_AGENT_STATE_HISTORY]...................................15163 ms. Invocations 6
|-- [GCX_SUBCODE]..............................................1373 ms. Invocations 1
|-- [GC_TABLE_ACCESS]..........................................1061 ms. Invocations 1
|-- [GCX_GROUP_ENDPOINT].......................................1467 ms. Invocations 1
|-- [GC_IVR]....................................................655 ms. Invocations 1
|-- [G_PARTY_HISTORY].........................................23727 ms. Invocations 8
|-- [GC_FORMAT].................................................780 ms. Invocations 1
|-- [GC_FOLDER]................................................1076 ms. Invocations 1
|-- [GC_FIELD]..................................................312 ms. Invocations 1
|-- [GC_APPLICATION]...........................................1061 ms. Invocations 1
|-- [GX_SESSION_ENDPOINT]......................................5601 ms. Invocations 6
|-- [GCX_LIST_TREATMENT].......................................1389 ms. Invocations 1
|-- [G_IS_LINK_HISTORY]........................................1092 ms. Invocations 7
|--+[MergeMove]...................................................3089 ms. Invocations 1
|-- [insertIRs4ConCalls2TmpMerge](0)............................421 ms. Invocations 1
|--+[insertClassifiedIsLinks](3877).............................187 ms. Invocations 1
|-- [classify links - join](3877).............................78 ms. Invocations 1
|-- [classify links - insert](3877)...........................93 ms. Invocations 1
|-- [insertIsLinks2TmpMerge](0)..................................62 ms. Invocations 1
|-- [insertIRs2TmpMerge](0).....................................234 ms. Invocations 1
|-- [updateRootirInTmpMerge2](1821).............................172 ms. Invocations 1
|-- [insertPendingRootIrs2TmpMerge](1757).......................141 ms. Invocations 1
|-- [insertNotPendingRootIrs2TmpMerge](23).......................63 ms. Invocations 1
|-- [insertNotPendingLinks](24).................................265 ms. Invocations 1
|-- [deleteNotPendingLinks](24)..................................31 ms. Invocations 1
|-- [G_IR_copyMerged](23)........................................78 ms. Invocations 1
|-- [G_IR_deleteMerged](23)......................................47 ms. Invocations 1
|-- [G_CALL_copyMerged](24).....................................297 ms. Invocations 1
|-- [G_CALL_deleteMerged](24)....................................46 ms. Invocations 1
|-- [G_IR_copyStuckRecords](0)..................................188 ms. Invocations 1
|-- [G_CALL_copyStuckRecords](0)................................312 ms. Invocations 1
|-- [DESTROY]............................................................733 ms. Invocations 1
2020-04-02 21:32:51,999 DEBUG main 35000 SQLUtils.queryAndScan (SELECT CTL_SCHEMA_INFO.SCHEMA_VERSION FROM (select 1 as dummy from DUAL) DUAL LEFT OUTER JOIN ginfo.CTL_SCHEMA_INFO ON CTL_SCHEMA_INFO.SCHEMA_NAME = 'Genesys Info Mart',302366050) - enter
2020-04-02 21:32:51,999 DEBUG main 35000 SQLUtils.queryAndScan - exit(elapsed 0 ms) returning 1
2020-04-02 21:32:51,999 INFO main 25000 Reading CTL_SCHEMA_INFO.Genesys Info Mart=8.1.402.01
2020-04-02 21:32:51,999 DEBUG main 35000 SQLUtils.queryAndScan (SELECT CTL_SCHEMA_INFO.SCHEMA_VERSION FROM (select 1 as dummy from DUAL) DUAL LEFT OUTER JOIN ginfo.CTL_SCHEMA_INFO ON CTL_SCHEMA_INFO.SCHEMA_NAME = 'UPDATE_IDB_FOR_GIM',302366050) - enter
2020-04-02 21:32:51,999 DEBUG main 35000 SQLUtils.queryAndScan - exit(elapsed 0 ms) returning 1
2020-04-02 21:32:51,999 INFO main 25000 Reading CTL_SCHEMA_INFO.UPDATE_IDB_FOR_GIM=8.1.400.01
2020-04-02 21:32:51,999 INFO main 31201 GIM Server - current state is TRANSFORM.
2020-04-02 21:32:51,999 INFO ecp-1-872908 20103 Job 'Job_TransformGIM' started. Version='8.1.402.08' built '2015-03-11 18:50:32 UTC'.
2020-04-02 21:32:51,999 INFO ecp-1-872908 30041 Job step INIT started.
2020-04-02 21:32:51,999 INFO ecp-1-872908 30000 JobTransform: initializing...
2020-04-02 21:32:52,093 DEBUG ecp-1-872908 35000 Executing {call DBMS_LOCK.ALLOCATE_UNIQUE(?,?,864000)}
2020-04-02 21:32:52,108 DEBUG ecp-1-872908 35000 Executing {?=call DBMS_LOCK.REQUEST(?,?,10,false)}
2020-04-02 21:32:52,108 DEBUG ecp-1-872908 35000 OPEN: 2004326974; count 1
2020-04-02 21:32:52,108 INFO ecp-1-872908 30000 JobTransform: reading extract HWM info...
2020-04-02 21:32:52,108 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan (SELECT CTL_EXTRACT_HWM.TABLE_NAME,CTL_EXTRACT_HWM.DATA_SOURCE_KEY,CTL_EXTRACT_HWM.DATA_SOURCE_TYPE,CTL_EXTRACT_HWM.EXTRACT_START_TIME,CTL_EXTRACT_HWM.EXTRACT_END_TIME,CTL_EXTRACT_HWM.ROW_COUNT,CTL_EXTRACT_HWM.MAX_TS,CTL_EXTRACT_HWM.JOB_ID,CTL_EXTRACT_HWM.JOB_NAME,CTL_EXTRACT_HWM.JOB_VERSION,CTL_EXTRACT_HWM.DAP_NAME,CTL_EXTRACT_HWM.DSS_ID,CTL_EXTRACT_HWM.ICON_DBID,CTL_EXTRACT_HWM.PROVIDERTAG FROM ginfo.CTL_EXTRACT_HWM WHERE CTL_EXTRACT_HWM.DATA_SOURCE_KEY > 1 AND ( NOT EXISTS (SELECT 1 FROM ginfo.CTL_DS WHERE CTL_DS.DATA_SOURCE_KEY = CTL_EXTRACT_HWM.DATA_SOURCE_KEY)),2004326974) - enter
2020-04-02 21:32:52,249 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan - exit(elapsed 141 ms) returning 0
2020-04-02 21:32:52,249 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan (SELECT COALESCE(MIN(G_IR.TERMINATED_TS),0) FROM ginfo.G_IR,2004326974) - enter
2020-04-02 21:32:52,405 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan - exit(elapsed 156 ms) returning 1, (1585856618)
2020-04-02 21:32:52,405 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan (SELECT CTL_EXTRACT_HWM_JOIN_CTL_DS.DATA_SOURCE_TYPE,MIN(CTL_EXTRACT_HWM_JOIN_CTL_DS.MAX_TS) FROM (SELECT TABLE_NAME,(DS_KEY) DATA_SOURCE_KEY,(MAX(MAX_TS)) MAX_TS,(MAX(MAX_TIME)) MAX_TIME,(MAX(DATA_SOURCE_TYPE)) DATA_SOURCE_TYPE,(MAX(DS_DBID)) DS_DBID,(MAX(DS_DBID_PRIM)) DS_DBID_PRIM,(MAX(DS2_DBID)) DS2_DBID FROM (SELECT CTL_EXTRACT_HWM.*,(CTL_EXTRACT_HWM.DATA_SOURCE_KEY) DS_KEY,CTL_DS.DS_DBID,CTL_DS.DS_DBID_PRIM,CTL_DS.DS2_DBID FROM ginfo.CTL_EXTRACT_HWM INNER JOIN ginfo.CTL_DS ON CTL_EXTRACT_HWM.DATA_SOURCE_KEY = CTL_DS.DATA_SOURCE_KEY WHERE CTL_EXTRACT_HWM.DATA_SOURCE_TYPE <> 4 UNION ALL SELECT CTL_EXTRACT_HWM.*,(99) DS_KEY,(99) DS_DBID,(0) DS_DBID_PRIM,(0) DS2_DBID FROM ginfo.CTL_EXTRACT_HWM WHERE CTL_EXTRACT_HWM.DATA_SOURCE_TYPE = 4) CTL_EXTRACT_HWM_JOIN_CTL_DS GROUP BY TABLE_NAME,DS_KEY) CTL_EXTRACT_HWM_JOIN_CTL_DS GROUP BY CTL_EXTRACT_HWM_JOIN_CTL_DS.DATA_SOURCE_TYPE,2004326974) - enter
2020-04-02 21:32:52,529 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan - exit(elapsed 124 ms) returning 3
2020-04-02 21:37:54,411 INFO Agg.NewData 25000 Got addFactAvailNotification3: 1,585,860,300 1,585,863,000 INTERACTION_RESOURCE_FACT false true
2020-04-02 21:37:54,411 INFO ecp-1-885730 25000 notifyFactAvailable: INTERACTION_RESOURCE_FACT , online_media=false, interval_agg= true, current_time=1585863474, start=1585849500, end=1585863000, range= 14400, delay= 124 (List item=1)
2020-04-02 21:37:54,411 INFO Agg.NewData 25000 Got addFactAvailNotification3: 1,585,849,500 1,585,863,000 INTERACTION_RESOURCE_FACT true false
2020-04-02 21:37:54,411 INFO ecp-1-885730 25000 notifyFactAvailable: INTERACTION_RESOURCE_FACT , online_media=false, interval_agg=false, current_time=1585863474, start=1585849500, end=1585849500, range= 900, delay= 124 (List item=1)
2020-04-02 21:37:54,411 INFO Agg.NewData 25000 Got addFactAvailNotification3: 1,585,849,500 1,585,849,500 INTERACTION_RESOURCE_FACT false false
2020-04-02 21:37:54,411 INFO ecp-1-885730 25000 notifyFactAvailable: INTERACTION_RESOURCE_FACT , online_media=false, interval_agg=false, current_time=1585863474, start=1585861200, end=1585863000, range= 2700, delay= 124 (List item=2)
2020-04-02 21:37:54,411 INFO Agg.NewData 25000 Got addFactAvailNotification3: 1,585,861,200 1,585,863,000 INTERACTION_RESOURCE_FACT false false
2020-04-02 21:37:54,411 DEBUG ecp-1-885730 35000 SQLUtils.executeUpdate (INSERT INTO ginfo.CTL_AUDIT_LOG (AUDIT_KEY,JOB_ID,CREATED_TS,CREATED,PROCESSING_STATUS_KEY,MIN_START_DATE_TIME_KEY,MAX_START_DATE_TIME_KEY,MAX_CHUNK_TS,DATA_SOURCE_KEY,ROW_COUNT,INSERTED) VALUES (?,?,?,?,?,?,?,?,?,?,?),317443306,[CONSISTENT_READ_FAILURE]) - enter
2020-04-02 21:37:54,411 DEBUG ecp-1-885730 35000 SQLUtils.executeUpdate - exit(elapsed 0 ms) returning 1
2020-04-02 21:37:54,426 DEBUG ecp-1-885730 35000 COMMIT: 317443306; called by com.genesyslab.gim.etl.jobs.transform.TransformTask.commitAndRelease(TransformTask.java:165)
Get Updates on the Splunk Community!
Join Us for Splunk University and Get Your Bootcamp Game On!
If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...
.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!
.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...
Announcing Scheduled Export GA for Dashboard Studio
We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...
