Hi Team,
I did not have application name in the application error logs (cant be extracted.
Please help if using replace .... with or case functionality i can display the name of application inplace of host name.
host="*" source="/home/abc/tomcat/logs/app_error_log.txt" | eval teamname=case(host="1234", "abc", host="5678", "def") |chart count by teamname
Thanks,
Ravinder
... View more
Thanks Martin for the information.
But problem with me is i am not admin of Splunk portal. It is configured and maintained by third party. Hence i cant change the settings and hard to convince them as timezone in other source files like error logs, catalina.out logs are in CET timezone which is correct.
Only localhost log access event are in different timezone as i posted.
Is there any way to correct the timezone to CET only in splunk search query.
Thanks
... View more
Hi Team,
i am facing the issue of different timezones. Splunk timezone is CET but log event timezone is coming as UTC in my localhost access logs but other log event are displaying the timezone in sync with CET timezone.
Splunk timestamp is 6/11/13 11:31:44:000 AM
Event log timestamp is [11/Jun/2013:09:31:44 +0000]
I need event timestamp in CET timezone. Is there any way to do it in search query by making offset of 2 hours
Kindly help.
Thanks
... View more
Thanks Kml, for the response.
I extracted the field but dont know how to fit that filed in query. i have extracted it as appname.
Can you please help me to get this in query with respective to the hostname
Thanks
... View more
Hi Team,
I am new to Splunk portal. I have to search on multiple hosts for HTTP hits and display the result in single graph by application names hosted on the hosts. Not to display hostname.
Query is
host="*" source="/home/abc/tomcat/logs/localhost_access_log.txt" | chart count over host by date_wday | fields host monday tuesday wednesday thursday friday saturday sunday
This query displays HTTP traffic by hostanme. But i want to replace the hostname with respective application name.
Wanna show the application name instead of hostname on graph with http counts
Looking forward for your help
Thanks
... View more