We are using Splunk 4.1.6, build 89596
We are trying to mine the IIS logs for multiple crashes occurring within a span of 15 minutes of a particular crash.
Query A : sourcetype="WinEventLog:Application" Message="An unhandled exception occurred and the process was terminated" Application_ID="*0002*"*
Query A singles out one specific kind of crash (with the unique identifier Application_ID = *0002*). Now we want to find out if any other crashes happened in the neighbourhood of 10 minutes of every crash retrieved by Query A
We tried the solution given below but it did not give us the result.
http://splunk-base.splunk.com/answers/2602/can-splunk-filtermatch-events-and-bring-back-neighbouring-events-like-gnu-grep
... View more