"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"
The dojo of Splunk. Learn, share, teach, mentor.
Videos
Latest Activity
Nikita posted a discussionCount failures and success via transaction
Hi,I'm a new in Splunk so sorry for the stupid questions.I want to calculate failures in logs.For example we have request log and response log."request" OR ("fail" OR "response") |transaction startsWith=("request") endsWith=("fail" OR "response") maxpause=5s keepevicted=false maxspan=25s id |eval Failure=if(searchmatch("fail"),1,0)| eval Success=if(searchmatch("response"),1,0) | stats count(Failure) as FailureCount, count(Success) as SuccessCount | table FailureCount SuccessCountThat query…See More
Nathan Dornbrook's Discussions
Using LogLogic and Splunk together
4 Replies
Good morning, gentlemen. I have a situation I think is relatively common in my industry. There is a regulatory and legal monitoring challenge - we have to demonstrate that we are "in control" of our…Continue
Started this discussion. Last reply by Nathan Dornbrook Mar 3, 2011.
Nathan Dornbrook's Page
Gifts Received
Nathan Dornbrook has not received any gifts yet
Latest Activity
Nathan Dornbrook replied to Nathan Dornbrook's discussion Using LogLogic and Splunk together"Hey, Michael!
We've got both Splunk and LogLogic working on this and I think we've got a solution that works for everyone.
LogLogic can message forward the syslog, and that does the trick for us.
By the way, the issue…"
Michael Wilde replied to Nathan Dornbrook's discussion Using LogLogic and Splunk together"Nathan.... (its been a while since i answered you, and something made me look at this question again) while "politically" you may not be able to displace Loglogic, the product is designed to scale far beyond that of LogLogic &…"
Nathan Dornbrook replied to Nathan Dornbrook's discussion Using LogLogic and Splunk together"Hi, Michael!
Thanks for the update.
The LogLogic part of the equation is actually outside the remit of what I can mess with.
The organisation is big and has ended up fairly segmented.
The LogLogic implementation is…"
Michael Wilde replied to Nathan Dornbrook's discussion Using LogLogic and Splunk together"In regards to if LogLogic can spit out syslog... I'll ask my buddy who works there.
Splunk can eat EBC-DIC logs, you just have to tell it what the character set is. Have you considered sending everything to splunk, and then…"
Nathan Dornbrook posted a discussionUsing LogLogic and Splunk together
Good morning, gentlemen. I have a situation I think is relatively common in my industry. There is a regulatory and legal monitoring challenge - we have to demonstrate that we are "in control" of our IT estate. In order to do that, a previous set of IT consultants selected LogLogic to store the logs, a decision that I wholeheartedly support. Now, before you start shouting at me, here's why this makes sense: the estate is large (there are >50,000 servers) and heterogenous (there are 28…See More
Profile Information
- Are you an existing splunk user?
- Free
- What do you do for your day job?
- Security Consultant
Comment Wall
- No comments yet!
© 2012 Created by Michael Wilde.
