![]() WHERE T0.AM_ASSIGNMENT='0' and T0.COMPUTERENVIRONMENT = 'PROD' and T1. WHERE T0.AM_ASSIGNMENT='0' and T0.COMPUTERENVIRONMENT = 'PROD' and T1.CRSTATE = 'In Service'" Server as ServerName OUTPUT OS AS OS, ApplicationName AS Application ORGANIZATION_BusinessLine AS T3 with (nolock) ON T2.ID_BUSINESSLINE_OWNER = T3.ID_BUSINESSLINE APPLICATION_Application AS T2 with (nolock) ON T2.ID_APPLICATION = T1.ID_CHILD AND T1.CIT_CHILD = 'Application' GENERAL_Relations AS T1 with (nolock) ON T0.ID_SERVER = T1.ID_PARENT AND T1.CIT_PARENT = 'Server' AND LINKTYPE = 'CST_APP2SRV' INFRASTRUCTURE_Server AS T0 with (nolock) ![]() | dbxlookup connection="CMDB" query="SELECT upper(.) As 'Server',įROM. Index=indexwintimesynclogs NOT (ServerName= UAT OR ServerName= DEV)|eval ServerName=replace(ServerName, ".+?(\/)",""), offset=Delta|where (offset>0.0001 OR offset<-0.0001) | stats max(offset) as offset, count(offset) as violations by ServerName, TimeSource|sort -offset System A receives customer information which is then sent to System B. I have two systems, System A and System B. Hoping that I can get some help from this awesome community. Notably the join can not return more than 50,000 results or take longer than 60 seconds by default. Hello, I am quite new to Splunk and this is my first post. It uses subsearches, which have limitations that can affect the join. Yes it can work, but when it does not, you will not know that it has not joined all the data. Search hangs with message - No fields found, forget to run the search? Note that using join in Splunk is often not the best/right solution. The query gets stuck at the first step - "Set Reference Search" I tried creating a lookup under - Splunk DB Connect->Data Lab->Lookups WHERE T0.AM_ASSIGNMENT='0' and T0.COMPUTERENVIRONMENT = 'PROD' and T1.CRSTATE = 'In Service' ORDER BY T0.COMPUTERNAME" Server as ServerName OUTPUT OS AS OS, ApplicationName AS ApplicationIt does not work. ORGANIZATION_BusinessLine AS T3 ON T2.ID_BUSINESSLINE_OWNER = T3.ID_BUSINESSLINE Depending on your use case or what you are looking to achieve with your Splunk Processing Language (SPL), you may need to query multiple data sources and merge the results. APPLICATION_Application AS T2 ON T2.ID_APPLICATION = T1.ID_CHILD AND T1.CIT_CHILD = 'Application' GENERAL_Relations AS T1 ON T0.ID_SERVER = T1.ID_PARENT AND T1.CIT_PARENT = 'Server' AND LINKTYPE = 'CST_APP2SRV' ID_MANAGEMENTTEAM As 'Management team (Application)'įROM. | dbxlookup connection="CMDB" query="SELECT. Tested the connectivity and DB query -> Splunk DB Connect->Data Lab -> SQL Explorer Installed the App DB Connect and configured connection to CMDB I have wrote the SQL query that is required to fetch data from CMDB Now I want to join the results of this query to the CMDB database and get the OS and Application details for each server reported by the above query. Index=indexwintimesynclogs|eval offset=Delta|where offset>0.0001 and like(ServerName,"%PRD%") | stats max(offset) as offset, count(offset) as violations by ServerName, TimeSource|sort -offset I use the following query to find PTP violations per server
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |