Search for Date and data in a logfile

Ravi_c · ‎02-27-2014

Hi,

Im having a error log file, which is having last 30 days error information and with time stamp when the error was occurred. Now how can we write a SEARCH string to get the last error appended to that error log file. I dont want to specify the date and search as I need to automate to run for every day.

Error Log File will be like
01-Feb-2014 09:09:12 Error Java custom error.
01-Feb-2014 09:30:30 Error Oracle error.
01-Feb-2014 14:45:30 Error Java error.
.
.
.
.
26-Feb-2014 09:09:12 Error Java custom error.
26-Feb-2014 09:30:30 Error Oracle error.
26-Feb-2014 14:45:30 Error Java error.

Is this possible that this search string automate to run for every day and then if any error then send an email.

Please help.

melonman · ‎02-27-2014

Yes, basically you need to set up alert action for your search so the search will run once a day to check ERROR message (or any other search).

You can take a look at this alert documentation for detail.
http://docs.splunk.com/Documentation/Splunk/latest/Alert/Aboutalerts

Scheduled Alert
http://docs.splunk.com/Documentation/Splunk/latest/Alert/Definescheduledalerts

Hope this help you get started

melonman · ‎02-27-2014

Well if you simply want to get the latest ERROR message, you just search like this:

your search | head 1

Splunk will return the result from latest to earliest in time order and if you add "head 1" you will get latest event.

melonman · ‎02-27-2014

This will add current unixtime to your event/table

your search | eval now=now()

Ravi_c · ‎02-27-2014

Thanx for your suggestion.

I want to know is there any keyword for getting current time, like sysdate in Oracle db, which will give current time.

Please help.

Search for Date and data in a logfile

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases