- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How do I group Kepware Torque tool data by VIN'job...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure how to accomplish this and need some advice from the experts here.
I am working with data from a torque tool being fed into a kepware system and then into Splunk.
What happens first is I receive an event like below:
2016-06-13 21:02:36.579 +0000 Tag="Torque.Device1.VEHICLE IDENTIFICATION NUMBER.VIN1" Value="wiokdsk43" Quality="good"
This represents the ‘job’ that someone is working on. After this I receive a bunch of events like this:
2016-06-13 21:02:43.164 +0000 Tag="Torque.Device1.LAST TIGHTENING RESULTS.LTR_ANGLE_VALUE" Value="24" Quality="good"
2016-06-13 21:02:43.165 +0000 Tag="Torque.Device1.LAST TIGHTENING RESULTS.LTR_TORQUE_VALUE" Value="3.52999997" Quality="good"
2016-06-13 21:02:46.240 +0000 Tag="Torque.Device1.LAST TIGHTENING RESULTS.LTR_TORQUE_VALUE" Value="2.72000003" Quality="good"
It can be usually 5-10 more events before receiving another event identifying the next Vehicle Identification Number.
I need to be able to group together all events between Vehicle identification numbers as a single group/transaction so I can gather statistics and build visualizations for the specific ‘job’
Ideally I would like to be able to create a table of all last tightening results associated with a specific ‘job’
How do I accomplish this?
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See if this works for you
sourcetype=Kepware index=kepware Quality="good" | rex "\.VIN1"\sValue="(?<VIN>[^"]+)" | eval group=VIN | reverse | filldown group | stats last(Value) as LastValue by group
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See if this works for you
sourcetype=Kepware index=kepware Quality="good" | rex "\.VIN1"\sValue="(?<VIN>[^"]+)" | eval group=VIN | reverse | filldown group | stats last(Value) as LastValue by group
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you. This should work fine for my purpose.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've actually been able o crunch the data with the transaction command and now have another question still around how to build a group of the associated uses of the torque tool per VIN job.
sourcetype=Kepware index=kepware Quality="good"| transaction startswith="VEHICLE IDENTIFICATION NUMBER"
Im still though having problems building a table of the torque values per vin job.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Voinski,
Ever considered using the metadata field in Kepware? You could give each Tag an ID, so it appears as:
2016-06-13 21:02:43.164 +0000 Tag="Torque.Device1.LAST TIGHTENING RESULTS.LTR_ANGLE_VALUE" Value="24" Quality="good" VINID = A
2016-06-13 21:02:43.165 +0000 Tag="Torque.Device1.LAST TIGHTENING RESULTS.LTR_TORQUE_VALUE" Value="3.52999997" Quality="good" VINID = A
2016-06-13 21:02:46.240 +0000 Tag="Torque.Device1.LAST TIGHTENING RESULTS.LTR_TORQUE_VALUE" Value="2.72000003" Quality="good" VINID = A
Afterwhich, you can just search for VINID = A. Can you sketch up an endstate mock up of the visualization?
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
