Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Group multiple events and also index logs with 03 ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Group multiple events and also index logs with 03 hours less than the time zone.
leandromatperei
Path Finder
04-02-2020
04:51 PM
Hello everyone.
I need to index the logs below and the example that is on my Dropbox link in a new sourcetype.
The event line break occurs through the timestamp at the beginning of each interaction: "2020-04-02 22:09:52,416", this is the time format of my log.
Another point is that it is added with a time zone of 03 hours more, so for example:
- The log of the time "2020-04-02 22:09:52,416" should be indexed in Splunk with the time "2020-04-02 19:09:52,416", if it is not clear I will explain it again.
Can you help me how to set up this sourcetype in props.conf?
Link Dropbox:
2020-04-02 21:57:38,063 INFO ecp-1-1784929 25000 ExtractWindow: CFG, [2020-02-28 05:53:42,2020-04-02 21:57:14(1582869222,1585864634)]
*** SESSIONS(2):
2020-04-02 21:32:52,779 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan - exit(elapsed 47 ms) returning 43
2020-04-02 21:32:53,278 WARN ecp-1-872908 20000 User data mapping and data base schema validation warnings:
Default value in data base schema for user dimension column USER_DATA_CUST_DIM_2.SEGMENTO is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_13.CORRENTISTAS is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_13.MULTIPLO is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_13.TPESSOA is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_13.AVI is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_13.ELEG is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_14.ASSUNTO is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_14.PRODUTODN is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_14.CONPO is empty, will use hardcoded default: none
Default value in mapping for user dimension column USER_DATA_CUST_DIM_15.FIDELIZA is empty, will use hardcoded default: none
2020-04-02 21:32:53,278 INFO ecp-1-872908 30000 JobTransform: SERVICE_OBJECTIVE default is = -1
2020-04-02 21:32:53,278 INFO ecp-1-872908 30000 JobTransform: creating Lookup ...
2020-04-02 21:32:53,278 DEBUG ecp-1-872908 35000 COMMIT: 2004326974; called by com.genesyslab.gim.etl.jobs.transform.JobTransform.init(JobTransform.java:269)
2020-04-02 21:32:53,278 INFO ecp-1-872908 30000 JobTransform: initialized
2020-04-02 21:32:53,309 INFO ecp-1-872908 30042 Job step INIT completed successfully.
2020-04-02 21:32:53,309 INFO ecp-1-885538 30041 Job step AGENTtoRESOURCE started.
2020-04-02 21:32:51,999 DEBUG ecp-1-872908 35000 ConcurrentUtils.shutdown: all tasks completed, executor terminated
2020-04-02 21:32:51,999 INFO ecp-1-872908 20104 Job 'Job_ExtractICON' completed successfully.
2020-04-02 21:32:51,999 INFO ecp-1-872908 25000 Execution Info
+[Job_ExtractICON].....................................................21653 ms. Invocations 1
|-- [INIT]................................................................15 ms. Invocations 1
|--+[RUN]..............................................................20905 ms. Invocations 1
|-- [TRUNCATE_TMP]....................................................203 ms. Invocations 1
|--+[EXTRACT].......................................................20670 ms. Invocations 1
|--+[ExtractAndMerge]............................................13417 ms. Invocations 1
|--+[ExtractTriplets]..........................................2886 ms. Invocations 1
|-- [G_IR]..................................................3181 ms. Invocations 7
|-- [G_CALL]................................................8859 ms. Invocations 7
|-- [G_IS_LINK].............................................3135 ms. Invocations 7
|--+[MergeMove]...............................................10359 ms. Invocations 1
|-- [insertIRs4ConCalls2TmpMerge](0).........................499 ms. Invocations 1
|--+[insertClassifiedIsLinks](5993)..........................561 ms. Invocations 1
|-- [classify links - join](5993).........................234 ms. Invocations 1
|-- [classify links - insert](5993).......................171 ms. Invocations 1
|-- [insertIsLinks2TmpMerge](1058)............................93 ms. Invocations 1
|-- [update_G_CALL_ROOTIRID](1533)...........................561 ms. Invocations 2
|-- [update_G_IR_ROOTIRID](1096).............................156 ms. Invocations 2
|-- [insertIRs2TmpMerge](38).................................218 ms. Invocations 1
|-- [updateTO_CYCLE](0)......................................234 ms. Invocations 4
|-- [updateRootIrInTmpMerge](41).............................156 ms. Invocations 4
|-- [updateRootirInTmpMerge2](3937)..........................141 ms. Invocations 1
|-- [insertPendingRootIrs2TmpMerge](1881).....................47 ms. Invocations 1
|-- [insertNotPendingRootIrs2TmpMerge](3648).................187 ms. Invocations 1
|-- [insertNotPendingLinks](2116)............................593 ms. Invocations 1
|-- [deleteNotPendingLinks](2116)............................124 ms. Invocations 1
|-- [G_IR_copyMerged](4696)..................................531 ms. Invocations 1
|-- [G_IR_deleteMerged](4696)................................125 ms. Invocations 1
|-- [G_CALL_copyMerged](6846)...............................1263 ms. Invocations 1
|-- [G_CALL_deleteMerged](6846).............................2543 ms. Invocations 1
|-- [G_IR_copyStuckRecords](0)...............................187 ms. Invocations 1
|-- [G_CALL_copyStuckRecords](0).............................422 ms. Invocations 1
|--+[Extract].....................................................6833 ms. Invocations 1
|-- [G_IR]......................................................578 ms. Invocations 1
|-- [G_VIRTUAL_QUEUE]..........................................2059 ms. Invocations 8
|-- [GC_LOGIN].................................................1014 ms. Invocations 1
|-- [GC_BUS_ATTRIBUTE].........................................1357 ms. Invocations 1
|-- [G_USERDATA_HISTORY]......................................15678 ms. Invocations 8
|-- [GC_IVRPORT]................................................983 ms. Invocations 1
|-- [GC_TREATMENT]..............................................858 ms. Invocations 1
|-- [GC_SKILL]..................................................982 ms. Invocations 1
|-- [GCX_GROUP_PLACE]...........................................749 ms. Invocations 1
|-- [G_SECURE_USERDATA_HISTORY].................................811 ms. Invocations 8
|-- [GC_PLACE]..................................................999 ms. Invocations 1
|-- [GC_ANNEX]..................................................265 ms. Invocations 1
|-- [GCX_GROUP_ROUTEDN]........................................1482 ms. Invocations 1
|-- [G_DND_HISTORY].............................................750 ms. Invocations 6
|-- [G_ROUTE_RESULT]...........................................2416 ms. Invocations 8
|-- [G_AGENT_STATE_RC].........................................1186 ms. Invocations 6
|-- [GC_SWITCH].................................................952 ms. Invocations 1
|-- [GC_ATTR_VALUE].............................................921 ms. Invocations 1
|-- [GM_L_USERDATA].............................................625 ms. Invocations 1
|-- [GCX_FORMAT_FIELD].........................................1498 ms. Invocations 1
|-- [G_CUSTOM_DATA_S]...........................................920 ms. Invocations 8
|-- [GM_F_USERDATA]..............................................94 ms. Invocations 1
|-- [G_PARTY].................................................10294 ms. Invocations 8
|-- [G_CALL_STAT]..............................................1387 ms. Invocations 7
|-- [GCX_ENDPOINT_PLACE].......................................1310 ms. Invocations 1
|-- [GCX_GROUP_AGENT]..........................................1326 ms. Invocations 1
|-- [GCX_CAMPGROUP_INFO].......................................1045 ms. Invocations 1
|-- [GCX_SKILL_LEVEL]..........................................1435 ms. Invocations 1
|-- [GCX_LOGIN_INFO]............................................999 ms. Invocations 1
|-- [G_ROUTE_RES_VQ_HIST]......................................1295 ms. Invocations 8
|-- [GC_AGENT]..................................................858 ms. Invocations 1
|-- [GCX_AGENT_PLACE]...........................................983 ms. Invocations 1
|-- [GC_CAMPAIGN]...............................................749 ms. Invocations 1
|-- [GC_CALLING_LIST]..........................................1061 ms. Invocations 1
|-- [G_LOGIN_SESSION]..........................................3900 ms. Invocations 6
|-- [GC_TENANT].................................................748 ms. Invocations 1
|-- [G_IR_HISTORY].............................................2668 ms. Invocations 8
|-- [GCX_CAMPLIST_INFO]........................................1372 ms. Invocations 1
|-- [GC_FILTER]................................................1217 ms. Invocations 1
|-- [G_CALL]....................................................639 ms. Invocations 1
|-- [GC_TIME_ZONE]..............................................655 ms. Invocations 1
|-- [GC_OBJ_TABLE]..............................................624 ms. Invocations 1
|-- [GC_VOICE_PROMPT]...........................................593 ms. Invocations 1
|-- [GC_GROUP].................................................1030 ms. Invocations 1
|-- [GC_SCRIPT]................................................1186 ms. Invocations 1
|-- [GC_ACTION_CODE]...........................................1311 ms. Invocations 1
|-- [GC_ENDPOINT]...............................................811 ms. Invocations 1
|-- [G_AGENT_STATE_HISTORY]...................................15163 ms. Invocations 6
|-- [GCX_SUBCODE]..............................................1373 ms. Invocations 1
|-- [GC_TABLE_ACCESS]..........................................1061 ms. Invocations 1
|-- [GCX_GROUP_ENDPOINT].......................................1467 ms. Invocations 1
|-- [GC_IVR]....................................................655 ms. Invocations 1
|-- [G_PARTY_HISTORY].........................................23727 ms. Invocations 8
|-- [GC_FORMAT].................................................780 ms. Invocations 1
|-- [GC_FOLDER]................................................1076 ms. Invocations 1
|-- [GC_FIELD]..................................................312 ms. Invocations 1
|-- [GC_APPLICATION]...........................................1061 ms. Invocations 1
|-- [GX_SESSION_ENDPOINT]......................................5601 ms. Invocations 6
|-- [GCX_LIST_TREATMENT].......................................1389 ms. Invocations 1
|-- [G_IS_LINK_HISTORY]........................................1092 ms. Invocations 7
|--+[MergeMove]...................................................3089 ms. Invocations 1
|-- [insertIRs4ConCalls2TmpMerge](0)............................421 ms. Invocations 1
|--+[insertClassifiedIsLinks](3877).............................187 ms. Invocations 1
|-- [classify links - join](3877).............................78 ms. Invocations 1
|-- [classify links - insert](3877)...........................93 ms. Invocations 1
|-- [insertIsLinks2TmpMerge](0)..................................62 ms. Invocations 1
|-- [insertIRs2TmpMerge](0).....................................234 ms. Invocations 1
|-- [updateRootirInTmpMerge2](1821).............................172 ms. Invocations 1
|-- [insertPendingRootIrs2TmpMerge](1757).......................141 ms. Invocations 1
|-- [insertNotPendingRootIrs2TmpMerge](23).......................63 ms. Invocations 1
|-- [insertNotPendingLinks](24).................................265 ms. Invocations 1
|-- [deleteNotPendingLinks](24)..................................31 ms. Invocations 1
|-- [G_IR_copyMerged](23)........................................78 ms. Invocations 1
|-- [G_IR_deleteMerged](23)......................................47 ms. Invocations 1
|-- [G_CALL_copyMerged](24).....................................297 ms. Invocations 1
|-- [G_CALL_deleteMerged](24)....................................46 ms. Invocations 1
|-- [G_IR_copyStuckRecords](0)..................................188 ms. Invocations 1
|-- [G_CALL_copyStuckRecords](0)................................312 ms. Invocations 1
|-- [DESTROY]............................................................733 ms. Invocations 1
2020-04-02 21:32:51,999 DEBUG main 35000 SQLUtils.queryAndScan (SELECT CTL_SCHEMA_INFO.SCHEMA_VERSION FROM (select 1 as dummy from DUAL) DUAL LEFT OUTER JOIN ginfo.CTL_SCHEMA_INFO ON CTL_SCHEMA_INFO.SCHEMA_NAME = 'Genesys Info Mart',302366050) - enter
2020-04-02 21:32:51,999 DEBUG main 35000 SQLUtils.queryAndScan - exit(elapsed 0 ms) returning 1
2020-04-02 21:32:51,999 INFO main 25000 Reading CTL_SCHEMA_INFO.Genesys Info Mart=8.1.402.01
2020-04-02 21:32:51,999 DEBUG main 35000 SQLUtils.queryAndScan (SELECT CTL_SCHEMA_INFO.SCHEMA_VERSION FROM (select 1 as dummy from DUAL) DUAL LEFT OUTER JOIN ginfo.CTL_SCHEMA_INFO ON CTL_SCHEMA_INFO.SCHEMA_NAME = 'UPDATE_IDB_FOR_GIM',302366050) - enter
2020-04-02 21:32:51,999 DEBUG main 35000 SQLUtils.queryAndScan - exit(elapsed 0 ms) returning 1
2020-04-02 21:32:51,999 INFO main 25000 Reading CTL_SCHEMA_INFO.UPDATE_IDB_FOR_GIM=8.1.400.01
2020-04-02 21:32:51,999 INFO main 31201 GIM Server - current state is TRANSFORM.
2020-04-02 21:32:51,999 INFO ecp-1-872908 20103 Job 'Job_TransformGIM' started. Version='8.1.402.08' built '2015-03-11 18:50:32 UTC'.
2020-04-02 21:32:51,999 INFO ecp-1-872908 30041 Job step INIT started.
2020-04-02 21:32:51,999 INFO ecp-1-872908 30000 JobTransform: initializing...
2020-04-02 21:32:52,093 DEBUG ecp-1-872908 35000 Executing {call DBMS_LOCK.ALLOCATE_UNIQUE(?,?,864000)}
2020-04-02 21:32:52,108 DEBUG ecp-1-872908 35000 Executing {?=call DBMS_LOCK.REQUEST(?,?,10,false)}
2020-04-02 21:32:52,108 DEBUG ecp-1-872908 35000 OPEN: 2004326974; count 1
2020-04-02 21:32:52,108 INFO ecp-1-872908 30000 JobTransform: reading extract HWM info...
2020-04-02 21:32:52,108 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan (SELECT CTL_EXTRACT_HWM.TABLE_NAME,CTL_EXTRACT_HWM.DATA_SOURCE_KEY,CTL_EXTRACT_HWM.DATA_SOURCE_TYPE,CTL_EXTRACT_HWM.EXTRACT_START_TIME,CTL_EXTRACT_HWM.EXTRACT_END_TIME,CTL_EXTRACT_HWM.ROW_COUNT,CTL_EXTRACT_HWM.MAX_TS,CTL_EXTRACT_HWM.JOB_ID,CTL_EXTRACT_HWM.JOB_NAME,CTL_EXTRACT_HWM.JOB_VERSION,CTL_EXTRACT_HWM.DAP_NAME,CTL_EXTRACT_HWM.DSS_ID,CTL_EXTRACT_HWM.ICON_DBID,CTL_EXTRACT_HWM.PROVIDERTAG FROM ginfo.CTL_EXTRACT_HWM WHERE CTL_EXTRACT_HWM.DATA_SOURCE_KEY > 1 AND ( NOT EXISTS (SELECT 1 FROM ginfo.CTL_DS WHERE CTL_DS.DATA_SOURCE_KEY = CTL_EXTRACT_HWM.DATA_SOURCE_KEY)),2004326974) - enter
2020-04-02 21:32:52,249 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan - exit(elapsed 141 ms) returning 0
2020-04-02 21:32:52,249 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan (SELECT COALESCE(MIN(G_IR.TERMINATED_TS),0) FROM ginfo.G_IR,2004326974) - enter
2020-04-02 21:32:52,405 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan - exit(elapsed 156 ms) returning 1, (1585856618)
2020-04-02 21:32:52,405 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan (SELECT CTL_EXTRACT_HWM_JOIN_CTL_DS.DATA_SOURCE_TYPE,MIN(CTL_EXTRACT_HWM_JOIN_CTL_DS.MAX_TS) FROM (SELECT TABLE_NAME,(DS_KEY) DATA_SOURCE_KEY,(MAX(MAX_TS)) MAX_TS,(MAX(MAX_TIME)) MAX_TIME,(MAX(DATA_SOURCE_TYPE)) DATA_SOURCE_TYPE,(MAX(DS_DBID)) DS_DBID,(MAX(DS_DBID_PRIM)) DS_DBID_PRIM,(MAX(DS2_DBID)) DS2_DBID FROM (SELECT CTL_EXTRACT_HWM.*,(CTL_EXTRACT_HWM.DATA_SOURCE_KEY) DS_KEY,CTL_DS.DS_DBID,CTL_DS.DS_DBID_PRIM,CTL_DS.DS2_DBID FROM ginfo.CTL_EXTRACT_HWM INNER JOIN ginfo.CTL_DS ON CTL_EXTRACT_HWM.DATA_SOURCE_KEY = CTL_DS.DATA_SOURCE_KEY WHERE CTL_EXTRACT_HWM.DATA_SOURCE_TYPE <> 4 UNION ALL SELECT CTL_EXTRACT_HWM.*,(99) DS_KEY,(99) DS_DBID,(0) DS_DBID_PRIM,(0) DS2_DBID FROM ginfo.CTL_EXTRACT_HWM WHERE CTL_EXTRACT_HWM.DATA_SOURCE_TYPE = 4) CTL_EXTRACT_HWM_JOIN_CTL_DS GROUP BY TABLE_NAME,DS_KEY) CTL_EXTRACT_HWM_JOIN_CTL_DS GROUP BY CTL_EXTRACT_HWM_JOIN_CTL_DS.DATA_SOURCE_TYPE,2004326974) - enter
2020-04-02 21:32:52,529 DEBUG ecp-1-872908 35000 SQLUtils.queryAndScan - exit(elapsed 124 ms) returning 3
2020-04-02 21:37:54,411 INFO Agg.NewData 25000 Got addFactAvailNotification3: 1,585,860,300 1,585,863,000 INTERACTION_RESOURCE_FACT false true
2020-04-02 21:37:54,411 INFO ecp-1-885730 25000 notifyFactAvailable: INTERACTION_RESOURCE_FACT , online_media=false, interval_agg= true, current_time=1585863474, start=1585849500, end=1585863000, range= 14400, delay= 124 (List item=1)
2020-04-02 21:37:54,411 INFO Agg.NewData 25000 Got addFactAvailNotification3: 1,585,849,500 1,585,863,000 INTERACTION_RESOURCE_FACT true false
2020-04-02 21:37:54,411 INFO ecp-1-885730 25000 notifyFactAvailable: INTERACTION_RESOURCE_FACT , online_media=false, interval_agg=false, current_time=1585863474, start=1585849500, end=1585849500, range= 900, delay= 124 (List item=1)
2020-04-02 21:37:54,411 INFO Agg.NewData 25000 Got addFactAvailNotification3: 1,585,849,500 1,585,849,500 INTERACTION_RESOURCE_FACT false false
2020-04-02 21:37:54,411 INFO ecp-1-885730 25000 notifyFactAvailable: INTERACTION_RESOURCE_FACT , online_media=false, interval_agg=false, current_time=1585863474, start=1585861200, end=1585863000, range= 2700, delay= 124 (List item=2)
2020-04-02 21:37:54,411 INFO Agg.NewData 25000 Got addFactAvailNotification3: 1,585,861,200 1,585,863,000 INTERACTION_RESOURCE_FACT false false
2020-04-02 21:37:54,411 DEBUG ecp-1-885730 35000 SQLUtils.executeUpdate (INSERT INTO ginfo.CTL_AUDIT_LOG (AUDIT_KEY,JOB_ID,CREATED_TS,CREATED,PROCESSING_STATUS_KEY,MIN_START_DATE_TIME_KEY,MAX_START_DATE_TIME_KEY,MAX_CHUNK_TS,DATA_SOURCE_KEY,ROW_COUNT,INSERTED) VALUES (?,?,?,?,?,?,?,?,?,?,?),317443306,[CONSISTENT_READ_FAILURE]) - enter
2020-04-02 21:37:54,411 DEBUG ecp-1-885730 35000 SQLUtils.executeUpdate - exit(elapsed 0 ms) returning 1
2020-04-02 21:37:54,426 DEBUG ecp-1-885730 35000 COMMIT: 317443306; called by com.genesyslab.gim.etl.jobs.transform.TransformTask.commitAndRelease(TransformTask.java:165)
Get Updates on the Splunk Community!
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
The Transformative Power of AI and ML in Enhancing Observability
In the realm of IT operations, the ...
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
