- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to write a search for mapping fields based...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have a sample dataset as follows:
PROCCESS_NAME STATUS
p1 PASS
p2 PASS
p3 PASS
p4 PASS
p5 PASS
p6 PASS
Their dependency relationship is as follows
p1-->depends on -->p2 -->depends on-->p4 -->depends on -->p6
p1-->depends on --> p3-->depends on-->p5
How can I represent the same in table/chart in a dynamic way. Also if any PROCCESS_NAME fails, its upper hierarchy show also set as FAIL.
Means if p6 fails, then p6,p4,p2 and p1 should also be set as FAIL.
Currently I am able to show either predecessor or successor . i.e p2-p1 OR p2-p3 based on the lookup created:
Predecessor Successor
p1 p2
p1 p3
p2 p4
p4 p6
p3 p5
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are two solutions on the thread at this link, one of which is extensively documented and general in its application.
https://answers.splunk.com/answers/170487/recursively-join-the-same-table.html
Be sure to upvote rmasuoka's post on that thread if it helps you with your problem. Looks like he did a lot of work to create, document and explain a generally applicable solution.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are two solutions on the thread at this link, one of which is extensively documented and general in its application.
https://answers.splunk.com/answers/170487/recursively-join-the-same-table.html
Be sure to upvote rmasuoka's post on that thread if it helps you with your problem. Looks like he did a lot of work to create, document and explain a generally applicable solution.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, thanks for sharing the link - this will help me.
Yes, rmasuoka definitely deserves an up vote.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if any lower hierarchy process fails, its upper one should be forced to set as FAIL, even if in individual run the upper one was PASS.
Means if p6 fails and p5 not, then p6 predecessor p4 should be set as FAIL, which in turn set p2 as FAIL and finally P1 as FAIL.
while p5 and p3 continues to be in PASS status.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What happens when P6 fails but p5 passes?
And when p6 fails and p2 passes?
Also how are these processes distinguished in each run say, if the data needs a correlation between multi runs, like below, how can once distinguish between p1 of run 1 from p1 of run2,3 or 4:
run 1 - p1 pass; p2 pass; p4 pass; p6 pass
run 2 - p1 pass; p3 pass; p5 fails
run 3 - p1 pass; p2 fails; p4 pass; p6 pass
run 4 - p1 pass; p3 pass; p5 pass
Introducing the Splunk Community Dashboard Challenge!
Wondering How to Build Resiliency in the Cloud?
Updated Data Management and AWS GDI Inventory in Splunk Observability
