I am very new to splunk and still learning, but have a need to get some IP addresses from a very large log file. Basically how the log file works is the IP address is at the end of the line and when that IP errors the following 2 lines in the log give some information on it. But I am needing to build a list of IP's that have errored. The log looks like this:
2012-05-23 00:00:56,578 [6792] INFO Messaging.Common.LogUtil - UploadServer: Receiving SMail upload request from : 192.168.178.245
2012-05-23 00:00:56,578 [6792] ERROR Messaging.Common.LogUtil - UploadServer: File either not sent or length is invalid
2012-05-23 00:00:56,578 [6792] ERROR Messaging.Common.LogUtil - UploadServer: SMail message NOT stored - Returning error message: 2 - ERROR: File was not valid or no file was attempted to be sent
You notice there is a # in [ ] that is the same as the line that has the IP, this lets us know that this was the IP that had the error. I am not sure how to use these things to get me the list of IP's I need. Thank you for your help.
... View more