I have Splunk logs as shown in below format from a Kafka server's topic metadata.
Topic#No_Partion#No = [F1,F2,F3]
F1= Produced Message Count to this Topic by a producer group
F2=Consumed Message Count from this Topic by a consumer group
F3=Total lag count between producer and consumer i.e F1-F2
Sample logs:
[11/Dec/2015:04:45:26 +481] Topic1_0=[9,7,2] Topic1_1=[3,2,1] Topic1_2=[6,4,2] Topic1_3=[2,1,1]
[11/Dec/2015:04:45:26 +481] Topic2_0=[5,3,2] Topic2_1=[2,1,1] Topic2_2=[0,0,0] Topic2_3=[1,1,0]
Now I need the sum of message counts of specific Topic from all part-ions
Total messages produced to Topic1 = 20 {9+3+6+2}
Total messages consumed from Topic1 = 14 {7+2+4+1}
Lag count between consumer and producer using Topic1= 6{2+1+2+1}
Can someone help with a Splunk query.
... View more