Before I forget to mention, I have to process at least 2.000.000 objects a day. So I will have 2M "start processing" and I have to find how many of those do not have an "end processing" in de logfile.
I Have 1 logfile.
when starting processing the object I write a log entry "2017-04-04 13:00:59 : ID=14; Start processing
When complete work on the object I write a log entry "2017-04-04 13:01:00 ; ID=14: End processing.
If something failes, the "end processing" line will not be generated.
File might look like:
2017-04-04 13:00:59 : ID=14; Start processing
2017-04-04 13:00:59 : ID=15; Start processing
2017-04-04 13:01:00 ; ID=14: End processing
2017-04-04 13:01:15 : ID=16; Start processing
2017-04-04 13:01:20 ; ID=16: End processing
processing ID 15 failed, so not line is being generated. That is what I have to find with SPLUNK.
Ofcourse, I will generated an error in the logfile but I have to prove that all start processing have an end processing. It is functional requirement.
... View more