Hi Giuseppe,
The full one log have 32 line. i only copy the 3 line. This is not the log. Only i export the command line to the log file and send his file to the splunk. The log content is:
| SYSTEMDB | p-crm-db01 | 30601 | nameserver | 1 | 2 | CRM01 | p-crm-db02 | 30601 | 1 | CRM02 | YES | SYNC | ACTIVE | |
| QP2 | p-crm-db01 | 30652 | indexserver | 2 | 2 | CRM01 | p-crm-db02 | 30652 | 1 | CRM02 | YES | SYNC | ACTIVE | |
| RP2 | p-crm-db01 | 30640 | indexserver | 2 | 2 | CRM01 | p-crm-db02 | 30640 | 1 | CRM02 | YES | SYNC | ACTIVE | |
| JP2 | p-crm-db01 | 30646 | indexserver | 2 | 2 | CRM01 | p-crm-db02 | 30646 | 1 | CRM02 | YES | SYNC | ACTIVE | |
| CP2 | p-crm-db01 | 30643 | indexserver | 2 | 2 | CRM01 | p-crm-db02 | 30643 | 1 | CRM02 | YES | SYNC | ACTIVE | |
| OP2 | p-crm-db01 | 30649 | indexserver | 2 | 2 | CRM01 | p-crm-db02 | 30649 | 1 | CRM02 | YES | SYNC | ACTIVE | |
status system replication site "1": ACTIVE
status system replication site "3": ERROR
overall system replication status: ERROR
Show that i want to detect the log file about that:
status system replication site "3": ACTIVE or ERROR.
If i search the content about that:
index=linux host="..." ("status system replication site "3": ACTIVE")
the result is :
status system replication site "1": ACTIVE
status system replication site "3": ERROR
overall system replication status: ERROR
This is false the result.
Thank
... View more