An alternative to ingesting the log files; where in some cases can be quite large in size, is to get the summary status (the section at the bottom of the log file) by querying the ActiveBatch database directly using the Splunk DB Connect Add-on. Where have it so that the query below is ran every 15 mins.
SELECT
I.ID AS AbatInstanceID,
I.BatchID AS AbatBatchID,
L.Name AS AbatJobName,
I.Name AS AbatTaskName,
J.Path AS AbatJobPath,
I.BeginExecutionTime AS AbatStartTime,
I.EndExecutionTime AS AbatEndTime,
(CAST(J.ElapsedHours AS varchar) + ':' + CAST(J.ElapsedMinutes AS varchar) + ':' + CAST(J.ElapsedSeconds AS varchar)) AS AbatElapsedTime,
J.StateText AS AbatStatus,
I.QueueName AS AbatQueName,
J.JobLogFile AS AbatLogFile
FROM ActiveBatch.dbo.Instances AS I
JOIN ActiveBatch.dbo.Jobs AS J ON I.ID = J.JobID
JOIN ActiveBatch.dbo.LiteObjects AS L ON I.TemplatePID = L.ID
WHERE (
DATEPART(year,I.BeginExecutionTime) = DATEPART(year,GETDATE()) AND
DATEPART(month,I.BeginExecutionTime) = DATEPART(month,GETDATE()) AND
DATEPART(day,I.BeginExecutionTime) = DATEPART(day,GETDATE()) AND
DATEPART(hour,I.BeginExecutionTime) = DATEPART(hour,GETDATE()) AND
DATEPART(minute,I.BeginExecutionTime) >= DATEPART(minute,GETDATE() -15)
)
AND J.StateText IN ('Succeeded','Failed','Canceled')
AND I.ID != I.BatchID
ORDER BY I.BeginExecutionTime DESC
... View more