I recently setup Splunk Dashboard integrated with Tableau, when i run below mentioned query it gives me a count of successful extract for today.
host=TABLEAU splunk_server="ip-XX-XXX-X-XXX" "(XXXX,,,) pool-3-thread-1 : INFO com.tableausoftware.model.workgroup.service.VqlSessionService - Storing to repository: AAAAA_AAAAAAPrgExtensions/extract" | stats count.
But recently when the query ran it shows two results for same extract when it should be 1, also,if you see both the events closely even though it has a date of 09/27/2017 but inside it displays date_mday = 27 for the second query result date_mday = 26. What can i add to the query where it does not duplicate and display Today results
9/27/17
7:30:04.734 AM
2017-09-27 03:30:04.734 -0400 (XXXX,,,) pool-3-thread-1 : INFO com.tableausoftware.model.workgroup.service.VqlSessionService - Storing to repository: XXXXXXPrgExtensions/extract repoExtractId:17503 size:12572 (twb) + 758672090 (guid={XXXXXXX) = 758684662
date_mday = 27 date_month = september date_year = 2017 eventtype = nix-all-logs host = TABLEAU index = main linecount = 1 punct = --_::._-_(,,,)_---_:___....._-___:_/_:_:_()_+__(={ source = D:\Software\Tableau\Tableau Server\data\tabsvc\logs\backgrounder\backgrounder-1.log sourcetype = backgrounder/backgrounder-3 splunk_server = ip-XX-XXX-X-XXX unix_category = all_hosts unix_group = default
9/27/17
12:50:47.694 AM
2017-09-26 20:50:47.694 -0400 (XXXXX,,,) pool-3-thread-1 : INFO com.tableausoftware.model.workgroup.service.VqlSessionService - Storing to repository: XXXXXX/extract repoExtractId:17494 size:12521 (twb) + 758649674 (guid={XXXXXXXX5}) = 758662195
date_mday = 26 date_month** = september date_year = 2017 eventtype = nix-all-logs host = TABLEAU index = main linecount = 1 punct = --_::._-_(,,,)_---_:___....._-___:_/_:_:_()_+__(={ source = D:\Software\Tableau\Tableau Server\data\tabsvc\logs\backgrounder\backgrounder-1.log sourcetype = backgrounder/backgrounder-3 splunk_server = ip-10-168-2-185 unix_category = all_hosts unix_group = default
↧