Need some advice on a search. I have a logfile that clearly states starting and finishing tasks for each of the Batch Process jobs that run. There are ~70 different batch process jobs which are clearly displayed in each event **(bold in my examples below) ** that need to be checked to ensure they start and finish properly.
2016/04/13 16:52:44.740 INFO s-------- Batch Process '**ScheduleBillingPayment**_ThreadedTrigger' starting
2016/04/13 16:55:42.539 INFO s-------- Batch Process '**SchedulBillingPayment**_ThreadedTrigger' finished
Does anyone have an idea of how i can detect when any job doesn't successfully start and finish within a rolling 7 minute window?
I was thinking about using the `|transaction` command and searching the field_match_sum field, but I'm not sure it will be reliable enough.
Here is what I am working with, but may be way off:
sourcetype=batchprocesses Batch Process starting OR finished | rex "Batch\sProcess\s\'(?\w+)\'\s(?\w+)" | transaction Trigger startswith=starting endswith=finished | table Trigger, Status, duration
Thoughts? Suggestions? Thanks! Jeremy
↧