I am trying to find missing stores from query 2 in the below script. However, it returns no results, or all results depending on the search. For the purposes of my search, I know the correct result is one. Can you please assist me in my evaluations to get what I'm seeking? I've beeing trying this for days now.
host=s*0004 Type=Information EventCodeDescription="A new process has been created" New_Process_Name="D:\\PublixPOS\\Bin\\PxPosEdwIF.exe" | dedup host | eval StoreCallEDW=substr(ComputerName,2,4) | search [ search index=mainframe host=MVSB* MFSOURCETYPE=SMF080 *CFT* DEFINE_RESOURCE="SUCCESSFUL_DEFINITION" | spath RESOURCE_NAME | search RESOURCE_NAME="EDWABP.V15.TLOG.DATA.*" | eval StoreonMainframe=substr(RESOURCE_NAME,29,4)] | table nodiff StoreEDWFile StoreonMainframe
↧