Not sure how to accomplish this and need some advice from the experts here.
I am working with data from a torque tool being fed into a kepware system and then into Splunk.
What happens first is I receive an event like below:
2016-06-13 21:02:36.579 +0000 Tag="Torque.Device1.VEHICLE IDENTIFICATION NUMBER.VIN1" Value="wiokdsk43" Quality="good"
This represents the ‘job’ that someone is working on. After this I receive a bunch of events like this:
2016-06-13 21:02:43.164 +0000 Tag="Torque.Device1.LAST TIGHTENING RESULTS.LTR_ANGLE_VALUE" Value="24" Quality="good"
2016-06-13 21:02:43.165 +0000 Tag="Torque.Device1.LAST TIGHTENING RESULTS.LTR_TORQUE_VALUE" Value="3.52999997" Quality="good"
2016-06-13 21:02:46.240 +0000 Tag="Torque.Device1.LAST TIGHTENING RESULTS.LTR_TORQUE_VALUE" Value="2.72000003" Quality="good"
It can be usually 5-10 more events before receiving another event identifying the next Vehicle Identification Number.
I need to be able to group together all events between Vehicle identification numbers as a single group/transaction so I can gather statistics and build visualizations for the specific ‘job’
Ideally I would like to be able to create a table of all last tightening results associated with a specific ‘job’
How do I accomplish this?
Thanks.
↧