We have logs in the following format[1]. We created a report with few fields like time, service, operation, method, principle, systemid and count.
But when ever a field is missing in the log, the report is not picking up the log to display it in the report.
[1]
2019-09-18T19:41:20.624+0000 INFO 855 com.l7tech.log.custom.splunk : -4: |https://apiqa.flatball.com/fmpsp2p/service|getReleaseInfo|SOAP|10.88.30.32|p2p_client_esmartct||87d19df99245|text/xml; charset=UTF-8
In the above example, the system id is missing and the report didnt pickup this log.
Query using for the report is as below
| pivot servicestrafficcaapimodel servicesapiqads count(servicesapiqads) AS count SPLITROW _time AS _time PERIOD day SPLITROW service AS service SPLITROW operation AS operation SPLITROW method AS method SPLITROW principal AS principal SPLITROW systemid AS systemid TOP 100 count(servicesapiqads) ROWSUMMARY 0 COLSUMMARY 0 SHOWOTHER 1 | SORT -_time
↧