Hi,
i have messages like this how to setup an alert if ack message is not available in the logs for particular req.
and between req and rsp is more than 30 sec i need to setup an one more alert.
my logs like this:
2017-03-10 15:56:42.056 [WMQJCAResourceAdapter : 1] [INFO ] [DCN 0201706380692310C] SplunkLog - CorrelationID=000001806003698150190841, DCN=0201706380692310C, TransactionTimestamp=2017-03-10 15:56:37.742, GroupNumber =000Y69HB3, ServiceLinecount=4, SectionNumber=0008, CorporateEntityCode=OK1, ClaimType=0, VendorName=VERSCEND, VendorCode=CVP, TransactionCode=RSP, UtilizationAmount=3.75
2017-03-10 15:56:39.003 [WMQJCAResourceAdapter : 6] [INFO ] [DCN 0201706380692310C] SplunkLog - CorrelationID=000001806003698150190841, DCN=0201706380692310C, TransactionTimestamp=2017-03-10 15:56:39.002, GroupNumber =000Y69HB3, ServiceLinecount=4, SectionNumber=0008, CorporateEntityCode=OK1, ClaimType=0, VendorName=VERSCEND, VendorCode=CVP, TransactionCode=ACK, OutCome=C, Messagetext=ACCEPTED
2017-03-10 15:56:36.939 [WMQJCAResourceAdapter : 1] [INFO ] [DCN 0201706380692310C] SplunkLog - CorrelationID=000001806003698150190841, DCN=0201706380692310C, TransactionTimestamp=2017-03-10 15:56:36.939, GroupNumber =000Y69HB3, ServiceLinecount=4, SectionNumber=0008, CorporateEntityCode=OK1, ClaimType=0, VendorName=VERSCEND, VendorCode=CVP, TransactionCode=REQ
↧