Hello everyone,
I am trying to identify the resultant ERROR from a given event. My search is in italics bellow and an example event is shown thereafter:
*index="logs" process=beamCommonProcess
"Transitioned to Error State" OR "Timeslice:"
| sort _time*
2017-03-03 06:45:21,754 [ WARN] {Application Queue} (com.iba.tcs.beam.bds.devices.impl.gateway.rpc.ScanningControllerProxy) - ScanningController failure: NECU Transitioned to Error State
**NECU Error: [0x0] _SynchronizationSGCUTimeout : Timeslice: 13589 Submap: 4280
FCU Error: [0x0] _SynchronizationSGCUTimeout : Timeslice: 13589 Submap: 4280
RCU Error: [0x2] Threshold Violation : Timeslice: 13587 Submap: 4280
(Y_VOLT_SEC_FB: -0.243739 V MapThresholdLow: -1.047e-01 MapThresholdHigh: 1.782e-01)
SGCU Error: [0x10] _FilteringAbsolute : Timeslice: 13585 Submap: 4280
(MIN_CHARGE_PRIM: 1.386e-11 C AbsoluteThresholdLow: 1.955e-09 AbsoluteThresholdHigh: 2.000e-09)**
-----------------------------------------------------------------------------------------------------------------------------------------------------
Notice the section of the event that is in **BOLD**. There are four possible sources of the error: NECU Error, FCU Error, RCU Error, and SGCU Error. You'll notice the string "Timeslice" occurs for each of these lines. The root-cause is linked to the source with the LOWEST respective Timeslice. What I need to do is extract that line and identify the actual error name.
For the given example above, my desired output is "MIN_CHARGE_PRIM" because it has the lowest "Timeslice" value. Then I simply need to place that in a table by _time. That way I can see what type of error occurred and when.
Your help is much appreciated!
↧