Đang Thực Hiện

splunk query

I need to create an alert which will prompt whenever "reason": "LOCKED" appears more than 15% in previous 1 hour. checks to be made every 10m. this should happen only for "operation":"ENROLL" and "operation":"BIND"

i have this query which gives me the locked transactions but if I combine it with operation:BIND or ENROLL then I dont get any results even though the application is throwing logs for these.

index=abc cf_app_name="stack-overflow" "reason": "LOCKED" AND "operation":"ENROLL"

below is the sample log

{

"id": "c90f975cb368",

"source": {

"domain": "ABC",

"version": "1.0.0",

"environment": "stage"

},

"namespace": "a.b.c",

"resource": "CARD",

"operation": "ENROLL",

"state": "FAILED",

"tags": ["kpi"],

"createTime": 156898900,

"context": {

"correlationId": "0-6093d36"

},

"data": {

"dpaData": {

"dpaId": "1d457051052e71730e71cc5a",

"srctId": "526e1bcf-ca6ce85ee9cb",

"durbinRights": false

},

"dcfData": {},

"srciData": {

"srcId": "526e1ca6ce85ee9cb",

"name": "mcd

},

"appInstanceData": {

"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36",

"abcdefghijklmnopqrstuvwxyz\"}",

"remoteIpAddress": "[login to view URL]",

"httpXForwardedFor": "[login to view URL]"

},

"authenticationData": {

"expiration": false,

"authenticationResult": {

"reason": "LOCKED"

},

"emailVerified": false,

"phoneVerified": false

},

"consumerData": {},

"error": {

"reason": "LOCKED",

"message": "Access is denied to the requested resource. The user account has been locked., card locked time: [166898828]",

"http-response-code": "400"

}

}

}

I just need the query which will give the events where "reason": "LOCKED" under the field error appears along with "operation": "ENROLL"

Kĩ năng: Splunk

Xem nhiều hơn: wordpress custom query sort field, show image field content query web part, content query web part custom date field, sharepoint query database custom field, can show image field content query webpart, sharepoint webpart content query custom field, start time field content query web part, wordpress query posts sort custom field, sharepoint image field content query web part, mysql query field name uploading jpeg, access send data query field form, input field query javascript, query post sort custom field, sql query update password field password reset password, wordpress query custom date field, sql query field, sort query calculated field, https www html 5 youtube com results search_query gilang&spfreload 10, sql query get group field that has all active items, write a pascal programming that compute mr x having a gross pay of 23564.99 after deducting 6.13 for social security of 23.5 for

Về Bên Thuê:
( 0 nhận xét ) Bangalore, India

ID dự án: #20816049

Được trao cho:

suganyaNedumaran

HI , I have a good experience in splunk query , dashboards & app development ,i can help you in completing this..............................

$12 USD / giờ
(0 Đánh Giá)
0.0

4 freelancer đang chào giá trung bình $12/giờ cho công việc này

Splunker

Hello , I can help you in completion of task. I am certified Splunk Architect and having 7 year of experience in Splunk.

$13 USD / giờ
(0 Nhận xét)
0.0
lalith5555

I am a splunk Developer and an admin with 3 years of professional expertise. I am well versed with creation of complex logics using splunk processing language.

$12 USD / giờ
(0 Nhận xét)
0.0
Aminian

Hello Hello I accomplished Senior Java Developer for 9 years specializing object-oriented and microservices architectures to web/enterprise, application design and development. Extensive background in back-end develop Thêm

$10 USD / giờ
(0 Nhận xét)
0.0