application="MyApp" logger="LoggerName" message="*some part of message*" | rex field=message ".part . (?The first section of the search (application="MyApp" logger="LoggerName" message="*some part of message*") represents the search terms in Splunk. The second portion is a regular expression (rex field=message ".part . (?\d+).*" | transaction id
This is a place to capture my thoughts and views on spirituality, software development, faith, technology, and family.
Wednesday, June 17, 2015
Splunk Searching and Grouping
I'm starting to play with Splunk searching. We process multiple large files every night as the bulk of our work. Our system writes numerous log messages during this processing activity. Every file processed gets a unique identifier. I needed to sort through these logs and group all entries for a given file together. Here is the search I used:
\d+).*") that is parsing a value out of the message field and giving it the name "id". The last part (transaction id), groups all of the records that are found with the search terms by the "id" value.
Sunday, June 7, 2015
Raspberry Pi as Google Cloud Print Server
I made my Raspberry Pi 2 into a Google Cloud Print server today. I wanted to capture the links I used to set this up.
There were two blog posts that I followed. The first thing I had to do was to add a printer to the Pi. This link walks you through the setup. Once the Pi knew about my printer, I could configure the Google Cloud Print service. This post walks you through that set up.
Subscribe to:
Posts (Atom)