IIS integrates really well with Visual Studio and TFS. I've tried appendcol, join, just haven't had any luck combining these two datasets. A big advantage that we use all the time is reviewing the logs that automatically get generated in IIS. Historically, if you were going to Splunk anything with a file header, like a CSV or IIS log, we attempted to take the file header, read in the field names, and create a props and transforms for you in the learned app using DELIMS. The configuration of this data input assumes the existence of an environment. What I'm trying to do is combine these two results on to one report, showing a bar chart for User1 and User2 comparing how many times they logged in via mobile (first query) and how many times they didn't (second query). Configure Splunk to forward logs to your ServiceNow instance using Syslog. This will return the amount of times those 2 users logged in NOT using mobile. index=myindex host=NAMEOFSERVER "POST" "" "/default.aspx" NOT "OAuth+MSAuthHost" 9.1.
Now, I have another search query that gives me data I'm looking for. This will return a chart, showing the amount of times those 2 users logged via mobile for a specific time period. On your search head, click Settings > Fields. If I run this search query, I get the data I'm looking for: index=myindex host=NAMEOFSERVER "POST" "" "/default.aspx" "OAuth+MSAuthHost"ĪND ("DOMAIN\\User1" OR "DOMAIN\\User2") | chart count by cs_username limit=0 The IIS logs contain two entries I'm curious about specifically. I searched splunk-base answers and I see a lot of people asking this same question. Hello, I'm trying to extract two types of data from IIS logs to sum up the login counts for a list of specific users. 08-07-2012 07:17 AM Hello I have a problem with IIS logs' timestamps (the common issue where the events are indexed as they are logged, in GMT, and show up 4-5 hours in the future, since I am in the US).
0 kommentar(er)
