En cours

splunk query

I need to create an alert which will prompt whenever "reason": "LOCKED" appears more than 15% in previous 1 hour. checks to be made every 10m. this should happen only for "operation":"ENROLL" and "operation":"BIND"

i have this query which gives me the locked transactions but if I combine it with operation:BIND or ENROLL then I dont get any results even though the application is throwing logs for these.

index=abc cf_app_name="stack-overflow" "reason": "LOCKED" AND "operation":"ENROLL"

below is the sample log

{

"id": "c90f975cb368",

"source": {

"domain": "ABC",

"version": "1.0.0",

"environment": "stage"

},

"namespace": "a.b.c",

"resource": "CARD",

"operation": "ENROLL",

"state": "FAILED",

"tags": ["kpi"],

"createTime": 156898900,

"context": {

"correlationId": "0-6093d36"

},

"data": {

"dpaData": {

"dpaId": "1d457051052e71730e71cc5a",

"srctId": "526e1bcf-ca6ce85ee9cb",

"durbinRights": false

},

"dcfData": {},

"srciData": {

"srcId": "526e1ca6ce85ee9cb",

"name": "mcd

},

"appInstanceData": {

"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36",

"abcdefghijklmnopqrstuvwxyz\"}",

"remoteIpAddress": "[login to view URL]",

"httpXForwardedFor": "[login to view URL]"

},

"authenticationData": {

"expiration": false,

"authenticationResult": {

"reason": "LOCKED"

},

"emailVerified": false,

"phoneVerified": false

},

"consumerData": {},

"error": {

"reason": "LOCKED",

"message": "Access is denied to the requested resource. The user account has been locked., card locked time: [166898828]",

"http-response-code": "400"

}

}

}

I just need the query which will give the events where "reason": "LOCKED" under the field error appears along with "operation": "ENROLL"

Compétences : Splunk

en voir plus : wordpress custom query sort field, show image field content query web part, content query web part custom date field, sharepoint query database custom field, can show image field content query webpart, sharepoint webpart content query custom field, start time field content query web part, wordpress query posts sort custom field, sharepoint image field content query web part, mysql query field name uploading jpeg, access send data query field form, input field query javascript, query post sort custom field, sql query update password field password reset password, wordpress query custom date field, sql query field, sort query calculated field, https www html 5 youtube com results search_query gilang&spfreload 10, sql query get group field that has all active items, write a pascal programming that compute mr x having a gross pay of 23564.99 after deducting 6.13 for social security of 23.5 for

Concernant l'employeur :
( 0 commentaires ) Bangalore, India

Nº du projet : #20816049

Décerné à:

suganyaNedumaran

HI , I have a good experience in splunk query , dashboards & app development ,i can help you in completing this..............................

$12 USD / heure
(0 Commentaires)
0.0

4 freelance font une offre moyenne de $12/heure pour ce travail

Splunker

Hello , I can help you in completion of task. I am certified Splunk Architect and having 7 year of experience in Splunk.

$13 USD / heure
(0 Commentaires)
0.0
lalith5555

I am a splunk Developer and an admin with 3 years of professional expertise. I am well versed with creation of complex logics using splunk processing language.

$12 USD / heure
(0 Commentaires)
0.0
Aminian

Hello Hello I accomplished Senior Java Developer for 9 years specializing object-oriented and microservices architectures to web/enterprise, application design and development. Extensive background in back-end develop Plus

$10 USD / heure
(0 Commentaires)
0.0