-
7 years, 2 months ago
vitaliy posted an update
Hello Everybody,
We are in the process of setting up Splunk for monitoring TIBCO BW and EMS. I am new to Splunk and would like to get some guidance. Where do I start if I want to accomplish the following?
• Given a list of jobs
• drill into a job to get a list of start events
• drill into a start event to get all the related end-to-end logs grouped by BW process (bwproc=)For example: Job 2580 is started on the PI publisher, which publishes a message that gets picked up by the Subscriber. The steps would look something like:
1) A “start” event is logged for job_id=2580.
2) The event has a unique businessworks process ID “bwpid=748306” that ties all the log entries for that event and process.
3) One of these log entries is a “bwevent=JMSMessageSent” containing the JMS message id “jmsmsgid=ID:EMSPRD03.549C5ABD23973ADF:10670”
4) Use this JMS message ID to pull the info and payload (ID-EMSPRD03.549C5ABD23973ADF-10670-body.xml, ID-EMSPRD03.549C5ABD23973ADF-10670-header.txt)
5) We also use the JMS message ID to find all the downstream processes that consume the message.
6) Grab all the log entries for these and their related “bwpid=####”
