27 Mar 2024 01:20 PM
Hello All,
I have few entries coming in dt.system.events which are coming from SNMP Generic Device extension and wanted to show in a dashboard like below:
IP | Status |
0.0.0.0 | ERROR |
1.1.1.1 | Successful |
The entries have all data but I am not able to use DQL Architect to extract information and show in dashboard. Check entries below:
Failed to assign monitoring configuration to ActiveGate. Reason: DEVICE_CONNECTION_ERROR:Status DEVICE_CONNECTION_ERROR (38) returned from 1 agents (0.0.0.0: Agent(0.0.0.0): GetBulk timout args: 1.3.6.1.2.1.1.5.0 : request timeout (after 3 retries) [status code=38]);
Host: 1.1.1.1 Query successful
Can someone please guide me how to get the table above from the entries shared. Any lead would be appreciated.
Solved! Go to Solution.
10 Apr 2024 06:46 PM - edited 10 Apr 2024 06:47 PM
You can use an additional field as a conditional for your "STATUS", something like this:
data record()
| parse content, "WORD:stringStart LD ipaddr:ipv4 LD"
| fieldsAdd Status=if(stringStart== "Failed", "ERROR", else:(if(
stringStart== "Host", "Succesful"
)))
| fieldsRemove stringStart
That'd be the case if you only have those two types of records, which are easy to parse.
Removing the unnecessary fields, and you'd get the result you wanted.
Let me know if it helps.
11 Apr 2024 12:46 PM
Thanks Eric. It helped. 😊