and more in a single search tool across platforms. Read the announcement here. |
07/05/2023 08:29 AM
Hi,
We have Splunk ingesting logs currently, following https://docs.saviyntcloud.com/bundle/EIC-Admin-v2020x/page/Content/Chapter20-EIC-Integrations/Saviyn... but those logs are only for the actions taken by users. Is there an SQL query we could leverage to get alerts on provisioning tasks, specifically ones that error out?
Any documentation on such would be appreciated.
07/05/2023 11:50 AM
You can create a runtime analytics for the same, similar to the one you use for ingesting application audit logs to Splunk.
It's just that Splunk team needs to create a new input on their side to pull the data from new analytics as well.
Example: To pull the tasks that are pending & provisioning job tried to process more than 3 times but failed for the past x days. X is timeFrame here and Splunk input can be configured in such a way to grab the data as per the needed timeframe. You can alter the query as needed for your usecase.
SELECT taskkey,
accountkey,
accountname,
comments,
startdate,
enddate,
source,
status,
tasktype,
taskdate,
updatedate
FROM arstasks
WHERE taskdate > Now() - interval ${timeFrame} day
AND provisioningtries >=3
AND status=1
Hope this helps!
-Siva
07/05/2023 12:30 PM
Thank you Siva, I will connect with our Splunk team and try this as a solution.