I have a log file with suppose keyword "Completed".
Now first thing I want to do in the search is , search for this keyword ("Completed") in the log file.
If the keyword is present , then it is not required to search anymore . But if it is not present , the search should trigger.
So, I want something like this : eval check= if(match(_raw, "%Completed%"), do nothing, trigger search)
Is it possible , something like this in Splunk ?
Let me elaborate :
my search will search for two keywords in the log file
1. Completed
2. Value
First it should check for "completed" , if it gets completed in the log file , it will come out of the loop and will not check the "value" printed in the log file.
If it does not gets "completed" , then only it will check for "value" and throw an alert based on the value.
... View more