...
The information displayed below will match the information that is passed to Splunk. Once the log file is specified in Metric Filters, the extractor is able to extract the timestamp from each line, so logs are pushed with timestamp metadata. For the rest test files, it will be text with a timestamp when the data was extracted (not the actual time, when entry is added in the log).
...
Field Mapping
The field mapping between the data from SAP and values in Splunk can be seen in the table below:
...
Field
...
Description
...
Unit of Measure
...
CURRENT_TIMESTAMP
...
The date time stamp when the information was collected
...
YYYYMMDDHHM
...
EVENT_SUBTYPE
...
String
...
EVENT_TYPE
...
LOGS
...
String
...
FILE_DATA
...
The data from the log file
...
String
...
FILE_NAME
...
The file name from which the log was extracted
...
String
...
FILE_PATH
...
The file path from which the log was extracted
...
String
...
INSTANCE_NAME
...
The instance name from which the log was extracted
...
String
...
SEQ_NUM
...
Sequence number of event in batch (populated when the log entry is split into few events)
...
Numeric
...
UTCDIFF
...
The UTC OFFSSET in HHMMSS that the data was collected in
...
HHMMSS
...
UTCSIGN
...
The UTC positive or negative OFFSET indicator. Positive (+) means add UTCDIFF to find the time zone of the data, negative (-) means subtract the UTCDIFF to find the time zone adjusted date time the data was collected in.
...
+ | -