...
The event will look like this in Splunk:
SAP Navigation
Field Mapping
The field mapping between the data from SAP and values in Splunk can be seen in the table below:
...
Field
...
Description
...
Unit of Measure
...
CURRENT_TIMESTAMP
...
The date time stamp when the information was collected
...
YYYYMMDDHHMMSS
...
EVENT_SUBTYPE
...
String
...
EVENT_TYPE
...
TABLE_COUNT
...
String
...
UTCDIFF
...
The UTC OFFSSET in HHMMSS that the data was collected in
...
HHMMSS
...
UTCSIGN
...
The UTC positive or negative OFFSET indicator. Positive (+) means add UTCDIFF to find the time zone of the data, negative (-) means subtract the UTCDIFF to find the time zone adjusted date time the data was collected in.
...
+ | -