Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Data Description

The LOGS event is used in SAP to view the work process trace file logs.

Potential Use Cases

This event could be used for the following scenarios:

  • Correlate batch job failures to the work process trace files.

  • Identify environment-wide concerns if work process cancel.

  • Alert on specific error messages in the environment.

Metric Filters

The metric filter for the LOGS extractor can be found by logging into the managed system and executing the /n/bnwvs/main transaction. Then go to Administrator → Metric Filters → Logs file filter.

From there you will be brought to the configuration screen for the LOGS extractor.

Below are the filter options and their associated definitions.

  • ASInstance - This field is optional. The instance from which the data will be extracted. If you would like to extract the data from all instances leave the field empty.

  • Path - This field is mandatory. The file path from which the data will be extracted.

  • File - The

  • Format - This field is optional.

  • File - This field is optional.

  • INCL/EXCL - This field is mandatory. The include or exclude option is used to include or exclude a value from data extraction. To include values that match the data extraction parameter please enter “I”. To exclude values that match the data extraction parameter please enter “E”.

  • Active - This field is mandatory. This checkbox can be used to enable and disable the data extraction. To enable the data extraction ensure that the checkbox is selected.

To enter a new filter value, select the add row option, and enter the values based on the options above. Save, and the data will be extracted.

Splunk Event

The event will look like this in Splunk:

SAP Navigation

Navigate to this data by using the [insert t-code used to access data]

[Insert screenshots showing the data from Splunk from each event, and how to navigate once in the t-code to show screens relevant to what data is extracted]

Field Mapping

The field mapping between the data from SAP and values in Splunk can be seen in the table below:

Field

Description

Unit of Measure

CURRENT_TIMESTAMP

The date time stamp when the information was collected

YYYYMMDDHHM

EVENT_SUBTYPE

String

EVENT_TYPE

LOGS

String

FILE_DATA

The data from the log file

String

FILE_NAME

The file name from which the log was extracted

String

FILE_PATH

The file path from which the log was extracted

String

INSTANCE_NAME

The instance name from which the log was extracted

String

SEQ_NUM

Numeric

UTCDIFF

The UTC OFFSSET in HHMMSS that the data was collected in

HHMMSS

UTCSIGN

The UTC positive or negative OFFSET indicator. Positive (+) means add UTCDIFF to find the time zone of the data, negative (-) means subtract the UTCDIFF to find the time zone adjusted date time the data was collected in.

+ | -

  • No labels