EDI: Monitoring acknowledgements

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

This article shows you how to build a search to track the receipt of acknowledgment documents (997) within a specified time frame after sending each transaction. This is a key performance indicator for companies that need to monitor electronic data interchange (EDI) transmission and acknowledgement. EDI plays a critical role in ensuring that data flows seamlessly across various stakeholders—suppliers, manufacturers, logistics providers, and retailers—without manual intervention. It is a core technology for automating supply chain processes. By continuously monitoring EDI transmissions and acknowledgments, businesses can proactively identify and resolve issues, ensuring smooth communication between systems and uninterrupted supply chain operations.

KPI search example

The following is an example of finding EDI 856 (Advance Ship Notice) sent that notifies the customer of a shipping order, where no acknowledgment has been received. This could mean that a supplier wants to send a shipment, but the customer was not expecting the shipment, which creates potential delays in shipment.

index=supply_chain_edi sourcetype="edi:x12" 
| table _time edi_ack_status edi_buyer edi_code edi_code_ack edi_cont_num edi_date edi_flag edi_requestor edi_responder edi_seller edi_sequence edi_time edi_tr_id edi_type 
| eval edi_ack_status_combo=edi_code+"-"+edi_code_ack+"-"+edi_ack_status
| eval edi_code_groupby=if(isnull(edi_code_ack), edi_code, edi_code_ack)
| stats last(_time) AS _time, last(edi_requestor) AS edi_requestor, last(edi_responder) AS edi_responder, first(edi_code) AS edi_type, list(edi_code) AS edi_code, last(edi_ack_status) AS edi_ack_status BY edi_tr_id edi_code_groupby
| search edi_code_groupby=856 NOT edi_ack_status=A

The search results show that EDI 856 ASNs have not been acknowledged by the receiver.

From the results, search for transactions that do not have the "A" (accepted) acknowledgment flag. You'll find transactions with either an empty acknowledgment status, "R" (retransmission), or "E" (errors). By using the stats or top command, you can quickly determine the total number of EDI transactions, categorized by their different acknowledgment statuses.

index=supply_chain_edi sourcetype="edi:x12" 
| table _time edi_ack_status edi_buyer edi_code edi_code_ack edi_cont_num edi_date edi_flag edi_requestor edi_responder edi_seller edi_sequence edi_time edi_tr_id edi_type 
| eval edi_ack_status_combo=edi_code+"-"+edi_code_ack+"-"+edi_ack_status
| eval edi_code_groupby=if(isnull(edi_code_ack), edi_code, edi_code_ack)
| stats last(_time) AS _time, last(edi_requestor) AS edi_requestor, last(edi_responder) AS edi_responder, first(edi_code) AS edi_type, list(edi_code) AS edi_code, last(edi_ack_status) AS edi_ack_status BY edi_tr_id edi_code_groupby
| search edi_code_groupby=856 NOT edi_ack_status=A
| eval edi_ack_status=case(isnull(edi_ack_status), "Not Received" , edi_ack_status)
| top edi_ack_status
| replace E with Error, R with Reject in edi_ack_status

The result of the top command displays the total number of EDI transactions with various acknowledgment statuses.

Use a pie chart visualization to clearly show the distribution of different acknowledgment statuses.

Search explanations

Splunk search	Explanation
`index=supply_chain_edi sourcetype="edi:x12"`	Select EDI X12 data by selecting source type of `edi:x12.`
`\| table _time edi_ack_status edi_buyer edi_code edi_code_ack edi_cont_num edi_date edi_flag edi_requestor edi_responder edi_seller edi_sequence edi_time edi_tr_id edi_type`	Format the relevant fields into a table.
`\| eval edi_ack_status_combo=edi_code+"-"+edi_code_ack+"-"+edi_ack_status \| eval edi_code_groupby=if(isnull(edi_code_ack), edi_code, edi_code_ack)`	Create a new evaluated field `edi_ack_status_combo` that combines `edi_code`, `edi_code_ack`, `edi_ack_status`field. Use another `eval`command to create `edi_code_groupby` field to join all EDI events with EDI 997 acknowledgment events.
`\| stats last(_time) AS _time, last(edi_requestor) AS edi_requestor, last(edi_responder) AS edi_responder, first(edi_code) AS edi_type, list(edi_code) AS edi_code, last(edi_ack_status) AS edi_ack_status BY edi_tr_id edi_code_groupby`	Join all EDI events with EDI 997 (acknowledgment) events into a single event. A successfully joined event will have EDI `edi_ack_status` field that indicates there was a matching pair of EDI with EDI acknowledgment. Events with null values in `edi_ack_status` means that there's no matching pair of EDI acknowledgments. Events with successfully joined EDIs have “A”, “E”, “R” flags indicating their status.
`\| search edi_code_groupby=856 NOT edi_ack_status=A`	Filter to select EDI transactions that hasn't received any acknowledgment or with flag “E” and “R” indicate processing problems. By using `NOT edi_ack_status=A`, you omit transactions with successful transmission status.
`\| eval edi_ack_status=case(isnull(edi_ack_status), "Not Received" , edi_ack_status)`	For data cleansing purposes, assign the value of `edi_ack_status` as `Not Received` if the value is null.
`\| top edi_ack_status`	Create aggregate statistics of `top edi_ack_status` to see the amount of transactions either not received, error, or reject state.
`\| replace E with Error, R with Reject in edi_ack_status`	Make the data easier to read, replacing E with Error and R with Reject.

Next steps

When you have this search running in your Splunk platform, return to the Monitoring electronic data interchange transmission and acknowledgement use case to learn how to share the results with stakeholders and to find other KPIs you might want to measure. You can also review the Supply Chain Optimization Solution Accelerator for more great use cases to help you use the Splunk platform to be successful in your supply chain operations.