Skip to main content
 
 
Splunk Lantern

PO Monitoring: Order change monitoring

 

This article show you how to ensure that any order changes (EDI 860) are properly transmitted and acknowledged by the supplier. This is a key performance indicator for companies that need to monitor purchase order (PO) lifecycles. PO monitoring plays a critical role in maintaining effective communication and coordination between buyers and suppliers, ensuring that all parties are aligned and informed throughout the process, and enhancing overall supply chain visibility. A proactive approach minimizes the risk of errors or delays, enabling businesses to maintain efficient operations and uphold customer satisfaction.

KPI search example

In dynamic supply chain operations, purchase orders might need to be modified due to changes, communicated via EDI 860 (Order Change Request), in production schedules, inventory levels, or other factors. Ensuring that suppliers acknowledge these changes helps avoid confusion and potential miscommunication that could result in delayed or incorrect deliveries.

You can monitor for unacknowledged order changes or inconsistencies between the original and modified purchase orders. Missing acknowledgments of order changes might indicate that the supplier has not received or processed the updates.

In Splunk SPL, you can extract additional fields from the raw data to identify the original purchase order (PO) item and any modifications made through a change order. By using the _raw field, which contains the entire event data, you apply a regex to parse the po_item from the EDI 850 (Purchase Order) and the po_change_item from the EDI 860 (Order Change Request). These events are then merged based on the transaction ID and EDI code, allowing you to track both the original order details and any subsequent changes together.

index=supply_chain_edi sourcetype="edi:x12" edi_code IN (860, 850, 997)
| rex field=_raw max_match=100 "(?P<po_item>PO1\|[^\~]*)~"
| rex field=_raw max_match=100 "(?P<po_change_item>POC\|[^\~]*)~"
| table _time edi_ack_status edi_buyer edi_code edi_code_ack edi_cont_num edi_date edi_flag edi_requestor edi_responder edi_seller edi_sequence edi_time edi_tr_id edi_type po_item po_change_item
| eval edi_ack_status_combo=edi_code+"-"+edi_code_ack+"-"+edi_ack_status 
| eval edi_code_groupby=if(isnull(edi_code_ack), edi_code, edi_code_ack) 
| eval edi_code_groupby=if(edi_code_groupby=="860", "850", edi_code_groupby) 
| stats last(_time) AS _time, last(edi_requestor) AS edi_requestor, last(edi_responder) AS edi_responder, first(edi_code) AS edi_type, values(edi_code) AS edi_code, last(edi_ack_status) AS edi_ack_status, values(po_item) AS po_item, values(po_change_item) AS po_change_item BY edi_tr_id edi_code_groupby
| search po_change_item=*

The result of the search displays all transactions that include a change order. With this analysis, you can also identify transaction requests without acknowledgments or spot any discrepancies.

With the order changes surfaced in this sample analysis, you can gain several valuable insights from the processed events. For example:

  • Which suppliers are associated with order changes
  • What specific items are being changed and by how much
  • Whether there are any order change requests that have not been processed
  • The total quantity of the changes

image3.png

Search explanations

Splunk search Explanation
index=supply_chain_edi sourcetype="edi:x12" edi_code IN (860, 850, 997) Select EDI X12 data by selecting sourcetype of edi:x12. Add the search for Change Order EDI 860. 
| rex field=_raw max_match=100 "(?P<po_item>PO1\|[^\~]*)~" Parse PO item information from EDI 850.
| rex field=_raw max_match=100 "(?P<po_change_item>POC\|[^\~]*)~" Parse PO change item information from EDI 855.
| table _time edi_ack_status edi_buyer edi_code edi_code_ack edi_cont_num edi_date edi_flag edi_requestor edi_responder edi_seller edi_sequence edi_time edi_tr_id edi_type po_item po_change_item Format the relevant fields into a table.
| eval edi_ack_status_combo=edi_code+"-"+edi_code_ack+"-"+edi_ack_status
| eval edi_code_groupby=if(isnull(edi_code_ack), edi_code, edi_code_ack)
| eval edi_code_groupby=if(edi_code_groupby=="860", "850", edi_code_groupby)
Create a new evaluated field edi_ack_status_combo that combines edi_code, edi_code_ack, edi_ack_statusfield. Use another evalcommand to create edi_code_groupby field to join all EDI events with EDI 997 acknowledgment events.
| stats last(_time) as _time, last(edi_requestor) as edi_requestor, last(edi_responder) as edi_responder, first(edi_code) as edi_type, values(edi_code) as edi_code, last(edi_ack_status) as edi_ack_status, values(po_item) as po_item, values(po_change_item) as po_change_item by edi_tr_id edi_code_groupby

Join all EDI events with EDI 997 (acknowledgment) events into a single event. A successfully joined event will have EDI edi_ack_status field that indicates there was a matching pair of EDI with EDI acknowledgment.

Events with null values in edi_ack_status means that there's no matching pair of EDI acknowledgments. Events with successfully joined EDIs have “A”, “E”, “R” flags indicating their status.

Add a time element into search, the first time of the event matched.

| search po_change_item=* Filter for analyzed results with PO change item field populated. This line assumes the event with po_change_item is the transaction with PO item changes.

Next steps

When you have this search running in your Splunk platform, return to the Monitoring purchase order lifecycles use case to learn how to share the results with stakeholders and to find other KPIs you might want to measure. You can also review the Supply Chain Optimization Solution Accelerator for more great use cases to help you use the Splunk platform to be successful in your supply chain operations.