Current Result With above query

harishnpandey · ‎10-12-2018

How do I add meaningful labels to error codes?

index=akamai_pi_prod   message.reqHost=*rpama* message.status IN ("200","201","204","206","302","304","403","404","500","502")|rename message.status="200" as "200-Success"| chart count by message.reqHost,message.status

Current Result With above query

message.reqHost 200 206 304 502

xyz.com 12568 23000 100 56

Expected Result:

message.reqHost 200-Succes 206 -Partial Content 304-Cache 502-Bad Gateway

xyz.com 12568 23000 100 56

Appreciate your help on this

Thanks,
Harish

bcyates · ‎10-12-2018

Eval is your friend. Try this:

index=akamai_pi_prod message.reqHost=rpama message.status IN ("200","201","204","206","302","304","403","404","500","502") | eval Status=case(message.status == 200, "Success", message.status == 206, "Partial Content", message.status == 304, "Cache", message.status == 502, "Bad Gateway", true(), "Unknown") | stats count by message.reqHost,Status

harishnpandey · ‎10-12-2018

Current Query :

index=akamai_pi_prod message.reqHost=rpama message.status IN ("200","201","204","206","302","304","403","404","500","502")|chart count by message.reqHost,message.status

Vijeta · ‎10-12-2018

You can do in Settings->fields->CalculatedFields

harishnpandey · ‎10-12-2018

No, I dont have access to Splunk configurations so I have to manage with Splunk query only

Vijeta · ‎10-12-2018

Do the rename for each status code after the chart command-

 chart count by message.reqHost,message.status| rename "200" as "Success_200", 206 as "206-Partial" ....

How do I add meaningful labels to error codes?

Current Result With above query

xyz.com 12568 23000 100 56

Expected Result:

xyz.com 12568 23000 100 56

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?

How do I add meaningful labels to error codes?

Current Result With above query

xyz.com 12568 23000 100 56

Expected Result:

xyz.com 12568 23000 100 56

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard