See if this helps
index=error-data sourcetype=error:logs source=https://error:appliocation.logs
("logs started" "tarnsaction recevied") OR (" timeouterror" AND "failed logs confirmed ") OR (" application logs continuted")
[|inputlookup append=t errorlogs.csv where error=2
|fields host
|format]
| eval initialError=if(searchmatch("logs started" AND "tarnsaction recevied"),1,0)
| eval transLogs=if(searchmatch(" timeouterror" AND "failed logs confirmed "),1, 0)
| eval Failed=if(searchmatch(" application logs continuted"), 1,0)
|stats count(eval(initialError=1)) as "initial error logs ", count(eval(transLogs=1) as "logs in transactions", count(eval(failed=1) as "total failed"
---
If this reply helps you, Karma would be appreciated.
