How to find out how many times each log row appear...

ilanaKarten0333 · ‎04-20-2022

Hi. I have log with different messages.

I want to understand which line appears the most times in the log.
Please help me

Here you can see example to 4 lines from the log:

'2022-04-14 05:11:53,833',SmartX.ControlUp.Client.CacheActivityListener,'[Connections#12]','DEBUG','[OnDBTransaction] IsEntityInBlackList: Entity= Processes blackList is empty.'

'2022-04-14 05:11:53,833',SmartX.ControlUp.Client.AlertsFactory,'[Observables#18]','INFO','GetInvokedTrigger ShouldBeInvoked ==> Session, for trigger id = 3cb3a80e-0d64-4585-a255-9c554d534deb, trigger name = AAS_Session State - Active to Idle - BLK'

'2022-04-14 05:11:53,848',SmartX.ControlUp.Client.AlertsFactory,'[Observables#18]','DEBUG','ExamineAdvancedTriggersInternal - ret is true, trigger was added, trigger id = 3cb3a80e-0d64-4585-a255-9c554d534deb, trigger name = AAS_Session State - Active to Idle - BLK'

'2022-04-14 05:11:53,833',SmartX.ControlUp.Client.CacheActivityListener,'[Connections#12]','DEBUG','[OnDBTransaction] IsEntityInBlackList: Entity= Processes blackList is empty.'

I want receive statistic data about each raw how many times it appears in the log. Of course in my log are much more than 4 different lines

Gr0und_Z3r0 · ‎04-20-2022

Hi @ilanaKarten0333

You'll have to first identify the key field/entity to get your statistics of events.
For example, your key fields could be "trigger name" or "IsEntityInBlackList: Entity" as seen from the above logs.

Once you identify the field you are interested to view the events for, use the "stats" command to get insights.
Example: | stats count by trigger_name

How to find out how many times each log row appears in the log?

metrics

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!