Solved: Why can't I use trellis with mstats?

robertlynch2020 · ‎07-20-2022

I have a basic SPL using mstat but I can't use treills with it? Any ideas why I can't select "severity"

| mstats count("mx.process.logs") as count WHERE "index"="murex_metrics"  BY severity

robertlynch2020 · ‎08-17-2022

in the end i needed to add a stats to the end of my SPL to get this to work

| mstats count("mx.process.logs") as count WHERE "index"="murex_metrics" mx.env=dell967srv.scz.murex.com:15016 BY severity
| rename count as ErrorCount
| rename severity as lvl
| stats sum(ErrorCount) as Count by lvl
| sort - ErrorCount

View solution in original post

robertlynch2020 · ‎08-17-2022

in the end i needed to add a stats to the end of my SPL to get this to work

| mstats count("mx.process.logs") as count WHERE "index"="murex_metrics" mx.env=dell967srv.scz.murex.com:15016 BY severity
| rename count as ErrorCount
| rename severity as lvl
| stats sum(ErrorCount) as Count by lvl
| sort - ErrorCount

Why can't I use trellis with mstats?

using Splunk Enterprise

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

Are you a member of the Splunk Community?

Why can't I use trellis with mstats?

using Splunk Enterprise

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!