Solved: Why can't I use trellis with mstats?

robertlynch2020 · ‎07-20-2022

I have a basic SPL using mstat but I can't use treills with it? Any ideas why I can't select "severity"

| mstats count("mx.process.logs") as count WHERE "index"="murex_metrics"  BY severity

robertlynch2020 · ‎08-17-2022

in the end i needed to add a stats to the end of my SPL to get this to work

| mstats count("mx.process.logs") as count WHERE "index"="murex_metrics" mx.env=dell967srv.scz.murex.com:15016 BY severity
| rename count as ErrorCount
| rename severity as lvl
| stats sum(ErrorCount) as Count by lvl
| sort - ErrorCount

View solution in original post

robertlynch2020 · ‎08-17-2022

in the end i needed to add a stats to the end of my SPL to get this to work

| mstats count("mx.process.logs") as count WHERE "index"="murex_metrics" mx.env=dell967srv.scz.murex.com:15016 BY severity
| rename count as ErrorCount
| rename severity as lvl
| stats sum(ErrorCount) as Count by lvl
| sort - ErrorCount

Why can't I use trellis with mstats?

using Splunk Enterprise

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...