Solved: Why can't I use trellis with mstats?

robertlynch2020 · ‎07-20-2022

I have a basic SPL using mstat but I can't use treills with it? Any ideas why I can't select "severity"

| mstats count("mx.process.logs") as count WHERE "index"="murex_metrics"  BY severity

robertlynch2020 · ‎08-17-2022

in the end i needed to add a stats to the end of my SPL to get this to work

| mstats count("mx.process.logs") as count WHERE "index"="murex_metrics" mx.env=dell967srv.scz.murex.com:15016 BY severity
| rename count as ErrorCount
| rename severity as lvl
| stats sum(ErrorCount) as Count by lvl
| sort - ErrorCount

View solution in original post

robertlynch2020 · ‎08-17-2022

in the end i needed to add a stats to the end of my SPL to get this to work

| mstats count("mx.process.logs") as count WHERE "index"="murex_metrics" mx.env=dell967srv.scz.murex.com:15016 BY severity
| rename count as ErrorCount
| rename severity as lvl
| stats sum(ErrorCount) as Count by lvl
| sort - ErrorCount

Why can't I use trellis with mstats?

using Splunk Enterprise

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 2)

Index This | I am a number but I am countless. What am I?

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience