Solved: By intersect, I am getting a list of hosts, but ho...

kartik13 · ‎03-09-2015

Hi,

By using intersect i got the list of hosts. now i want to to get the list of errors in those host. how can i achieve that .

NOUMSSI · ‎03-19-2015

Hi,

I also advice you to use a subsearch to filter the main query. this will look at this:

... [search index=name_of_your_index |stats count(error) by host]

Replace the ... by your main search

NOUMSSI · ‎03-19-2015

Hi,

I also advice you to use a subsearch to filter the main query. this will look at this:

... [search index=name_of_your_index |stats count(error) by host]

Replace the ... by your main search

gfuente · ‎03-09-2015

Hello

You can use a subsearch to filter the main query, leike this:

YourBaseSearchToFilterErrors [search YourIntersectSearchThatReturnsAListOfHosts] | any other commands

This will transalate into something like:

index=main "error" host=1 OR host=2 OR host=3 | other commands

Regards

By intersect, I am getting a list of hosts, but how can I use that list to get the count of errors per host?