Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Condition and Search string together not working

satyajit2007
Explorer
‎11-13-2020 09:24 AM

 

In Total_error Count , I want to add if the logs contains string like "exception", "failed", "error" ( Case Insensitive if possible ).  in addition to level=ERROR condition. 

 

 

index=myIndex sourcetype=mySourceType | 
timechart count as total_logs count(eval(level="INFO")) as total_info count(eval(level="WARN")) as total_warn count(eval(level="ERROR")  ) as total_error span=1h

 

 

 

Added those search criteria like this . did not work . 

count(eval(level="ERROR" OR ("Failed" OR "Exception" OR "Fatal")  )

 

The condition should be 

where level="ERROR" OR ( log like '%failed%' or log like '%Exception%')    ( case should not matter). 

Need your expert advise.

Labels (4)
Labels
Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-13-2020 10:16 AM

I replied to your previous message on this topic.  https://community.splunk.com/t5/Splunk-Search/Search-strings-and-conditions-together/m-p/529223/high...

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...