Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Get stats by error type

allladin101
Explorer
‎02-18-2015 07:19 PM

Hi,

I am trying to classify error messages based on a substring in the error message. Say suppose there are 10 errors, 3 of them have the substring "sever not reponding" to be shown in the stats as -'server error' and 5 have the substring "Timed Out" - to be shown in the stats as 'Time out error' and rest can be classified as 'others'.

Here is how i want to see the result:

error_type count

server error 3
Time out error 5
others 2

Can somebody help.

I have this basic query as of now:

index=whatever ERROR-XXXX action=* earliest=-10d@d latest=now|eval error=split(action,"error:")|eval error_type=mvindex(error,1)|stats count by error_type

above query does not work for me. 😞

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

pradeepkumarg
Influencer
‎02-18-2015 07:27 PM

index=whatever ERROR-XXXX action=* earliest=-10d@d latest=now | eval ERROR_TYPE= if(searchmatch("sever not reponding"), "Server Error", (if(searchmatch("Timed Out"),"Timed Out Error", "OTHER")))) | stats count by ERROR_TYPE

View solution in original post

Reply
Solved! Jump to solution
Solution

pradeepkumarg
Influencer
‎02-18-2015 07:27 PM

index=whatever ERROR-XXXX action=* earliest=-10d@d latest=now | eval ERROR_TYPE= if(searchmatch("sever not reponding"), "Server Error", (if(searchmatch("Timed Out"),"Timed Out Error", "OTHER")))) | stats count by ERROR_TYPE

View solution in original post

Reply
Get Updates on the Splunk Community!