Hi All,

I have a field in my data called 'message' ,which contain information about status of the field.I'd like categorizes files either success or failure files based on content of the field.For example the message contain multiple values like(success,processed,completed) then i want to label the corresponding file as success,if it contains like(failed,failure) i want to label as failure file.How to implement this using SPL query.Below query i tried but i am not getting properly.

index=mulesoft environment=DEV applicationName="Test"  
|stats values(content.FileName)  as Filename1  values(content.ErrorMsg) as  errormsg  values(content.Error) as error values(message) as message values(priority) as  priority min(timestamp) AS Logon_Time, max(timestamp) AS Logoff_Time BY  correlationId 
| eval SuccessFileName=case(match(message, "File put Succesfully*|Successfully created file data*|Archive file processed successfully*|Summary of all Batch*|processed successfully for file name*|SUCCESS") AND not match(priority,"ERROR|WARN"),FileName1,1=1,null()) 
| eval FailureFileName=case(match(message,"Failed to process file:"),FileName1,1=1,null()) |table SuccessFileName FailureFileName  Response  correlationId