Trying to find out the top 10 values from different host long_message index functionality..
So tried like index=* "error" OR "FAIL" OR "fatal"| stats values (functionality) values(correlatioid) values(loan_num) values(host) count by log_message | sort -count
So it is showing top errors with functionality host loan_num details for each and every error.
My requirement is i want achieve top errors count from particular host or fuctionality..
It is showing like
Let's say If the Abc functionality has more errors.. in the table it should give the count of Abc along with percentage among all the obtained errors..
Abc- 109 98% amoung
Xyz - 1 1%
123 1 1%
Similarly i want see the top errors causing from different sources..
index=* "error" OR "FAIL" OR "fatal" | stats values(functionality) values(correlatioid) values(loan_num) values(host) count by log_message | sort - count
index=* "error" OR "FAIL" OR "fatal" | top functionality
how it will show the count for each row in functionality column?
How can we compare these values by log messages?
Let's say there is an error 501..
I need table like this..
Log_message. Functionality: host:
Error-501 abc 98 98%. Bjk500. 70 70%
Xyz 01 1%. Bjk400. 20 20%
123 01 1%. Bjk300. 10 10%
Like that we want correlate all sources with the specifyerror..
I don't know the details of your logs.
so , I can't create query.