What I would like to achive is a statistic like that:
hostname*: AIX abc- asdf PARTIAL - SVCA - 2
hostname*: AIX abc- asdf PARTIAL - SVCB - 1
service response error of 3 - SVCB -1
service response error of 3 - SVC -1
The values of the msg field arent known and cannot be predicted.
Is there any command/addon/performant way in SPL to do such a statistic based on some citeria like "at least 3 words in a field matching"?
thanks a lot for your tips!
Unfortunately I didnt phrase my question correctly.
The problem is that I dont know whats in the msg field. The lines above are just anonymised examples.
There are more than 500 different messages coming from various autonoumus monitoring systems where each individual admin could change a message any time.
Our main goal is to identify similar messages/events which are affecting more than one service.
For example similarity would mean to us at least 3 words are matching or 1 word matching and number of words are equal.