Solved: How to search for all banner messages?

richnavis · ‎03-29-2013

As part of understanding our end user experience, I'd like to create a search that tells me whenever splunk created a message that appeared as a banner message to end users. Is this possible?

martin_mueller · ‎03-29-2013

One place to start would be this:

index=_internal source="*web_service.log" raise

You'll get events for exceptions being raised, usually that's equivalent to a red error message. Off the top of my instance I don't see blue info messages being logged though.

View solution in original post

martin_mueller · ‎03-29-2013

One place to start would be this:

index=_internal source="*web_service.log" raise

You'll get events for exceptions being raised, usually that's equivalent to a red error message. Off the top of my instance I don't see blue info messages being logged though.

w531t4 · ‎04-24-2014

Is there a definitive way to do this? Including "usually" as part of the answer isn't good enough.

How to search for all banner messages?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts