Solved: Using the like operator for raw text

dadomor · ‎07-11-2017

Hi

Can someone help me with a query please. So I have a field called message which displays the following:

"message":"{\"Status\":\"HEALTHY\",\"Healthy\":[\"PasswordHealthCheck\"],\"Unhealthy\":[],\"Timestamp\":\"2017-07-11T14:08:08\",\"BuildNumber\":\"build-397-deploy-340\"}"

So far my query is like so:

index="css_dev_logs" service=Policebox | spath loggername | search loggername=HealthCheckService

how can I append add to it to say where message \"Healthy\":[\"PasswordHealthCheck\"]

Any help would be greatly appreciated

Thanks

Rob

richgalloway · ‎07-11-2017

Try this.

index="css_dev_logs" service=Policebox | spath loggername | search loggername=HealthCheckService | where like(message, "%\"Healthy\":[\"PasswordHealthCheck\"]%")

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎07-11-2017

Try this.

index="css_dev_logs" service=Policebox | spath loggername | search loggername=HealthCheckService | where like(message, "%\"Healthy\":[\"PasswordHealthCheck\"]%")

---
If this reply helps you, Karma would be appreciated.

dadomor · ‎07-12-2017

Thank you Rich

Using the like operator for raw text

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?