Hi Guys, Thanks in Advance. I am using transaction command to fetch unique correlationId and i have multiple conditions to be match.below is my query .I am getting result.But not in proper way ...
See more...
Hi Guys, Thanks in Advance. I am using transaction command to fetch unique correlationId and i have multiple conditions to be match.below is my query .I am getting result.But not in proper way index="mulesoft" (message="API: START: /v1/fin_outbound") OR
(message="API: START: /v1/onDemand") OR (message="API: START: /v1/fin_Import") OR (message="API: START: /v1/onDemand") OR (*End of GL-import flow*) OR (tracePoint="EXCEPTION") OR (priority="WARN" AND *GLImport Job Already Running, Please wait for the job to complete*) OR (*End of GL Import process - No files found for import to ISG*) |transaction correlationId | search NOT message IN ("API: START: /v1/fin_Zuora_GL_Revpro_Journals_outbound")|rename content.File.fid as "TransferBatch/OnDemand" content.File.fname as "BatchName/FileName" content.File.fprocess_message as ProcessMsg content.File.fstatus as Status content.File.isg_file_batch_id as OracleBatchID content.File.total_rec_count as "Total Record Count"|eventstats min(timestamp) AS Start_Time, max(timestamp) AS End_Time by correlationId| eval JobType=case(like('message',"%API: START: /v1/onDemand%"),"OnDemand",like('message',"%API: START: /v1/onDemand%"),"OnDemand",like('message',"API: START: /v1/fin_Import"),"Scheduled")| eval Status=case(like('Status' ,"%SUCCESS%"),"SUCCESS", like('Status',"%ERROR%"),"ERROR",like('tracePoint',"%EXCEPTION%"),"ERROR",like('priority',"%WARN%"),"WARN",like('message',"%End of GL Import process - No files found for import to ISG%"),"ERROR")| eval ProcessMsg= coalesce(ProcessMsg,message)
| eval StartTime=round(strptime(Start_Time, "%Y-%m-%dT%H:%M:%S.%QZ"))
| eval EndTime=round(strptime(End_Time, "%Y-%m-%dT%H:%M:%S.%QZ"))
| eval ElapsedTimeInSecs=EndTime-StartTime
| eval "Total Elapsed Time"=strftime(ElapsedTimeInSecs,"%H:%M:%S")
|rename Logon_Time as Timestamp
|table Status Start_Time JobType "TransferBatch/OnDemand" "BatchName/FileName" ProcessMsg OracleBatchID "Total Record Count" ElapsedTimeInSecs "Total Elapsed Time" correlationId|fields - ElapsedTimeInSecs | search Status="*" Screen shot added in that i want to show only yellow marked values