1st Query :
StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" HasError__c=false Transaction_Log__c="*"
| eval message = "200andNo matching records were found"
| where l...
See more...
1st Query :
StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" HasError__c=false Transaction_Log__c="*"
| eval message = "200andNo matching records were found"
| where like(_raw,"%".message."%")
| append
[search StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" Transaction_Log__c="*"
| eval message = "400andDealer Code provided is invalid"
| where like(_raw,"%".message."%")]
| append
[search StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" Transaction_Log__c="*"
| eval message = "400andDealer Type provided is invalid"
| where like(_raw,"%".message."%")]
| append
[search StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" Transaction_Log__c="*"
| eval message = "400andNo Dealer Code was provided"
| where like(_raw,"%".message."%")]
| append
[search StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" Transaction_Log__c="*"
| eval message = "400andNo Dealer Type was provided"
| where like(_raw,"%".message."%")]
| append
[search StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" Transaction_Log__c="*"
| eval message = "400andInvalid input data"
| where like(_raw,"%".message."%")]
| append
[search StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" Transaction_Log__c="*"
| eval message = "500andCannot deserialize request body"
| where like(_raw,"%".message."%")]
| append
[search StoreManagementAPI index=b2cforce sourcetype="sfdc:exception_log__c" ErrorCode__c=500 Interface_Name__c=StoreManagementAPI
| eval message = "Unexpected character"
| where like(_raw,"%".message."%")]
| append
[search StoreManagementAPI index=b2cforce sourcetype="sfdc:exception_log__c" ErrorCode__c=500 Interface_Name__c=StoreManagementAPI
| where Error_Description__c != "Unexpected character ('}' (code 125)): was expecting double-quote to start field name at [line:4, column:6]"
| table _time,Error_Description__c
| rename Error_Description__c as message]
| timechart span=30m count by message
| eval eval threshold = 25
2nd query :
StoreManagementAPI index=b2cforce sourcetype="*" "attributes.type"="*"
| stats count(sourcetype) as total_events
| where total_events > 480
3rd query :
StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" Transaction_Log__c="*"
| eval _raw= Transaction_Log__c
| rex max_match=0 "timestamp[[:punct:]]+(?<timestamp>[^\\\"]+)"
| eval first_timestamp=mvindex(timestamp,0), last_timestamp=mvindex(timestamp, -1)
| eval first_ts = strptime(first_timestamp, "%Y-%m-%dT%H:%M:%S.%3N%Z"), last_ts = strptime(last_timestamp, "%Y-%m-%dT%H:%M:%S.%3N%Z")
| eval diff = last_ts - first_ts
| stats avg(diff) as average