I have logs loaded to splunk, I created few alerts to send the error email notifications
till this it is working fine.., only one bottleneck here is they don't want whole error msg
in the email instead then need only meaning ful msg say example:"error_Num:4006 "Duplicate
document created" like this.., before that error_Num:4006 "this is occurred due to the user created
a document with the same name at logs c:/apps/oop"
I created a .csv file and uploaded with 2 perameters:
Error_num, Desc
4006,Duplicate document created
9002,Invalid login
When i user in the serach as |Inputlookup Error_num Outputlookup Desc
this is not working .., pls help in this
... View more