I have multiple fields with different values (error messages) from the same log. I am trying to get a count per field, per value. I want this to be displayed if count is >2 in a set time period(1m) in a panel of my dashboard.
index=? Field1=500 OR Field2="Server Error*" OR Field2="TIMEOUT*" OR Field3="authorize" |stats count by Field, Field1, Field2, Field3, Field4, Field5, Field6, |where count>2
Can anyone help... Thanks
... View more