Thankyou Woodcock,
But I want it a consolidated one. that is one single alert. I have created one here. But i guess there is some error, because I am unable to get the result.
index=web environment=prdv sourcetype=access_combined_wcookie application=web-nonpci uri=/events-registration/* | stats count by error_rate | eval severity=if(error_rate>=5, "SL1",if(error_rate >15,"SL2",LOW)) | table error_rate, severity
This is the one which I have created. Could you please check this out if there is something that you can help me out?
Thanks
Sreekala
... View more